apache-frontend: update parts for monitoring
[slapos.git] / software / apache-frontend / instance-apache-frontend.cfg
1 [buildout]
2 parts =
3   directory
4   configtest
5   logrotate
6   cron
7   cron-entry-logrotate
8   ca-frontend
9   certificate-authority
10   logrotate-entry-apache
11   logrotate-entry-apache-cached
12   logrotate-entry-squid
13   apache-frontend
14   apache-cached
15   switch-apache-softwaretype
16   frontend-apache-graceful
17   cached-apache-graceful
18   squid-service
19   squid-prepare
20   squid-reload
21   promise-squid
22   dynamic-template-default-vh
23   not-found-html
24   promise-frontend-apache-configuration
25   promise-cached-apache-configuration
26   promise-apache-frontend-v4-https
27   promise-apache-frontend-v4-http
28   promise-apache-frontend-v6-https
29   promise-apache-frontend-v6-http
30   promise-apache-cached
31 ## Monitoring part
32 ###Parts to add for monitoring
33   certificate-authority
34   cron-entry-monitor
35   cron-entry-rss
36   deploy-index
37   deploy-settings-cgi
38   deploy-status-cgi
39   setup-static-files
40   certificate-authority
41   zero-parameters
42   public-symlink
43   cgi-httpd-wrapper
44   cgi-httpd-graceful-wrapper
45   monitor-promise
46   monitor-instance-log-access
47 ## Monitor for apache
48   monitor-current-log-access
49   monitor-backup-log-access
50 extends = ${monitor-template:output}
51
52
53 eggs-directory = ${buildout:eggs-directory}
54 develop-eggs-directory = ${buildout:develop-eggs-directory}
55 offline = true
56
57 # Create all needed directories
58 [directory]
59 recipe = slapos.cookbook:mkdirectory
60
61 bin = $${buildout:directory}/bin/
62 etc = $${buildout:directory}/etc/
63 srv = $${buildout:directory}/srv/
64 var = $${buildout:directory}/var/
65 template = $${buildout:directory}/template/
66
67 backup = $${:srv}/backup
68 log = $${:var}/log
69 run = $${:var}/run
70 service = $${:etc}/service
71 etc-run = $${:etc}/run
72 promise = $${:etc}/promise
73
74 logrotate-backup = $${:backup}/logrotate
75 logrotate-entries = $${:etc}/logrotate.d
76
77 cron-entries = $${:etc}/cron.d
78 crontabs = $${:etc}/crontabs
79 cronstamps = $${:etc}/cronstamps
80 ca-dir = $${:srv}/ssl
81
82 [switch-apache-softwaretype]
83 recipe = slapos.cookbook:softwaretype
84 single-default = $${dynamic-default-template-slave-list:rendered}
85 single-custom-personal = $${dynamic-custom-personal-template-slave-list:rendered}
86 single-custom-group = $${dynamic-custom-group-template-slave-list:rendered}
87
88 [instance-parameter]
89 # Fetches parameters defined in SlapOS Master for this instance.
90 # Always the same.
91 recipe = slapos.cookbook:slapconfiguration.serialised
92 computer = $${slap-connection:computer-id}
93 partition = $${slap-connection:partition-id}
94 url = $${slap-connection:server-url}
95 key = $${slap-connection:key-file}
96 cert = $${slap-connection:cert-file}
97 # Define default parameter(s) that will be used later, in case user didn't
98 # specify it
99 # All parameters are available through the configuration.XX syntax.
100 # All possible parameters should have a default.
101 configuration.domain = example.org
102 configuration.public-ipv4 =
103 configuration.port = 4443
104 configuration.plain_http_port = 8080
105 configuration.server-admin = admin@example.com
106 configuration.apache_custom_https = ""
107 configuration.apache_custom_http = ""
108 configuration.apache-key =
109 configuration.apache-certificate =
110 configuration.open-port = 80 443
111 configuration.extra_slave_instance_list =
112
113 [frontend-configuration]
114 template-log-access = ${template-log-access:target}
115 log-access-configuration = $${directory:etc}/apache-log-access.conf
116 apache-directory = ${apache-2.2:location}
117 apache-ipv6 = $${instance-parameter:ipv6-random}
118 apache-https-port = $${instance-parameter:configuration.port}
119
120 [monitor-current-log-access]
121 < = monitor-directory-access
122 source = $${directory:log}
123
124 [monitor-backup-log-access]
125 < = monitor-directory-access
126 source = $${directory:logrotate-backup}
127
128 [jinja2-template-base]
129 recipe = slapos.recipe.template:jinja2
130 rendered = $${buildout:directory}/$${:filename}
131 extra-context =
132 context =
133     import json_module json
134     key eggs_directory buildout:eggs-directory
135     key develop_eggs_directory buildout:develop-eggs-directory
136     key slap_software_type instance-parameter:slap-software-type
137     key slapparameter_dict instance-parameter:configuration
138     $${:extra-context}
139
140 [dynamic-template-default-vh]
141 < = jinja2-template-base
142 template = ${template-default-virtualhost:target}
143 rendered = $${apache-directory:slave-configuration}/000.conf
144 extensions = jinja2.ext.do
145 extra-context =
146     key http_port instance-parameter:configuration.plain_http_port
147     key https_port instance-parameter:configuration.port
148
149 [dynamic-custom-personal-template-slave-list]
150 < = jinja2-template-base
151 template = ${template-slave-list:target}
152 filename = custom-personal-instance-slave-list.cfg
153 extensions = jinja2.ext.do
154 extra-context =
155     key apache_configuration_directory apache-directory:slave-configuration
156     key http_port instance-parameter:configuration.plain_http_port
157     key https_port instance-parameter:configuration.port
158     key public_ipv4 instance-parameter:configuration.public-ipv4
159     key slave_instance_list instance-parameter:slave-instance-list
160     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
161     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
162     key custom_ssl_directory apache-directory:vh-ssl
163     key apache_log_directory apache-directory:slave-log
164     key local_ipv4 instance-parameter:ipv4-random
165     key cache_port apache-configuration:cache-port
166     raw empty_template ${template-empty:target}
167     raw template_slave_configuration ${template-slave-configuration:target}
168     raw template_rewrite_cached ${template-rewrite-cached:target}
169     raw software_type single-custom-personal
170     section logrotate_dict logrotate
171     section frontend_configuration frontend-configuration
172     section apache_configuration apache-configuration
173     section connection_information_dict publish-connection-informations
174
175 [dynamic-custom-group-template-slave-list]
176 < = jinja2-template-base
177 template = ${template-custom-slave-list:target}
178 filename = custom-group-instance-slave-list.cfg
179 extensions = jinja2.ext.do
180 extra-context =
181     key apache_configuration_directory apache-directory:slave-configuration
182     key domain instance-parameter:configuration.domain
183     key http_port instance-parameter:configuration.plain_http_port
184     key https_port instance-parameter:configuration.port
185     key public_ipv4 instance-parameter:configuration.public-ipv4
186     key slave_instance_list instance-parameter:slave-instance-list
187     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
188     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
189     key custom_ssl_directory apache-directory:vh-ssl
190     key template_slave_configuration dynamic-virtualhost-template-slave:rendered
191     key apache_log_directory apache-directory:slave-log
192     key local_ipv4 instance-parameter:ipv4-random
193     key cache_port apache-configuration:cache-port
194     raw empty_template ${template-empty:target}
195     raw template_rewrite_cached ${template-rewrite-cached:target}
196     raw software_type single-custom-group
197
198 [dynamic-default-template-slave-list]
199 < = jinja2-template-base
200 template = ${template-custom-slave-list:target}
201 filename = default-instance-slave-list.cfg
202 extensions = jinja2.ext.do
203 extra-context =
204     key apache_configuration_directory apache-directory:slave-configuration
205     key domain instance-parameter:configuration.domain
206     key http_port instance-parameter:configuration.plain_http_port
207     key https_port instance-parameter:configuration.port
208     key public_ipv4 instance-parameter:configuration.public-ipv4
209     key slave_instance_list instance-parameter:slave-instance-list
210     key extra_slave_instance_list instance-parameter:configuration.extra_slave_instance_list
211     key rewrite_cached_configuration apache-configuration:cached-rewrite-file
212     key custom_ssl_directory apache-directory:vh-ssl
213     key apache_log_directory apache-directory:slave-log
214     key local_ipv4 instance-parameter:ipv4-random
215     key cache_port apache-configuration:cache-port
216     raw template_slave_configuration ${template-default-slave-virtualhost:target}
217     raw empty_template ${template-empty:target}
218     raw template_rewrite_cached ${template-rewrite-cached:target}
219     raw software_type single-default
220 # XXXX Hack to allow two software types
221
222 [dynamic-virtualhost-template-slave]
223 <= jinja2-template-base
224 template = ${template-slave-configuration:target}
225 rendered = $${directory:template}/slave-virtualhost.conf.in
226 extensions = jinja2.ext.do
227 extra-context =
228     key https_port instance-parameter:configuration.port
229     key http_port instance-parameter:configuration.plain_http_port
230     key apache_custom_https instance-parameter:configuration.apache_custom_https
231     key apache_custom_http instance-parameter:configuration.apache_custom_http
232
233 # Deploy Apache Frontend (new way, no recipe, jinja power)
234 [dynamic-apache-frontend-template]
235 < = jinja2-template-base
236 template = ${template-apache-frontend-configuration:target}
237 rendered = $${apache-configuration:frontend-configuration}
238 extra-context =
239     raw httpd_home ${apache-2.2:location}
240     key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
241     key domain instance-parameter:configuration.domain
242     key document_root apache-directory:document-root
243     key instance_home buildout:directory
244     key ipv4_addr instance-parameter:ipv4-random
245     key ipv6_addr instance-parameter:ipv6-random
246     key http_port instance-parameter:configuration.plain_http_port
247     key https_port instance-parameter:configuration.port
248     key server_admin instance-parameter:configuration.server-admin
249     key protected_path apache-configuration:protected-path
250     key access_control_string apache-configuration:access-control-string
251     key login_certificate ca-frontend:cert-file
252     key login_key ca-frontend:key-file
253     key ca_dir  certificate-authority:ca-dir
254     key ca_crl certificate-authority:ca-crl
255     key access_log apache-configuration:access-log
256     key error_log apache-configuration:error-log
257     key pid_file apache-configuration:pid-file
258     key slave_configuration_directory apache-directory:slave-configuration
259     section frontend_configuration frontend-configuration
260
261 [apache-frontend]
262 recipe = slapos.cookbook:wrapper
263 command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-frontend-template:rendered} -DFOREGROUND
264 wrapper-path = $${directory:service}/frontend_apache
265 wait-for-files =
266                $${ca-frontend:cert-file}
267                $${ca-frontend:key-file}
268
269 # Deploy Apache for cached website
270 [dynamic-apache-cached-template]
271 < = jinja2-template-base
272 template = ${template-apache-cached-configuration:target}
273 rendered = $${apache-configuration:cached-configuration}
274 extra-context =
275     raw httpd_home ${apache-2.2:location}
276     key httpd_mod_ssl_cache_directory apache-directory:mod-ssl
277     key domain instance-parameter:configuration.domain
278     key document_root apache-directory:document-root
279     key instance_home buildout:directory
280     key ipv4_addr instance-parameter:ipv4-random
281     key cached_port apache-configuration:cache-through-port
282     key server_admin instance-parameter:configuration.server-admin
283     key protected_path apache-configuration:protected-path
284     key access_control_string apache-configuration:access-control-string
285     key login_certificate ca-frontend:cert-file
286     key login_key ca-frontend:key-file
287     key ca_dir  certificate-authority:ca-dir
288     key ca_crl certificate-authority:ca-crl
289     key access_log apache-configuration:cache-access-log
290     key error_log apache-configuration:cache-error-log
291     key pid_file apache-configuration:cache-pid-file
292     key apachecachedmap_path apache-configuration:cached-rewrite-file
293
294 [apache-cached]
295 recipe = slapos.cookbook:wrapper
296 command-line = ${apache-2.2:location}/bin/httpd -f $${dynamic-apache-cached-template:rendered} -DFOREGROUND
297 wrapper-path = $${directory:service}/frontend_cached_apache
298 wait-for-files =
299                $${ca-frontend:cert-file}
300                $${ca-frontend:key-file}
301
302 [not-found-html]
303 recipe = slapos.cookbook:symbolic.link
304 target-directory = $${apache-directory:document-root}
305 link-binary =
306             ${template-not-found-html:target}
307
308 [apache-directory]
309 recipe = slapos.cookbook:mkdirectory
310 document-root = $${directory:srv}/htdocs
311 slave-configuration = $${directory:etc}/apache-slave-conf.d/
312 cache = $${directory:var}/cache
313 mod-ssl = $${:cache}/httpd_mod_ssl
314 vh-ssl = $${:slave-configuration}/ssl
315 slave-log = $${directory:log}/httpd
316
317 [apache-configuration]
318 frontend-configuration = $${directory:etc}/apache_frontend.conf
319 cached-configuration = $${directory:etc}/apache_frontend_cached.conf
320 access-log = $${directory:log}/frontend-apache-access.log
321 error-log = $${directory:log}/frontend-apache-error.log
322 pid-file = $${directory:run}/httpd.pid
323 protected-path = /
324 access-control-string = none
325 cached-rewrite-file = $${directory:etc}/apache_rewrite_cached.txt
326 frontend-configuration-verification = ${apache-2.2:location}/bin/httpd -Sf $${:frontend-configuration}
327 frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi
328 cached-configuration-verification = ${apache-2.2:location}/bin/httpd -Sf $${:cached-configuration}
329 cached-graceful-command = $${:cached-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${apache-configuration:cache-pid-file}); fi
330
331 # Apache for cache configuration
332 cache-access-log = $${directory:log}/frontend-apache-access-cached.log
333 cache-error-log = $${directory:log}/frontend-apache-error-cached.log
334 cache-pid-file = $${directory:run}/httpd-cached.pid
335
336 # Comunication with squid
337 cache-port = 26010
338 cache-through-port = 26011
339
340 # Create wrapper for "apachectl conftest" in bin
341 [configtest]
342 recipe = slapos.cookbook:wrapper
343 command-line = ${apache-2.2:location}/bin/httpd -f $${directory:etc}/apache_frontend.conf -t
344 wrapper-path = $${directory:bin}/apache-configtest
345
346 [certificate-authority]
347 recipe = slapos.cookbook:certificate_authority
348 openssl-binary = ${openssl:location}/bin/openssl
349 ca-dir = $${directory:ca-dir}
350 requests-directory = $${cadirectory:requests}
351 wrapper = $${directory:service}/certificate_authority
352 ca-private = $${cadirectory:private}
353 ca-certs = $${cadirectory:certs}
354 ca-newcerts = $${cadirectory:newcerts}
355 ca-crl = $${cadirectory:crl}
356
357 [cadirectory]
358 recipe = slapos.cookbook:mkdirectory
359 requests = $${directory:ca-dir}/requests/
360 private = $${directory:ca-dir}/private/
361 certs = $${directory:ca-dir}/certs/
362 newcerts = $${directory:ca-dir}/newcerts/
363 crl = $${directory:ca-dir}/crl/
364
365 [ca-frontend]
366 <= certificate-authority
367 recipe = slapos.cookbook:certificate_authority.request
368 key-file = $${cadirectory:certs}/apache_frontend.key
369 cert-file = $${cadirectory:certs}/apache_frontend.crt
370 executable = $${directory:service}/frontend_apache
371 wrapper = $${directory:service}/frontend_apache
372 key-content = $${instance-parameter:configuration.apache-key}
373 cert-content = $${instance-parameter:configuration.apache-certificate}
374 # Put domain name
375 name = $${instance-parameter:configuration.domain}
376
377 [cron]
378 recipe = slapos.cookbook:cron
379 dcrond-binary = ${dcron:location}/sbin/crond
380 cron-entries = $${directory:cron-entries}
381 crontabs = $${directory:crontabs}
382 cronstamps = $${directory:cronstamps}
383 catcher = $${cron-simplelogger:wrapper}
384 binary = $${directory:service}/crond
385
386 [cron-simplelogger]
387 recipe = slapos.cookbook:simplelogger
388 wrapper = $${directory:bin}/cron_simplelogger
389 log = $${directory:log}/cron.log
390
391 [cron-entry-logrotate]
392 <= cron
393 recipe = slapos.cookbook:cron.d
394 name = logrotate
395 frequency = 0 0 * * *
396 command = $${logrotate:wrapper}
397
398 # Deploy Logrotate
399 [logrotate]
400 recipe = slapos.cookbook:logrotate
401 # Binaries
402 logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
403 gzip-binary = ${gzip:location}/bin/gzip
404 gunzip-binary = ${gzip:location}/bin/gunzip
405 # Directories
406 wrapper = $${directory:bin}/logrotate
407 conf = $${directory:etc}/logrotate.conf
408 logrotate-entries = $${directory:logrotate-entries}
409 backup = $${directory:logrotate-backup}
410 state-file = $${directory:srv}/logrotate.status
411
412 [logrotate-entry-apache]
413 <= logrotate
414 recipe = slapos.cookbook:logrotate.d
415 name = apache
416 log = $${apache-configuration:error-log} $${apache-configuration:access-log}
417 frequency = daily
418 rotatep-num = 30
419 post = $${apache-configuration:frontend-graceful-command}
420 sharedscripts = true
421 notifempty = true
422 create = true
423
424 [logrotate-entry-apache-cached]
425 <= logrotate
426 recipe = slapos.cookbook:logrotate.d
427 name = apache-cached
428 log = $${apache-configuration:cache-error-log} $${apache-configuration:cache-access-log}
429 frequency = daily
430 rotatep-num = 30
431 post = $${apache-configuration:cached-graceful-command}
432 sharedscripts = true
433 notifempty = true
434 create = true
435
436 [logrotate-entry-squid]
437 <= logrotate
438 recipe = slapos.cookbook:logrotate.d
439 name = squid
440 log = $${squid-cache:cache-log-path} $${squid-cache:access-log-path}
441 frequency = daily
442 rotatep-num = 30
443 post = ${buildout:bin-directory}/killpidfromfile $${apache-configuration:pid-file} SIGHUP
444 sharedscripts = true
445 notifempty = true
446 create = true
447
448 ######################
449 #  Squid deployment
450 ######################
451 [squid-directory]
452 recipe = slapos.cookbook:mkdirectory
453 squid-cache = $${directory:srv}/squid_cache
454
455 [squid-cache]
456 prepare-path = $${directory:etc-run}/squid-prepare
457 wrapper-path = $${directory:service}/squid
458 binary-path = ${squid:location}/sbin/squid
459 configuration-path = $${directory:etc}/squid.cfg
460 cache-path = $${squid-directory:squid-cache}
461 ip = $${instance-parameter:ipv4-random}
462 port = $${apache-configuration:cache-port}
463 backend-ip = $${instance-parameter:ipv4-random}
464 backend-port = $${apache-configuration:cache-through-port}
465 open-port = $${instance-parameter:configuration.open-port}
466 access-log-path = $${directory:log}/squid-access.log
467 cache-log-path = $${directory:log}/squid-cache.log
468 pid-filename-path = $${directory:run}/squid.pid
469
470 [squid-configuration]
471 < = jinja2-template-base
472 template = ${template-squid-configuration:target}
473 rendered = $${squid-cache:configuration-path}
474 extra-context =
475       key ip squid-cache:ip
476       key port squid-cache:port
477       key backend_ip squid-cache:backend-ip
478       key backend_port squid-cache:backend-port
479       key cache_path squid-cache:cache-path
480       key access_log_path squid-cache:access-log-path
481       key cache_log_path squid-cache:cache-log-path
482       key pid_filename_path squid-cache:pid-filename-path
483       key open_port squid-cache:open-port
484
485 [squid-service]
486 recipe = slapos.cookbook:wrapper
487 command-line = $${squid-cache:binary-path} -N -f $${squid-configuration:rendered}
488 wrapper-path = $${squid-cache:wrapper-path}
489
490 [squid-prepare]
491 recipe = slapos.cookbook:wrapper
492 command-line = $${squid-cache:binary-path} -z -f $${squid-configuration:rendered}
493 wrapper-path = $${squid-cache:prepare-path}
494
495 [squid-reload]
496 recipe = slapos.cookbook:wrapper
497 command-line = ${buildout:bin-directory}/killpidfromfile $${squid-cache:pid-filename-path} SIGHUP
498 wrapper-path = $${directory:etc-run}/squid-reload
499
500 [promise-squid]
501 recipe = slapos.cookbook:check_port_listening
502 path = $${directory:promise}/squid
503 hostname = $${instance-parameter:ipv4-random}
504 port = $${apache-configuration:cache-port}
505
506 # End of Squid part
507
508 ### Apaches Graceful and promises
509 [frontend-apache-graceful]
510 < = jinja2-template-base
511 template = ${template-wrapper:output}
512 rendered = $${directory:etc-run}/frontend-apache-safe-graceful
513 mode = 0700
514 extra-context =
515     key content apache-configuration:frontend-graceful-command
516
517 [cached-apache-graceful]
518 < = jinja2-template-base
519 template = ${template-wrapper:output}
520 rendered = $${directory:etc-run}/cached-apache-safe-graceful
521 mode = 0700
522 extra-context =
523     key content apache-configuration:cached-graceful-command
524
525 # Promises checking configuration:
526 [promise-frontend-apache-configuration]
527 < = jinja2-template-base
528 template = ${template-wrapper:output}
529 rendered = $${directory:promise}/frontend-apache-configuration-promise
530 mode = 0700
531 extra-context =
532     key content apache-configuration:frontend-configuration-verification
533
534 [promise-cached-apache-configuration]
535 < = jinja2-template-base
536 template = ${template-wrapper:output}
537 rendered = $${directory:promise}/cached-apache-configuration-promise
538 mode = 0700
539 extra-context =
540     key content apache-configuration:cached-configuration-verification
541
542 [promise-apache-frontend-v4-https]
543 recipe = slapos.cookbook:check_port_listening
544 path = $${directory:promise}/apache_frontend_ipv4_https
545 hostname = $${instance-parameter:ipv4-random}
546 port = $${instance-parameter:configuration.port}
547
548 [promise-apache-frontend-v4-http]
549 recipe = slapos.cookbook:check_port_listening
550 path = $${directory:promise}/apache_frontend_ipv4_http
551 hostname = $${instance-parameter:ipv4-random}
552 port = $${instance-parameter:configuration.plain_http_port}
553
554 [promise-apache-frontend-v6-https]
555 recipe = slapos.cookbook:check_port_listening
556 path = $${directory:promise}/apache_frontend_ipv6_https
557 hostname = $${instance-parameter:ipv6-random}
558 port = $${instance-parameter:configuration.port}
559
560 [promise-apache-frontend-v6-http]
561 recipe = slapos.cookbook:check_port_listening
562 path = $${directory:promise}/apache_frontend_ipv6_http
563 hostname = $${instance-parameter:ipv6-random}
564 port = $${instance-parameter:configuration.plain_http_port}
565
566 [promise-apache-cached]
567 recipe = slapos.cookbook:check_port_listening
568 path = $${directory:promise}/apache_cached
569 hostname = $${instance-parameter:ipv4-random}
570 port = $${apache-configuration:cache-through-port}
571
572 [slap_connection]
573 # Kept for backward compatiblity
574 computer_id = $${slap-connection:computer-id}
575 partition_id = $${slap-connection:partition-id}
576 server_url = $${slap-connection:server-url}
577 software_release_url = $${slap-connection:software-release-url}
578 key_file = $${slap-connection:key-file}
579 cert_file = $${slap-connection:cert-file}