runner: update request of a custom frontend so it can use backend-type parameter
[slapos.git] / software / slaprunner / instance-runner.cfg
1 [buildout]
2 parts =
3   nginx_conf
4   nginx-launcher
5   certificate-authority
6   ca-nginx
7   ca-shellinabox
8   gunicorn-launcher
9   gunicorn-graceful
10   sshkeys-dropbear-runner
11   dropbear-server-add-authorized-key
12   sshkeys-authority
13   publish-connection-informations
14   slaprunner-promise
15   slaprunner-frontend-promise
16   dropbear-promise
17   runtestsuite
18   shellinabox-promise
19   symlinks
20   shellinabox
21   slapos-cfg
22   slapos-repo-config
23   cron-entry-prepare-software
24   deploy-instance-parameters
25 {% if slapparameter_dict.get('custom-frontend-backend-url') %}
26   custom-frontend-promise
27 {% endif %}
28 ###Parts to add for monitoring
29   slap-parameters
30   certificate-authority
31   cron
32   cron-entry-monitor
33   cron-entry-rss
34   deploy-index
35   deploy-index-template
36   deploy-monitor-script
37   deploy-rss-script
38   deploy-settings-cgi
39   deploy-status-cgi
40   make-rss
41   monitor-promise
42   setup-static-files
43   certificate-authority
44   public
45   zero-parameters
46   cgi-httpd-wrapper
47   public-symlink
48
49 extends = ${monitor-template:output}
50
51 eggs-directory = ${buildout:eggs-directory}
52 develop-eggs-directory = ${buildout:develop-eggs-directory}
53 offline = true
54
55 {% if slapparameter_dict.get('custom-frontend-backend-url') -%}
56 # Requests, if defined, a frontend to allow access to a server
57 # located inside of the virtual machine listening to port X
58 # to LAN IPv4.
59 # Internaly, the frontend will be asked to listen on the IPv6
60 # with port X + 10000, to match NAT rules of Qemu.
61 [request-custom-frontend]
62 recipe = slapos.cookbook:requestoptional
63 software-url = {{ slapparameter_dict.get('custom-frontend-software-url', 'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg') }}
64 software-type = {{ slapparameter_dict.get('custom-frontend-software-type', 'RootSoftwareInstance') }}
65 slave = true
66 name = Custom Web Frontend
67
68 server-url = $${slap-connection:server-url}
69 key-file = $${slap-connection:key-file}
70 cert-file = $${slap-connection:cert-file}
71 computer-id = $${slap-connection:computer-id}
72 partition-id = $${slap-connection:partition-id}
73
74 {%- if slapparameter_dict.get('custom-frontend-instance-guid') -%}
75 sla = instance_guid
76 sla-instance_guid = $${slap-parameter:frontend-instance-guid}
77 {% endif -%}
78
79 {% set custom_frontend_backend_type = slapparameter_dict.get('custom-frontend-backend-type')%}
80 {% if custom_frontend_backend_type %}
81 config = url type
82 config-type = {{ custom_frontend_backend_type }}
83 {% else %}
84 config = url
85 {% endif -%}
86 config-url = {{ slapparameter_dict.get('custom-frontend-backend-url') }}
87 return = site_url domain
88
89 [custom-frontend-promise]
90 recipe = slapos.cookbook:check_url_available
91 path = $${directory:promises}/custom_frontend_promise
92 url = https://$${request-custom-frontend:connection-domain}
93 {% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
94 check-secure = 1
95 {% endif -%}
96 dash_path = {{ dash_executable_location }}
97 curl_path = {{ curl_executable_location }}
98
99 [publish-connection-informations]
100 custom-frontend-url = https://$${request-custom-frontend:connection-domain}
101 {% endif %}
102
103 # Create all needed directories
104 [directory]
105 recipe = slapos.cookbook:mkdirectory
106 etc = $${buildout:directory}/etc/
107 var = $${buildout:directory}/var/
108 srv = $${buildout:directory}/srv/
109 bin = $${buildout:directory}/bin/
110 tmp = $${buildout:directory}/tmp/
111
112 sshkeys = $${:srv}/sshkeys
113 services = $${:etc}/service/
114 scripts = $${:etc}/run/
115 ssh = $${:etc}/ssh/
116 log = $${:var}/log/
117 run = $${:var}/run/
118 backup = $${:srv}/backup/
119 promises = $${:etc}/promise/
120 test = $${:etc}/test/
121 nginx-data = $${directory:srv}/nginx
122 ca-dir = $${:srv}/ssl
123 project = $${:srv}/runner/project
124
125 [runnerdirectory]
126 recipe = slapos.cookbook:mkdirectory
127 home = $${directory:srv}/runner/
128 test = $${directory:srv}/test/
129 project = $${:home}/project
130 public = $${:home}/public
131 software-root = $${:home}/software
132 instance-root = $${:home}/instance
133 project-test = $${:test}/project
134 software-test = $${:test}/software
135 instance-test = $${:test}/instance
136 sessions = $${buildout:directory}/.sessions
137
138 #Create password recovery code for slaprunner
139 [recovery-code]
140 recipe = slapos.cookbook:generate.password
141 storage-path = $${directory:etc}/.rcode
142 bytes = 8
143
144 [slaprunner]
145 slaprunner = ${buildout:directory}/bin/slaprunner
146 slapos = ${buildout:directory}/bin/slapos
147 slapproxy = ${buildout:directory}/bin/slapproxy
148 supervisor = ${buildout:directory}/bin/slapgrid-supervisorctl
149 git-binary = ${git:location}/bin/git
150 root_check = false
151 slapos.cfg = $${directory:etc}/slapos.cfg
152 working-directory = $${runnerdirectory:home}
153 project-directory = $${runnerdirectory:project}
154 instance_root = $${runnerdirectory:instance-root}
155 software_root = $${runnerdirectory:software-root}
156 #XXX-Nico hardcoded default port because overridden by this buildout config
157 instance-monitor-url = https://[$${:ipv6}]:9685
158 etc_dir = $${directory:etc}
159 log_dir =  $${directory:log}
160 run_dir = $${directory:run}
161 ssh_client = $${sshkeys-dropbear-runner:wrapper}
162 public_key = $${sshkeys-dropbear-runner:public-key}
163 private_key = $${sshkeys-dropbear-runner:private-key}
164 ipv4 = $${slap-network-information:local-ipv4}
165 ipv6 = $${slap-network-information:global-ipv6}
166 instance_root = $${runnerdirectory:instance-root}
167 proxy_port = 50000
168 runner_port = 50005
169 partition-amount = $${slap-parameter:instance-amount}
170 wrapper = $${directory:services}/slaprunner
171 debug = $${slap-parameter:debug}
172 access-url = https://[$${:ipv6}]:$${:runner_port}
173 supervisord_config = $${directory:etc}/supervisord.conf
174 proxy_database = $${slaprunner:working-directory}/proxy.db
175 console = False
176 verbose = False
177 debug = False
178 auto_deploy = $${slap-parameter:auto-deploy}
179 auto_deploy_instance = $${slap-parameter:auto-deploy-instance}
180 autorun = $${slap-parameter:autorun}
181 knowledge0_file = $${buildout:directory}/$${public:filename}
182
183 [test-runner]
184 <= slaprunner
185 slapos.cfg = $${directory:etc}/slapos-test.cfg
186 working-directory = $${runnerdirectory:test}
187 project-directory = $${runnerdirectory:project-test}
188 software-directory = $${runnerdirectory:software-test}
189 instance-directory = $${runnerdirectory:instance-test}
190 proxy_port = 8602
191 etc_dir = $${directory:test}
192
193 [runtestsuite]
194 recipe = slapos.cookbook:wrapper
195 command-line = ${buildout:directory}/bin/slaprunnertest
196 wrapper-path = $${directory:bin}/runTestSuite
197 environment = RUNNER_CONFIG=$${slapos-test-cfg:rendered}
198
199 # Deploy dropbear (minimalist SSH server)
200 [sshkeys-directory]
201 recipe = slapos.cookbook:mkdirectory
202 requests = $${directory:sshkeys}/requests/
203 keys = $${directory:sshkeys}/keys/
204
205 [sshkeys-authority]
206 recipe = slapos.cookbook:sshkeys_authority
207 request-directory = $${sshkeys-directory:requests}
208 keys-directory = $${sshkeys-directory:keys}
209 wrapper = $${directory:services}/sshkeys_authority
210 keygen-binary = ${dropbear:location}/bin/dropbearkey
211
212 [dropbear-runner-server]
213 recipe = slapos.cookbook:dropbear
214 host = $${slap-network-information:global-ipv6}
215 port = 22222
216 home = $${directory:ssh}
217 wrapper = $${directory:bin}/runner_sshd
218 shell = ${bash:location}/bin/bash
219 rsa-keyfile = $${directory:ssh}/server_key.rsa
220 dropbear-binary = ${dropbear:location}/sbin/dropbear
221
222 [sshkeys-dropbear-runner]
223 <= sshkeys-authority
224 recipe = slapos.cookbook:sshkeys_authority.request
225 name = dropbear
226 type = rsa
227 executable = $${dropbear-runner-server:wrapper}
228 public-key = $${dropbear-runner-server:rsa-keyfile}.pub
229 private-key = $${dropbear-runner-server:rsa-keyfile}
230 wrapper = $${directory:services}/runner_sshd
231
232 [dropbear-server-add-authorized-key]
233 <= dropbear-runner-server
234 recipe = slapos.cookbook:dropbear.add_authorized_key
235 key = $${slap-parameter:user-authorized-key}
236
237 #---------------------------
238 #--
239 #-- Set nginx frontend
240
241 [tempdirectory]
242 recipe = slapos.cookbook:mkdirectory
243 client_body_temp_path = $${directory:tmp}/client_body_temp_path
244 proxy_temp_path = $${directory:tmp}/proxy_temp_path
245 fastcgi_temp_path = $${directory:tmp}/fastcgi_temp_path
246 uwsgi_temp_path = $${directory:tmp}/uwsgi_temp_path
247 scgi_temp_path = $${directory:tmp}/scgi_temp_path
248
249 [nginx-frontend]
250 # Options
251 nb_workers = 2
252 # Network
253 local-ip = $${slap-network-information:local-ipv4}
254 port = 30001
255 global-ip = $${slap-network-information:global-ipv6}
256 global-port = $${slaprunner:runner_port}
257 # Backend
258 runner-ip = $${slaprunner:ipv4}
259 runner-port = $${slaprunner:runner_port}
260 # SSL
261 ssl-certificate = $${ca-nginx:cert-file}
262 ssl-key = $${ca-nginx:key-file}
263 # Log
264 path_pid = $${directory:run}/nginx.pid
265 path_log = $${directory:log}/nginx.log
266 path_access_log = $${directory:log}/nginx.access.log
267 path_error_log = $${directory:log}/nginx.error.log
268 path_tmp = $${directory:tmp}/
269 # Config files
270 path_nginx_conf = $${directory:etc}/nginx.conf
271 # Executables
272 bin_nginx = ${nginx-webdav:location}/sbin/nginx
273 bin_launcher = $${directory:bin}/launcher
274 # Utils
275 path_shell = ${dash:location}/bin/dash
276 # Misc.
277 etc_dir = $${directory:etc}
278 work_dir = $${slaprunner:working-directory}
279
280 [nginx_conf]
281 recipe = slapos.recipe.template:jinja2
282 template = ${template_nginx_conf:location}/${template_nginx_conf:filename}
283 rendered = $${nginx-frontend:path_nginx_conf}
284 context =
285     key shellinabox_port shellinabox:port
286     key socket gunicorn:socket
287     section param_nginx_frontend nginx-frontend
288     section param_tempdir tempdirectory
289
290 [nginx-launcher]
291 recipe = slapos.recipe.template:jinja2
292 template = ${template_launcher:location}/${template_launcher:filename}
293 rendered = $${nginx-frontend:bin_launcher}
294 mode = 700
295 context =
296     section param_nginx_frontend nginx-frontend
297
298 [httpd-parameters]
299 path_pid = $${directory:run}/httpd.pid
300 path_error_log = $${directory:log}/httpd-error.log
301 path_access_log = $${directory:log}/httpd-access.log
302 key_file = $${ca-httpd:key-file}
303 cert_file = $${ca-httpd:cert-file}
304 global_ip = $${slap-network-information:global-ipv6}
305 global_port = $${slaprunner:runner_port}
306 monitor_port = $${monitor-parameters:port}
307 monitor_index = $${deploy-index:rendered}
308 working_directory = $${slaprunner:working-directory}
309 dav_lock = $${directory:var}/DavLock
310 etc_dir = $${directory:etc}
311 var_dir = $${directory:var}
312 document_root = $${directory:www}
313 project_folder = $${directory:project}
314 runner_home = $${runnerdirectory:home}
315 git_http_backend = ${git:location}/libexec/git-core/git-http-backend
316 cgi_httpd_conf = $${cgi-httpd-configuration-file:output}
317
318 [httpd-conf]
319 recipe = slapos.recipe.template:jinja2
320 template = ${template_httpd_conf:location}/${template_httpd_conf:filename}
321 rendered = $${directory:etc}/httpd.conf
322 context =
323     section parameters httpd-parameters
324
325 [cgi-httpd-wrapper]
326 recipe = slapos.cookbook:wrapper
327 apache-executable = ${apache:location}/bin/httpd
328 wrapper-path = $${ca-httpd:executable}
329 command-line = $${:apache-executable} -f $${httpd-conf:rendered} -DFOREGROUND
330
331 #--------------------
332 #--
333 #-- WSGI
334
335 [gunicorn]
336 bin_gunicorn = $${directory:bin}/gunicorn
337 bin_launcher = $${directory:services}/gunicorn
338 path_shell = ${dash:location}/bin/dash
339 socket = $${directory:tmp}/flaskserver.sock
340 path_pid = $${directory:run}/gunicorn.pid
341
342 [gunicorn-launcher]
343 recipe = slapos.cookbook:wrapper
344 command-line = $${gunicorn:bin_gunicorn} slapos.runner:app -p $${gunicorn:path_pid} -b unix:$${gunicorn:socket} -e RUNNER_CONFIG=$${slaprunner:slapos.cfg} --preload
345 wrapper-path = $${gunicorn:bin_launcher}
346 environment = PATH=$${environ:PATH}:${git:location}/bin/
347   RUNNER_CONFIG=$${slaprunner:slapos.cfg}
348
349 [gunicorn-graceful]
350 recipe = slapos.cookbook:wrapper
351 command-line = $${directory:bin}/killpidfromfile $${gunicorn:path_pid} SIGHUP
352 wrapper-path = $${directory:scripts}/gunicorn-graceful
353
354 #--------------------
355 #--
356 #-- ssl certificates
357
358 [certificate-authority]
359 recipe = slapos.cookbook:certificate_authority
360 openssl-binary = ${openssl:location}/bin/openssl
361 ca-dir = $${directory:ca-dir}
362 requests-directory = $${cadirectory:requests}
363 wrapper = $${directory:services}/certificate_authority
364 ca-private = $${cadirectory:private}
365 ca-certs = $${cadirectory:certs}
366 ca-newcerts = $${cadirectory:newcerts}
367 ca-crl = $${cadirectory:crl}
368
369 [cadirectory]
370 recipe = slapos.cookbook:mkdirectory
371 requests = $${directory:ca-dir}/requests/
372 private = $${directory:ca-dir}/private/
373 certs = $${directory:ca-dir}/certs/
374 newcerts = $${directory:ca-dir}/newcerts/
375 crl = $${directory:ca-dir}/crl/
376
377 [ca-nginx]
378 <= certificate-authority
379 recipe = slapos.cookbook:certificate_authority.request
380 key-file = $${cadirectory:certs}/nginx_frontend.key
381 cert-file = $${cadirectory:certs}/nginx_frontend.crt
382 executable = $${nginx-launcher:rendered}
383 wrapper = $${directory:services}/nginx-frontend
384 # Put domain name
385 name = example.com
386
387 [ca-shellinabox]
388 <= certificate-authority
389 recipe = slapos.cookbook:certificate_authority.request
390 executable = $${shellinabox:wrapper}
391 wrapper = $${directory:services}/shellinaboxd
392 key-file = $${cadirectory:certs}/shellinabox.key
393 cert-file = $${cadirectory:certs}/shellinabox.crt
394 #--------------------
395 #--
396 #-- Request frontend
397
398 [request-frontend]
399 <= slap-connection
400 recipe = slapos.cookbook:requestoptional
401 name = SlapRunner Frontend
402 # XXX We have hardcoded SR URL here.
403 software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
404 slave = true
405 config = url domain
406 config-url = $${slaprunner:access-url}
407 config-domain = $${slap-parameter:frontend-domain}
408 return = site_url domain
409
410 [monitor-frontend]
411 <= slap-connection
412 recipe = slapos.cookbook:requestoptional
413 name = Monitor Frontend
414 # XXX We have hardcoded SR URL here.
415 software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
416 slave = true
417 config = url domain
418 config-url = https://[$${cgi-httpd-configuration-file:listening-ip}]:$${monitor-parameters:port}
419 config-domain = $${slap-parameter:frontend-domain}
420 return = site_url domain
421
422 #--------------------------------------
423 #--
424 #-- Send informations to SlapOS Master
425
426 [publish-connection-informations]
427 recipe = slapos.cookbook:publish
428 1_info = On your first run, Use "access_url" to setup you account. Then you can use both "url" or "access_url". Or "backend_url" if you want to use ipv6. Set up your account in the webrunner in order to use webdav, and being able to clone your git repositories from the runner.
429 2_info = In order to set up your account, get the recovery-code from the monitoring interface. Before read the notification on monitor_info.
430 backend_url = $${slaprunner:access-url}
431 access_url = $${:url}/login
432 url =  https://$${request-frontend:connection-domain}
433 ssh_command = ssh $${dropbear-runner-server:host} -p $${dropbear-runner-server:port}
434 monitor_url = https://$${monitor-frontend:connection-domain}
435 webdav_url = $${:monitor_url}/share/
436 public_url =  $${:monitor_url}/public/
437 git_public_url =  https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git-public/
438 git_private_url = https://[$${httpd-parameters:global_ip}]:$${httpd-parameters:monitor_port}/git/
439
440 #---------------------------
441 #--
442 #-- Deploy promises scripts
443
444 [slaprunner-promise]
445 recipe = slapos.cookbook:check_port_listening
446 path = $${directory:promises}/slaprunner
447 hostname = $${slaprunner:ipv6}
448 port = $${slaprunner:runner_port}
449
450 [slaprunner-frontend-promise]
451 recipe = slapos.cookbook:check_url_available
452 path = $${directory:promises}/slaprunner_frontend
453 url = https://$${request-frontend:connection-domain}/login
454 dash_path = ${dash:location}/bin/dash
455 curl_path = ${curl:location}/bin/curl
456
457 [dropbear-promise]
458 recipe = slapos.cookbook:check_port_listening
459 path = $${directory:promises}/dropbear
460 hostname = $${dropbear-runner-server:host}
461 port = $${dropbear-runner-server:port}
462
463 [shellinabox-promise]
464 recipe = slapos.cookbook:check_port_listening
465 path = $${directory:promises}/shellinabox
466 hostname = $${shellinabox:ipv6}
467 port = $${shellinabox:port}
468
469 [symlinks]
470 recipe = cns.recipe.symlink
471 symlink_target = $${directory:bin}
472 symlink_base = ${buildout:directory}/bin
473
474 [slap-parameter]
475 # Default value if no ssh key is specified
476 user-authorized-key =
477 # Default value of instances number in slaprunner
478 instance-amount = 10
479 debug = false
480 frontend-domain =
481 slapos-repository = http://git.erp5.org/repos/slapos.git
482 slapos-software =
483 slapos-reference = master
484 auto-deploy = false
485 auto-deploy-instance = true
486 autorun = false
487 monitor-port = 9684
488
489 [monitor-parameters]
490 port = $${slap-parameter:monitor-port}
491
492 [slapos-cfg]
493 recipe = slapos.recipe.template:jinja2
494 template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename}
495 rendered = $${slaprunner:slapos.cfg}
496 mode = 700
497 context =
498   section slaprunner slaprunner
499
500 [slapos-test-cfg]
501 recipe = slapos.recipe.template:jinja2
502 template = ${slapos-cfg-template:location}/${slapos-cfg-template:filename}
503 rendered = $${test-runner:slapos.cfg}
504 mode = 700
505 context =
506   section slaprunner test-runner
507
508 [shellinabox]
509 recipe = slapos.cookbook:shellinabox
510 ipv6 = $${slap-network-information:global-ipv6}
511 port = 8080
512 shell = $${shell:wrapper}
513 wrapper = $${directory:bin}/shellinaboxd
514 shellinabox-binary = ${shellinabox:location}/bin/shellinaboxd
515 password = $${zero-parameters:shell-password}
516 directory = $${runnerdirectory:home}
517 login-shell = $${directory:bin}/login
518 certificate-directory = $${cadirectory:certs}
519 cert-file = $${ca-shellinabox:cert-file}
520 key-file = $${ca-shellinabox:key-file}
521
522 [shellinabox-code]
523 recipe = slapos.cookbook:generate.password
524 storage-path = $${directory:etc}/.scode
525 bytes = 8
526
527 [shell]
528 recipe = slapos.cookbook:shell
529 wrapper = $${directory:bin}/sh
530 shell = ${bash:location}/bin/bash
531 home = $${runnerdirectory:home}
532 path = $${environ:PATH}:${nano:location}/bin:${vim:location}/bin:${screen:location}/bin:${git:location}/bin
533 ps1 = "\\w> "
534
535 [environ]
536 recipe = collective.recipe.environment
537
538 [slapos-repo]
539 recipe = slapos.recipe.build:gitclone
540 repository = $${slap-parameter:slapos-repository}
541 git-executable = ${git:location}/bin/git
542 develop = true
543 location = $${directory:project}/slapos
544
545 [slapos-repo-config]
546 recipe = plone.recipe.command
547 stop-on-error = true
548 command = cd $${slapos-repo:location} && ${git:location}/bin/git checkout $${slap-parameter:slapos-reference} && SR=$${slap-parameter:slapos-software} && if [ -n "$SR" ] && [ ! -f "$${directory:etc}/.project" ]; then echo workspace/slapos/$${slap-parameter:slapos-software}/ > $${directory:etc}/.project; fi
549 update-command = true
550
551 [prepare-software]
552 recipe = slapos.cookbook:wrapper
553 command-line = ${curl:location}/bin/curl -g https://[$${slaprunner:ipv6}]:$${slaprunner:runner_port}/isSRReady --max-time 1 --insecure
554 wrapper-path = $${directory:scripts}/prepareSoftware
555
556 [cron-entry-prepare-software]
557 <= cron
558 recipe = slapos.cookbook:cron.d
559 name = prepare-software
560 frequency = */2 * * * *
561 command = $${prepare-software:wrapper-path}
562
563 [instance-parameters]
564 recipe = slapos.recipe.template:jinja2
565 extensions = jinja2.ext.do
566 template = ${parameters-template:location}/${parameters-template:filename}
567 rendered = $${directory:etc}/.parameter.xml.default
568 mode = 0644
569 context =
570   key slapparameter_dict slap-configuration:configuration
571
572 [deploy-instance-parameters]
573 recipe = plone.recipe.command
574 stop-on-error = true
575 parameter-xml = $${directory:etc}/.parameter.xml
576 command = if [ ! -f $${:parameter-xml} ]; then cp $${instance-parameters:rendered} $${:parameter-xml}; fi
577
578 [slap-configuration]
579 recipe = slapos.cookbook:slapconfiguration.serialised
580 computer = $${slap-connection:computer-id}
581 partition = $${slap-connection:partition-id}
582 url = $${slap-connection:server-url}
583 key = $${slap-connection:key-file}
584 cert = $${slap-connection:cert-file}
585
586 [public]
587 shell-password = $${shellinabox-code:passwd}
588 recovery-code = $${recovery-code:passwd}
589
590 [zero-parameters]