Commit 3c373a20 authored by Łukasz Nowak's avatar Łukasz Nowak

WIP: caddy-frontend: Implement basic KeDiFa usage

Use KeDiFa to store keys, and transmit the url to the requester for master
and slave partitions.

Download keys on the slave partitions level.
parent 44cceac7
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = d43a1631bcd0f4307507268a06f0fac2 md5sum = 6d5d97b5f253637c4311eb6a079b3f2d
[template-common] [template-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,15 +22,19 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b ...@@ -22,15 +22,19 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 9533b13b800ac12b7921e661221a68aa md5sum = 0c616e6b0369bee0d6e3d25c30244300
[template-kedifa]
filename = instance-kedifa.cfg.in
md5sum = a6015ef1571f3ca7bf291a81119653f8
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = 1576859772052bcb85ff2b5a7b786410 md5sum = cd86347c687b99e4fc97c9fcf3ef45dd
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = a244336f20094c632076d30e4ace2254 md5sum = 0de8bd3f1d1e74033005ffaa48f15481
[template-slave-configuration] [template-slave-configuration]
filename = templates/custom-virtualhost.conf.in filename = templates/custom-virtualhost.conf.in
...@@ -38,15 +42,15 @@ md5sum = 54ae95597a126ae552c3a913ddf29e5e ...@@ -38,15 +42,15 @@ md5sum = 54ae95597a126ae552c3a913ddf29e5e
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in filename = templates/replicate-publish-slave-information.cfg.in
md5sum = 01efde8febafcff6dde2ebb43e75a9e4 md5sum = 2d4277abf798905d4fb87be07674b31a
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
filename = templates/Caddyfile.in filename = templates/Caddyfile.in
md5sum = 7c987ad75fcce6f5b925c7696ff41971 md5sum = 5f49673807325810e69018d54299f7c8
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = a244336f20094c632076d30e4ace2254 md5sum = 0de8bd3f1d1e74033005ffaa48f15481
[caddy-backend-url-validator] [caddy-backend-url-validator]
filename = templates/caddy-backend-url-validator.in filename = templates/caddy-backend-url-validator.in
...@@ -62,7 +66,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -62,7 +66,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 9e00b6d981b9f93a486ef06a47345ebd md5sum = f07ec2ab9ca4b3656170735f704c8db9
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
...@@ -70,7 +74,7 @@ md5sum = 7cbcadc295860821ac9d3aaa3cca72c5 ...@@ -70,7 +74,7 @@ md5sum = 7cbcadc295860821ac9d3aaa3cca72c5
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in filename = templates/template-log-access.conf.in
md5sum = f2a74f88c7248f199011fa9ec6182f73 md5sum = 87c55a8b4d6bda7ad4877a52ac2ea758
[template-empty] [template-empty]
filename = templates/empty.in filename = templates/empty.in
...@@ -90,7 +94,7 @@ md5sum = 117238225b3fc3c5b5be381815f44c67 ...@@ -90,7 +94,7 @@ md5sum = 117238225b3fc3c5b5be381815f44c67
[template-nginx-configuration] [template-nginx-configuration]
filename = templates/nginx.cfg.in filename = templates/nginx.cfg.in
md5sum = fadb2fcaf0f2b4fe735617fac222f7ed md5sum = 5346c66771dec99084eb929d965fff8f
[template-nginx-eventsource-slave-virtualhost] [template-nginx-eventsource-slave-virtualhost]
filename = templates/nginx-eventsource-slave.conf.in filename = templates/nginx-eventsource-slave.conf.in
...@@ -98,7 +102,7 @@ md5sum = 176cbca2070734a185a7ae5a4d1181c5 ...@@ -98,7 +102,7 @@ md5sum = 176cbca2070734a185a7ae5a4d1181c5
[template-nginx-notebook-slave-virtualhost] [template-nginx-notebook-slave-virtualhost]
filename = templates/nginx-notebook-slave.conf.in filename = templates/nginx-notebook-slave.conf.in
md5sum = e018935e2cec2368991f743cab725741 md5sum = aa6b0860455dc04252c8c8cd29d7cd22
[template-apache-lazy-script-call] [template-apache-lazy-script-call]
filename = templates/apache-lazy-script-call.sh.in filename = templates/apache-lazy-script-call.sh.in
...@@ -106,7 +110,7 @@ md5sum = ebe5d3d19923eb812a40019cb11276d8 ...@@ -106,7 +110,7 @@ md5sum = ebe5d3d19923eb812a40019cb11276d8
[template-caddy-graceful-script] [template-caddy-graceful-script]
filename = templates/caddy-graceful-script.sh.in filename = templates/caddy-graceful-script.sh.in
md5sum = 455f8765a3afd39fb78562fb9e326c42 md5sum = 41ac81c7939e6dd65f589d3edf5607b1
[caddyprofiledeps-setup] [caddyprofiledeps-setup]
filename = setup.py filename = setup.py
......
...@@ -30,6 +30,24 @@ parts += ...@@ -30,6 +30,24 @@ parts +=
http-proxy http-proxy
caddyprofiledeps caddyprofiledeps
kedifa-develop
kedifa
[kedifa-repository]
recipe = slapos.recipe.build:gitclone
repository = https://lab.nexedi.com/luke/kedifa.git
branch = initial-implementation
git-executable = ${git:location}/bin/git
[kedifa-develop]
recipe = zc.recipe.egg:develop
setup = ${kedifa-repository:location}
[kedifa]
recipe = zc.recipe.egg
eggs =
kedifa
[caddyprofiledeps-setup] [caddyprofiledeps-setup]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/setup.py url = ${:_profile_base_location_}/setup.py
...@@ -90,6 +108,8 @@ gzip = ${gzip:location} ...@@ -90,6 +108,8 @@ gzip = ${gzip:location}
logrotate = ${logrotate:location} logrotate = ${logrotate:location}
openssl = ${openssl:location} openssl = ${openssl:location}
trafficserver = ${trafficserver:location} trafficserver = ${trafficserver:location}
kedifa = ${:bin_directory}/kedifa
kedifa-getter = ${:bin_directory}/kedifa-getter
monitor_template = ${monitor-template:output} monitor_template = ${monitor-template:output}
template_cached_slave_virtualhost = ${template-cached-slave-virtualhost:target} template_cached_slave_virtualhost = ${template-cached-slave-virtualhost:target}
...@@ -123,6 +143,7 @@ context = ...@@ -123,6 +143,7 @@ context =
key monitor2_template monitor2-template:rendered key monitor2_template monitor2-template:rendered
key template_caddy_frontend template-caddy-frontend:target key template_caddy_frontend template-caddy-frontend:target
key template_caddy_replicate template-caddy-replicate:target key template_caddy_replicate template-caddy-replicate:target
key template_kedifa template-kedifa:target
key template_replicate_publish_slave_information template-replicate-publish-slave-information:target key template_replicate_publish_slave_information template-replicate-publish-slave-information:target
key caddy_backend_url_validator caddy-backend-url-validator:output key caddy_backend_url_validator caddy-backend-url-validator:output
key caddy_custom_http_validator caddy-custom-http-validator:output key caddy_custom_http_validator caddy-custom-http-validator:output
...@@ -153,6 +174,11 @@ recipe = slapos.recipe.build:download ...@@ -153,6 +174,11 @@ recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
mode = 0644 mode = 0644
[template-kedifa]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-kedifa.cfg.in
mode = 0644
[download-template] [download-template]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/${:filename} url = ${:_profile_base_location_}/templates/${:filename}
......
{%- if slap_software_type == software_type -%} {%- if slap_software_type == software_type -%}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set master_reserved_reference = slapparameter_dict['master-reserved-reference'] -%}
[buildout] [buildout]
extends = extends =
{{ parameter_dict['common_profile'] }} {{ parameter_dict['common_profile'] }}
...@@ -126,17 +127,22 @@ filename = custom-personal-instance-slave-list.cfg ...@@ -126,17 +127,22 @@ filename = custom-personal-instance-slave-list.cfg
extensions = jinja2.ext.do extensions = jinja2.ext.do
slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }} slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }}
extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }} extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }}
master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }}
master_reserved_reference = {{ dumps(master_reserved_reference) }}
slave_kedifa_information = {{ dumps(slapparameter_dict['slave-kedifa-information']) }}
local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }} local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }}
local_ipv6 = {{ dumps(instance_parameter['ipv6-random']) }} local_ipv6 = {{ dumps(instance_parameter['ipv6-random']) }}
software_type = single-custom-personal software_type = single-custom-personal
bin_directory = {{ parameter_dict['bin_directory'] }} bin_directory = {{ parameter_dict['bin_directory'] }}
sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel
kedifa-getter = {{ parameter_dict['kedifa-getter'] }}
service_directory = ${directory:service} service_directory = ${directory:service}
extra-context = extra-context =
key caddy_configuration_directory caddy-directory:slave-configuration key caddy_configuration_directory caddy-directory:slave-configuration
key nginx_configuration_directory caddy-directory:nginx-slave-configuration key nginx_configuration_directory caddy-directory:nginx-slave-configuration
key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration
key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
key kedifa_getter :kedifa-getter
key http_port configuration:plain_http_port key http_port configuration:plain_http_port
key https_port configuration:port key https_port configuration:port
key nginx_http_port configuration:plain_nginx_port key nginx_http_port configuration:plain_nginx_port
...@@ -144,7 +150,11 @@ extra-context = ...@@ -144,7 +150,11 @@ extra-context =
key public_ipv4 configuration:public-ipv4 key public_ipv4 configuration:public-ipv4
key slave_instance_list :slave_instance_list key slave_instance_list :slave_instance_list
key extra_slave_instance_list :extra_slave_instance_list key extra_slave_instance_list :extra_slave_instance_list
key custom_ssl_directory caddy-directory:vh-ssl key master_key_download_url :master_key_download_url
key master_reserved_reference :master_reserved_reference
key slave_kedifa_information :slave_kedifa_information
key autocert caddy-directory:autocert
key master_autocert_dir caddy-directory:master-autocert-dir
key caddy_log_directory caddy-directory:slave-log key caddy_log_directory caddy-directory:slave-log
key local_ipv4 :local_ipv4 key local_ipv4 :local_ipv4
key local_ipv6 :local_ipv6 key local_ipv6 :local_ipv6
...@@ -174,6 +184,7 @@ extra-context = ...@@ -174,6 +184,7 @@ extra-context =
key error_log caddy-configuration:error-log key error_log caddy-configuration:error-log
key sixtunnel_executable :sixtunnel_executable key sixtunnel_executable :sixtunnel_executable
key service_directory directory:service key service_directory directory:service
key run_directory directory:etc-run
key not_found_file caddy-configuration:not-found-file key not_found_file caddy-configuration:not-found-file
[dynamic-virtualhost-template-slave] [dynamic-virtualhost-template-slave]
...@@ -200,8 +211,7 @@ extra-context = ...@@ -200,8 +211,7 @@ extra-context =
key httpd_home software-release-path:caddy-location key httpd_home software-release-path:caddy-location
key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl
key instance_home buildout:directory key instance_home buildout:directory
key login_certificate ca-frontend:cert-file key master_autocert_dir caddy-directory:master-autocert-dir
key login_key ca-frontend:key-file
key login_ca_crt ca-custom-frontend:rendered key login_ca_crt ca-custom-frontend:rendered
key ca_dir certificate-authority:ca-dir key ca_dir certificate-authority:ca-dir
key ca_crl certificate-authority:ca-crl key ca_crl certificate-authority:ca-crl
...@@ -255,9 +265,10 @@ slave-configuration = ${directory:etc}/caddy-slave-conf.d/ ...@@ -255,9 +265,10 @@ slave-configuration = ${directory:etc}/caddy-slave-conf.d/
slave-with-cache-configuration = ${directory:etc}/caddy-slave-with-cache-conf.d/ slave-with-cache-configuration = ${directory:etc}/caddy-slave-with-cache-conf.d/
cache = ${directory:var}/cache cache = ${directory:var}/cache
mod-ssl = ${:cache}/httpd_mod_ssl mod-ssl = ${:cache}/httpd_mod_ssl
vh-ssl = ${:slave-configuration}/ssl
slave-log = ${directory:log}/httpd slave-log = ${directory:log}/httpd
nginx-slave-configuration = ${directory:etc}/nginx-slave-conf.d/ nginx-slave-configuration = ${directory:etc}/nginx-slave-conf.d/
autocert = ${directory:srv}/autocert
master-autocert-dir = ${:autocert}/{{ master_reserved_reference.replace('-','.') }}
[caddy-configuration] [caddy-configuration]
frontend-configuration = ${directory:etc}/Caddyfile frontend-configuration = ${directory:etc}/Caddyfile
...@@ -502,6 +513,7 @@ extra-context = ...@@ -502,6 +513,7 @@ extra-context =
key directory_run directory:run key directory_run directory:run
key directory_etc directory:etc key directory_etc directory:etc
key directory_bin directory:bin key directory_bin directory:bin
key directory_autocert caddy-directory:autocert
key caddy_graceful_reload_command caddy-configuration:frontend-graceful-command key caddy_graceful_reload_command caddy-configuration:frontend-graceful-command
[frontend-caddy-lazy-graceful] [frontend-caddy-lazy-graceful]
...@@ -661,6 +673,7 @@ extra-context = ...@@ -661,6 +673,7 @@ extra-context =
key error_log nginx-configuration:error_log key error_log nginx-configuration:error_log
key access_log nginx-configuration:access_log key access_log nginx-configuration:access_log
key not_found_file caddy-configuration:not-found-file key not_found_file caddy-configuration:not-found-file
key master_autocert_dir caddy-directory:master-autocert-dir
[nginx-configuration] [nginx-configuration]
access_log = ${directory:log}/nginx-access.log access_log = ${directory:log}/nginx-access.log
......
...@@ -152,6 +152,7 @@ software-url = ${slap-connection:software-release-url} ...@@ -152,6 +152,7 @@ software-url = ${slap-connection:software-release-url}
software-type = {{frontend_type}} software-type = {{frontend_type}}
return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url
{%- set master_reserved_reference = 'DEFAULT_FRONTEND_KEY' -%}
{% for section, frontend_request in request_dict.iteritems() %} {% for section, frontend_request in request_dict.iteritems() %}
[{{section}}] [{{section}}]
<= replicate <= replicate
...@@ -159,6 +160,9 @@ name = {{ frontend_request.get('name') }} ...@@ -159,6 +160,9 @@ name = {{ frontend_request.get('name') }}
{% if frontend_request.get('state') %} {% if frontend_request.get('state') %}
state = {{ frontend_request.get('state') }} state = {{ frontend_request.get('state') }}
{% endif%} {% endif%}
config-slave-kedifa-information = ${request-kedifa:connection-slave-kedifa-information}
config-master-key-download-url = ${request-kedifa:connection-master-key-download-url}
config-master-reserved-reference = {{ master_reserved_reference }}
{% set slave_configuration_dict = slapparameter_dict %} {% set slave_configuration_dict = slapparameter_dict %}
{% do slave_configuration_dict.update(frontend_request.get('config')) %} {% do slave_configuration_dict.update(frontend_request.get('config')) %}
{% do slave_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list)) %} {% do slave_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list)) %}
...@@ -182,6 +186,7 @@ slave-amount = {{ slave_instance_list | length }} ...@@ -182,6 +186,7 @@ slave-amount = {{ slave_instance_list | length }}
accepted-slave-amount = {{ authorized_slave_list | length }} accepted-slave-amount = {{ authorized_slave_list | length }}
rejected-slave-amount = {{ rejected_slave_dict | length }} rejected-slave-amount = {{ rejected_slave_dict | length }}
rejected-slave-dict = {{ dumps(json_module.dumps(rejected_slave_dict)) }} rejected-slave-dict = {{ dumps(json_module.dumps(rejected_slave_dict)) }}
master-key-upload-url = ${request-kedifa:connection-master-key-upload-url}
#---------------------------- #----------------------------
#-- #--
...@@ -194,6 +199,26 @@ replicate = ${dynamic-publish-slave-information:rendered} ...@@ -194,6 +199,26 @@ replicate = ${dynamic-publish-slave-information:rendered}
custom-personal = ${dynamic-publish-slave-information:rendered} custom-personal = ${dynamic-publish-slave-information:rendered}
custom-group = ${dynamic-publish-slave-information:rendered} custom-group = ${dynamic-publish-slave-information:rendered}
[request-kedifa]
<= slap-connection
recipe = slapos.cookbook:requestoptional.serialised
config-monitor-cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
config-monitor-username = ${monitor-instance-parameter:username}
config-monitor-password = ${monitor-htpasswd:passwd}
config-slave-list = {{ dumps(slave_instance_list) }}
config-master-reserved-reference = {{ master_reserved_reference }}
{% set frontend_software_url_key = "-frontend-software-release-url" %}
{% if slapparameter_dict.has_key(frontend_software_url_key) %}
software-url = {{ slapparameter_dict.pop(frontend_software_url_key) }}
{% else %}
software-url = ${slap-connection:software-release-url}
{% endif %}
software-type = kedifa
name = kedifa
return = slave-kedifa-information master-key-upload-url master-key-download-url
[rejected-slave-information] [rejected-slave-information]
{% for slave_id, rejected_list in rejected_slave_dict.iteritems() %} {% for slave_id, rejected_list in rejected_slave_dict.iteritems() %}
{{ slave_id }} = {{ dumps(json_module.dumps(rejected_list)) }} {{ slave_id }} = {{ dumps(json_module.dumps(rejected_list)) }}
...@@ -212,6 +237,7 @@ extensions = jinja2.ext.do ...@@ -212,6 +237,7 @@ extensions = jinja2.ext.do
extra-context = extra-context =
section slave_information slave-information section slave_information slave-information
section rejected_slave_information rejected-slave-information section rejected_slave_information rejected-slave-information
key slave_kedifa_information request-kedifa:connection-slave-kedifa-information
[monitor-conf-parameters] [monitor-conf-parameters]
monitor-url-list += monitor-url-list +=
...@@ -227,6 +253,7 @@ parts = ...@@ -227,6 +253,7 @@ parts =
monitor-base monitor-base
publish-slave-information publish-slave-information
publish-information publish-information
request-kedifa
{% for part in part_list %} {% for part in part_list %}
{{ ' %s' % part }} {{ ' %s' % part }}
{% endfor %} {% endfor %}
......
...@@ -17,18 +17,6 @@ ...@@ -17,18 +17,6 @@
"title": "[NOT IMPLEMENTED] SSL CA Certificate", "title": "[NOT IMPLEMENTED] SSL CA Certificate",
"type": "string" "type": "string"
}, },
"apache-certificate": {
"description": "SSL Certificate used by the server.",
"textarea": true,
"title": "SSL Certificate",
"type": "string"
},
"apache-key": {
"description": "SSL Key used by the server.",
"textarea": true,
"title": "SSL Key",
"type": "string"
},
"domain": { "domain": {
"description": "Base Domain for create subdomains (ie.: example.com).", "description": "Base Domain for create subdomains (ie.: example.com).",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$", "pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
......
{%- if slap_software_type == software_type -%}
# KeDiFa instance profile
[buildout]
extends =
{{ parameter_dict['common_profile'] }}
{{ parameter_dict['monitor_template'] }}
parts =
directory
kedifa
slave-kedifa-information
# Create all needed directories
[directory]
recipe = slapos.cookbook:mkdirectory
bin = ${buildout:directory}/bin/
etc = ${buildout:directory}/etc/
srv = ${buildout:directory}/srv/
var = ${buildout:directory}/var/
backup = ${:srv}/backup
log = ${:var}/log
run = ${:var}/run
service = ${:etc}/service
etc-run = ${:etc}/run
promise = ${:etc}/promise
logrotate-backup = ${:backup}/logrotate
logrotate-entries = ${:etc}/logrotate.d
cron-entries = ${:etc}/cron.d
crontabs = ${:etc}/crontabs
cronstamps = ${:etc}/cronstamps
# KeDiFa directories
kedifa-store = ${:srv}/kedifa
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/${:filename}
extra-context =
slapparameter_dict = {{ dumps(instance_parameter['configuration']) }}
slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }}
context =
import json_module json
raw common_profile {{ parameter_dict['common_profile'] }}
key slap_software_type :slap_software_type
key slapparameter_dict :slapparameter_dict
section directory directory
${:extra-context}
[kedifa-config]
ip = {{ instance_parameter['ipv4-random'] }}
port = 8080
store = ${directory:kedifa-store}
[kedifa]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['kedifa'] }}
${kedifa-config:ip}
${kedifa-config:port}
${kedifa-config:store}
wrapper-path = ${directory:service}/kedifa
# Publish KeDiFa configuration for upload and download for each slave
{%- set slave_kedifa_information = {} -%}
{%- set master_reserved_reference = slapparameter_dict['master-reserved-reference'] -%}
{%- for slave in slapparameter_dict['slave-list'] -%}
{%- set slave_reference = slave['slave_reference'] -%}
{%- if slave_reference != master_reserved_reference -%}
{%- set slave_dict = {} -%}
{%- do slave_dict.__setitem__('key-upload-url', 'http://${kedifa-config:ip}:${kedifa-config:port}/%s' % (slave_reference,)) -%}
{%- do slave_dict.__setitem__('key-download-url', 'http://${kedifa-config:ip}:${kedifa-config:port}/%s' % (slave_reference,)) -%}
{%- do slave_kedifa_information.__setitem__(slave_reference, slave_dict) -%}
{%- endif -%}
{% endfor %}
[slave-kedifa-information]
recipe = slapos.cookbook:publish.serialised
slave-kedifa-information = {{ json_module.dumps(slave_kedifa_information) }}
master-key-upload-url = {{ 'http://${kedifa-config:ip}:${kedifa-config:port}/%s' % (master_reserved_reference,) }}
master-key-download-url = {{ 'http://${kedifa-config:ip}:${kedifa-config:port}/%s' % (master_reserved_reference,) }}
{%- endif -%} {# if slap_software_type in software_type #}
...@@ -10,6 +10,10 @@ ...@@ -10,6 +10,10 @@
"description": "Base domain used by the instance", "description": "Base domain used by the instance",
"type": "string" "type": "string"
}, },
"master-key-upload-url": {
"description": "URL to PUT PEM bundle of main certificate and key",
"type": "string"
},
"monitor-base-url": { "monitor-base-url": {
"description": "Base url for monitor", "description": "Base url for monitor",
"type": "string" "type": "string"
......
...@@ -146,20 +146,6 @@ ...@@ -146,20 +146,6 @@
"title": "[NOT Implemented] SSL Certificate Authority's Certificate", "title": "[NOT Implemented] SSL Certificate Authority's Certificate",
"type": "string" "type": "string"
}, },
"ssl_crt": {
"default": "",
"description": "Content of the SSL Certificate file",
"textarea": true,
"title": "SSL Certificate",
"type": "string"
},
"ssl_key": {
"default": "",
"description": "Content of the SSL Key file",
"textarea": true,
"title": "SSL Key",
"type": "string"
},
"ssl_proxy_ca_crt": { "ssl_proxy_ca_crt": {
"default": "", "default": "",
"description": "[NOT Implemented] Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)", "description": "[NOT Implemented] Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
......
...@@ -6,6 +6,10 @@ ...@@ -6,6 +6,10 @@
"description": "Base domain used by the instance", "description": "Base domain used by the instance",
"type": "string" "type": "string"
}, },
"key-upload-url": {
"description": "URL to PUT PEM bundle of certificate and key",
"type": "array"
},
"log-access-url": { "log-access-url": {
"description": "List of URLs to access logs", "description": "List of URLs to access logs",
"type": "array" "type": "array"
......
...@@ -28,6 +28,7 @@ custom-personal = ${dynamic-template-caddy-replicate:rendered} ...@@ -28,6 +28,7 @@ custom-personal = ${dynamic-template-caddy-replicate:rendered}
single-default = ${dynamic-template-caddy-frontend:rendered} single-default = ${dynamic-template-caddy-frontend:rendered}
single-custom-personal = ${dynamic-template-caddy-frontend:rendered} single-custom-personal = ${dynamic-template-caddy-frontend:rendered}
replicate = ${dynamic-template-caddy-replicate:rendered} replicate = ${dynamic-template-caddy-replicate:rendered}
kedifa = ${dynamic-template-kedifa:rendered}
[dynamic-template-caddy-frontend-parameters] [dynamic-template-caddy-frontend-parameters]
{% for key,value in template_frontend_parameter_dict.iteritems() %} {% for key,value in template_frontend_parameter_dict.iteritems() %}
...@@ -63,6 +64,15 @@ extra-context = ...@@ -63,6 +64,15 @@ extra-context =
raw template_monitor {{ monitor2_template }} raw template_monitor {{ monitor2_template }}
raw common_profile {{ common_profile }} raw common_profile {{ common_profile }}
[dynamic-template-kedifa]
< = jinja2-template-base
template = {{ template_kedifa }}
filename = instance-kedifa.cfg
extensions = jinja2.ext.do
extra-context =
section parameter_dict dynamic-template-caddy-frontend-parameters
raw software_type kedifa
[instance-parameter] [instance-parameter]
# Fetches parameters defined in SlapOS Master for this instance. # Fetches parameters defined in SlapOS Master for this instance.
# Always the same. # Always the same.
......
...@@ -6,7 +6,7 @@ import {{ slave_with_cache_configuration_directory }}/*.conf ...@@ -6,7 +6,7 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
# Catch-all and 404 for not configured instances # Catch-all and 404 for not configured instances
:{{ https_port }} { :{{ https_port }} {
tls {{ login_certificate }} {{ login_key }} tls { load {{ master_autocert_dir }} }
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
# Compress the output # Compress the output
gzip gzip
...@@ -30,7 +30,7 @@ import {{ slave_with_cache_configuration_directory }}/*.conf ...@@ -30,7 +30,7 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
# Access to server-status Caddy-style # Access to server-status Caddy-style
https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status { https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
tls {{ login_certificate }} {{ login_key }} tls { load {{ master_autocert_dir }} }
# Compress the output # Compress the output
gzip gzip
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
......
...@@ -36,17 +36,30 @@ sharedscripts = true ...@@ -36,17 +36,30 @@ sharedscripts = true
notifempty = true notifempty = true
create = true create = true
[cadirectory] {% if master_key_download_url %}
recipe = slapos.cookbook:mkdirectory {% do part_list.append(master_reserved_reference) %}
requests = {{ custom_ssl_directory }}/requests/ [{{ master_reserved_reference}}]
private = {{ custom_ssl_directory }}/private/ recipe = slapos.cookbook:wrapper
certs = {{ custom_ssl_directory }}/certs/ destination = {{ master_autocert_dir }}/master.pem
newcerts = {{ custom_ssl_directory }}/newcerts/ command-line = {{ kedifa_getter }} {{ master_key_download_url }} ${:destination}
crl = {{ custom_ssl_directory }}/crl/ filename = {{ master_reserved_reference }}-download
wrapper-path = {{ run_directory }}/${:filename}
{% endif %}
{% if slave_kedifa_information %}
{% set slave_kedifa_information = json_module.loads(slave_kedifa_information) %}
{% else %}
{% set slave_kedifa_information = {} %}
{% endif %}
{# Loop thought slave list to set up slaves #} {# Loop thought slave list to set up slaves #}
{% for slave_instance in slave_instance_list %} {% for slave_instance in slave_instance_list %}
{% set slave_reference = slave_instance.get('slave_reference') %} {% set slave_reference = slave_instance.get('slave_reference') %}
{% set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
{% if slave_kedifa %}
{% set key_download_url = slave_kedifa.get('key-download-url') %}
{% else %}
{% set key_download_url = '' %}
{% endif %}
{% set slave_type = slave_instance.get('type', '') %} {% set slave_type = slave_instance.get('type', '') %}
{% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %} {% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
{% set slave_parameter_dict = generic_instance_parameter_dict.copy() %} {% set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
...@@ -137,66 +150,34 @@ bytes = 8 ...@@ -137,66 +150,34 @@ bytes = 8
{# ################################################## #} {# ################################################## #}
{# Set Slave Certificates if needed #} {# Set Slave Certificates if needed #}
{% set cert_dirname = slave_reference.replace('-','.') %}
{% set autocert_dir = '/'.join([autocert, cert_dirname]) %}
{% do slave_parameter_dict.__setitem__('autocert_dir', autocert_dir) %}
[{{ slave_reference }}-path]
recipe = slapos.cookbook:mkdirectory
cert = {{ autocert_dir }}
{# Set ssl certificates for each slave #} {% do part_list.append(slave_reference) %}
{% for cert_name in ('ssl_ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')%} [{{ slave_reference }}]
{% if cert_name in slave_instance %} recipe = slapos.recipe.template:jinja2
{% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %} destination = {{ '${' + slave_reference + '-path:cert}/slave.pem' }}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %} destination-master = {{ '${' + slave_reference + '-path:cert}/master.pem' }}
{% do part_list.append(cert_title) %} source-master = {{ '${' + master_reserved_reference + ':destination}'}}
{% do slave_parameter_dict.__setitem__(cert_name, cert_file) %} template =
{% do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %} inline:#!/bin/sh
{# Store certificates on fs #} {{ kedifa_getter }} {{ key_download_url }} ${:destination}
[{{ cert_title }}] rm -f ${:destination-master}
< = jinja2-template-base if [ ! -f ${:destination} ] && [ -f ${:source-master} ] ; then
template = {{ empty_template }} ln -sf ${:source-master} ${:destination-master}
rendered = {{ cert_file }} fi
extra-context = filename = {{ slave_reference }}-download
key content {{ cert_title + '-config:value' }} rendered = {{ run_directory }}/${:filename}
# Store certificate in config mode = 700
[{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }}
{% endif %}
{% endfor %}
{#- Set Up Certs #}
{% do slave_instance.__setitem__('login_certificate', login_certificate) %}
{% do slave_instance.__setitem__('login_key', login_key) %}
{% do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %}
{% do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %}
{% do slave_parameter_dict.__setitem__('ssl_key', login_key) %}
{% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
{% set cert_title = '%s-crt' % (slave_reference) %}
{% set key_title = '%s-key' % (slave_reference) %}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{% set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) %}
{% do part_list.append(cert_title) %}
{% do part_list.append(key_title) %}
{% do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
{% do slave_parameter_dict.__setitem__("ssl_key", key_file) %}
{% do slave_instance.__setitem__('path_to_ssl_crt', cert_file) %}
{% do slave_instance.__setitem__('path_to_ssl_key', key_file) %}
[{{key_title}}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ key_file }}
key-content = {{ dumps(slave_instance.get('ssl_key')) }}
extra-context =
key content :key-content
[{{cert_title}}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ cert_file }}
cert-content = {{ dumps(slave_instance.get('ssl_crt')) }}
extra-context =
key content :cert-content
{% endif %}
{# ########################################## #} {# ########################################## #}
{# Set Slave Configuration #} {# Set Slave Configuration #}
[{{ slave_configuration_section_name }}] [{{ slave_configuration_section_name }}]
autocert_dir = {{ autocert_dir }}
https_port = {{ dumps(https_port) }} https_port = {{ dumps(https_port) }}
http_port = {{ dumps(http_port) }} http_port = {{ dumps(http_port) }}
local_ipv4 = {{ dumps(local_ipv4) }} local_ipv4 = {{ dumps(local_ipv4) }}
...@@ -384,6 +365,7 @@ login_key = {{ dumps(login_key) }} ...@@ -384,6 +365,7 @@ login_key = {{ dumps(login_key) }}
access_log = {{ dumps(access_log) }} access_log = {{ dumps(access_log) }}
error_log = {{ dumps(error_log) }} error_log = {{ dumps(error_log) }}
not_found_file = {{ dumps(not_found_file) }} not_found_file = {{ dumps(not_found_file) }}
master_autocert_dir = {{ master_autocert_dir }}
[caddy-log-access] [caddy-log-access]
< = jinja2-template-base < = jinja2-template-base
......
...@@ -3,12 +3,13 @@ ...@@ -3,12 +3,13 @@
RUN_DIR={{ directory_run }} RUN_DIR={{ directory_run }}
ETC_DIR={{ directory_etc }} ETC_DIR={{ directory_etc }}
BIN_DIR={{ directory_bin }} BIN_DIR={{ directory_bin }}
AUTOCERT_DIR={{ directory_autocert }}
CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature CADDY_SIGNATURE_FILE=$RUN_DIR/caddy_configuration.signature
NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature NCADDY_SIGNATURE_FILE=$RUN_DIR/ncaddy_configuration.signature
touch $CADDY_SIGNATURE_FILE touch $CADDY_SIGNATURE_FILE
sha256sum $ETC_DIR/Caddyfile $ETC_DIR/log-access.conf $ETC_DIR/caddy-*.d/*.conf $ETC_DIR/caddy-*.d/ssl/*.*key $ETC_DIR/caddy-*.d/ssl/*.*crt* | sort -k 66 > $NCADDY_SIGNATURE_FILE sha256sum $ETC_DIR/Caddyfile $ETC_DIR/log-access.conf $ETC_DIR/caddy-*.d/*.conf $AUTOCERT_DIR/*/* | sort -k 66 > $NCADDY_SIGNATURE_FILE
# If no diff, no restart for now # If no diff, no restart for now
if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then if diff "$CADDY_SIGNATURE_FILE" "$NCADDY_SIGNATURE_FILE"; then
......
...@@ -35,7 +35,8 @@ ...@@ -35,7 +35,8 @@
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %} {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
status 501 / status 501 /
{%- endif %} {#- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter #} {%- endif %} {#- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter #}
tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} { tls {
load {{ slave_parameter['autocert_dir'] }}
{%- if slave_parameter.get('path_to_ssl_ca_crt') %} {%- if slave_parameter.get('path_to_ssl_ca_crt') %}
# Configuration of accepted clients # Configuration of accepted clients
clients {{ slave_parameter.get('path_to_ssl_ca_crt') }} clients {{ slave_parameter.get('path_to_ssl_ca_crt') }}
......
...@@ -12,7 +12,8 @@ https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_htt ...@@ -12,7 +12,8 @@ https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_htt
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} { tls {
load {{ slave_parameter['autocert_dir'] }}
{%- if slave_parameter.get('path_to_ssl_ca_crt') %} {%- if slave_parameter.get('path_to_ssl_ca_crt') %}
clients {{ slave_parameter.get('path_to_ssl_ca_crt') }} clients {{ slave_parameter.get('path_to_ssl_ca_crt') }}
{%- endif %} {%- endif %}
......
...@@ -59,7 +59,7 @@ import {{ slave_configuration_directory }}/*.conf ...@@ -59,7 +59,7 @@ import {{ slave_configuration_directory }}/*.conf
# Catch-all and 404 for not configured instances # Catch-all and 404 for not configured instances
:{{ port }} { :{{ port }} {
tls {{ ssl_certificate }} {{ ssl_key }} tls { load {{ master_autocert_dir }} }
bind {{ local_ip }} bind {{ local_ip }}
# Serve an error 204 (No Content) for favicon.ico # Serve an error 204 (No Content) for favicon.ico
status 204 /favicon.ico status 204 /favicon.ico
......
...@@ -34,6 +34,13 @@ ...@@ -34,6 +34,13 @@
{% do slave_information_dict[slave_reference].__setitem__('request-error-list', rejected_info_list) %} {% do slave_information_dict[slave_reference].__setitem__('request-error-list', rejected_info_list) %}
{% endfor %} {% endfor %}
{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).iteritems() %}
{% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %}
{% do slave_information_dict[slave_reference].__setitem__('key-upload-url', kedifa_dict['key-upload-url']) %}
{% endfor %}
# Publish information for each slave # Publish information for each slave
{% for slave_reference, slave_information in slave_information_dict.iteritems() %} {% for slave_reference, slave_information in slave_information_dict.iteritems() %}
{% set publish_section_title = 'publish-%s' % slave_reference %} {% set publish_section_title = 'publish-%s' % slave_reference %}
......
...@@ -3,7 +3,7 @@ https://[{{ parameter_dict['global_ipv6'] }}]:{{ parameter_dict['https_port'] }} ...@@ -3,7 +3,7 @@ https://[{{ parameter_dict['global_ipv6'] }}]:{{ parameter_dict['https_port'] }}
bind {{ parameter_dict['local_ipv4'] }} bind {{ parameter_dict['local_ipv4'] }}
root {{ directory }}/ root {{ directory }}/
browse browse
tls {{ parameter_dict['login_certificate'] }} {{ parameter_dict['login_key'] }} tls { load {{ parameter_dict['master_autocert_dir'] }} }
basicauth "{{ slave }}" {{ slave_password[slave] | trim }} { basicauth "{{ slave }}" {{ slave_password[slave] | trim }} {
"Log Access {{ slave }}" "Log Access {{ slave }}"
/ /
......
...@@ -63,6 +63,9 @@ MONITOR_HTTPD_PORT = '13000' ...@@ -63,6 +63,9 @@ MONITOR_HTTPD_PORT = '13000'
MONITOR_F1_HTTPD_PORT = '13001' MONITOR_F1_HTTPD_PORT = '13001'
MONITOR_F2_HTTPD_PORT = '13002' MONITOR_F2_HTTPD_PORT = '13002'
MASTER_KEY = open('wildcard.example.com.crt').read() + \
open('wildcard.example.com.key').read()
# for development: debugging logs and install Ctrl+C handler # for development: debugging logs and install Ctrl+C handler
if os.environ.get('DEBUG'): if os.environ.get('DEBUG'):
...@@ -347,6 +350,16 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -347,6 +350,16 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
cls.server_process.terminate() cls.server_process.terminate()
cls.server_https_process.terminate() cls.server_https_process.terminate()
@classmethod
def setUpMaster(cls):
parameter_dict = cls.computer_partition.getConnectionParameterDict()
master_key_upload_url = parameter_dict['master-key-upload-url']
result = requests.put(master_key_upload_url, data=MASTER_KEY)
assert result.status_code == 201
# run partitions to update information about the key
cls.runComputerPartition()
@classmethod @classmethod
def setUpSlaves(cls): def setUpSlaves(cls):
cls.slave_connection_parameter_dict_dict = {} cls.slave_connection_parameter_dict_dict = {}
...@@ -376,6 +389,7 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -376,6 +389,7 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
try: try:
cls.startServerProcess() cls.startServerProcess()
super(SlaveHttpFrontendTestCase, cls).setUpClass() super(SlaveHttpFrontendTestCase, cls).setUpClass()
cls.setUpMaster()
cls.setUpSlaves() cls.setUpSlaves()
except Exception: except Exception:
cls.tearDownClass() cls.tearDownClass()
...@@ -467,7 +481,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -467,7 +481,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
caddy_custom_https = '''# caddy_custom_https_filled_in_accepted caddy_custom_https = '''# caddy_custom_https_filled_in_accepted
https://caddycustomhttpsaccepted.example.com:%%(https_port)s { https://caddycustomhttpsaccepted.example.com:%%(https_port)s {
bind %%(local_ipv4)s bind %%(local_ipv4)s
tls %%(ssl_crt)s %%(ssl_key)s tls { load %%(autocert_dir)s }
log / %%(access_log)s {combined} log / %%(access_log)s {combined}
errors %%(error_log)s errors %%(error_log)s
...@@ -497,7 +511,7 @@ http://caddycustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -497,7 +511,7 @@ http://caddycustomhttpsaccepted.example.com:%%(http_port)s {
apache_custom_https = '''# apache_custom_https_filled_in_accepted apache_custom_https = '''# apache_custom_https_filled_in_accepted
https://apachecustomhttpsaccepted.example.com:%%(https_port)s { https://apachecustomhttpsaccepted.example.com:%%(https_port)s {
bind %%(local_ipv4)s bind %%(local_ipv4)s
tls %%(ssl_crt)s %%(ssl_key)s tls { load %%(autocert_dir)s }
log / %%(access_log)s {combined} log / %%(access_log)s {combined}
errors %%(error_log)s errors %%(error_log)s
...@@ -530,8 +544,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -530,8 +544,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'domain': 'example.com', 'domain': 'example.com',
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': LOCAL_IPV4, 'public-ipv4': LOCAL_IPV4,
'apache-certificate': open('wildcard.example.com.crt').read(),
'apache-key': open('wildcard.example.com.key').read(),
'-frontend-authorized-slave-string': '-frontend-authorized-slave-string':
'_apache_custom_http_s-accepted _caddy_custom_http_s-accepted', '_apache_custom_http_s-accepted _caddy_custom_http_s-accepted',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
...@@ -860,15 +872,16 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -860,15 +872,16 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'url'].copy() 'url'].copy()
self.assertLogAccessUrlWithPop(parameter_dict, 'url') self.assertLogAccessUrlWithPop(parameter_dict, 'url')
self.assertEqual( self.assertEqual(
parameter_dict,
{ {
'domain': 'url.example.com', 'domain': 'url.example.com',
'key-upload-url': 'http://%s:8080/_url' % (LOCAL_IPV4,),
'replication_number': '1', 'replication_number': '1',
'url': 'http://url.example.com', 'url': 'http://url.example.com',
'site_url': 'http://url.example.com', 'site_url': 'http://url.example.com',
'secure_access': 'https://url.example.com', 'secure_access': 'https://url.example.com',
'public-ipv4': LOCAL_IPV4, 'public-ipv4': LOCAL_IPV4,
} },
parameter_dict
) )
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
...@@ -2259,8 +2272,6 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2259,8 +2272,6 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'domain': 'example.com', 'domain': 'example.com',
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': LOCAL_IPV4, 'public-ipv4': LOCAL_IPV4,
'apache-certificate': open('wildcard.example.com.crt').read(),
'apache-key': open('wildcard.example.com.key').read(),
'-frontend-quantity': 2, '-frontend-quantity': 2,
'-sla-2-computer_guid': 'slapos.test', '-sla-2-computer_guid': 'slapos.test',
'-frontend-2-state': 'stopped', '-frontend-2-state': 'stopped',
...@@ -2331,8 +2342,6 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase, ...@@ -2331,8 +2342,6 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
'domain': 'example.com', 'domain': 'example.com',
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': LOCAL_IPV4, 'public-ipv4': LOCAL_IPV4,
'apache-certificate': open('wildcard.example.com.crt').read(),
'apache-key': open('wildcard.example.com.key').read(),
'enable-http2-by-default': 'false', 'enable-http2-by-default': 'false',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
...@@ -2424,8 +2433,6 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase, ...@@ -2424,8 +2433,6 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
'domain': 'example.com', 'domain': 'example.com',
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': LOCAL_IPV4, 'public-ipv4': LOCAL_IPV4,
'apache-certificate': open('wildcard.example.com.crt').read(),
'apache-key': open('wildcard.example.com.key').read(),
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'nginx_port': NGINX_HTTPS_PORT, 'nginx_port': NGINX_HTTPS_PORT,
...@@ -2615,8 +2622,6 @@ class TestMalformedBackenUrlSlave(SlaveHttpFrontendTestCase, ...@@ -2615,8 +2622,6 @@ class TestMalformedBackenUrlSlave(SlaveHttpFrontendTestCase,
'domain': 'example.com', 'domain': 'example.com',
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': LOCAL_IPV4, 'public-ipv4': LOCAL_IPV4,
'apache-certificate': open('wildcard.example.com.crt').read(),
'apache-key': open('wildcard.example.com.key').read(),
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'nginx_port': NGINX_HTTPS_PORT, 'nginx_port': NGINX_HTTPS_PORT,
...@@ -2754,8 +2759,6 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2754,8 +2759,6 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': LOCAL_IPV4, 'public-ipv4': LOCAL_IPV4,
'enable-quic': 'true', 'enable-quic': 'true',
'apache-certificate': open('wildcard.example.com.crt').read(),
'apache-key': open('wildcard.example.com.key').read(),
'-frontend-authorized-slave-string': '-frontend-authorized-slave-string':
'_apache_custom_http_s-accepted _caddy_custom_http_s-accepted', '_apache_custom_http_s-accepted _caddy_custom_http_s-accepted',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
...@@ -2860,8 +2863,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2860,8 +2863,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
'domain': 'example.com', 'domain': 'example.com',
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': LOCAL_IPV4, 'public-ipv4': LOCAL_IPV4,
'apache-certificate': open('wildcard.example.com.crt').read(),
'apache-key': open('wildcard.example.com.key').read(),
'-frontend-authorized-slave-string': '_caddy_custom_http_s-reject', '-frontend-authorized-slave-string': '_caddy_custom_http_s-reject',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
...@@ -3286,8 +3287,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3286,8 +3287,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
'domain': 'example.com', 'domain': 'example.com',
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': LOCAL_IPV4, 'public-ipv4': LOCAL_IPV4,
'apache-certificate': open('wildcard.example.com.crt').read(),
'apache-key': open('wildcard.example.com.key').read(),
'-frontend-authorized-slave-string': '_caddy_custom_http_s-reject', '-frontend-authorized-slave-string': '_caddy_custom_http_s-reject',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment