Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
*Note*: The system will reject slaves which does not pass validation of caddy configuration, despite them being in ``-frontend-authorized-slave-string``, as otherwise this will lead to the whole frontend to fail.
caddy_custom_http
caddy_custom_http
~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above
*Note*: The system will reject slaves which does not pass validation of caddy configuration, despite them being in ``-frontend-authorized-slave-string``, as otherwise this will lead to the whole frontend to fail.
url
url
~~~
~~~
Necessary to activate cache. ``url`` of backend to use.
Necessary to activate cache. ``url`` of backend to use.
Generally things to be done with ``caddy-frontend``:
Generally things to be done with ``caddy-frontend``:
* tests: drop APACHE switches, as it is not taken care anymore
* tests: add assertion with results of promises in etc/promise for each partition
* tests: add assertion with results of promises in etc/promise for each partition
* check the whole frontend slave snippet with ``caddy -validate`` during buildout run, and reject if does not pass validation
* check the whole frontend slave snippet with ``caddy -validate`` during buildout run, and reject if does not pass validation
* check that all options from ``instance-slave-caddy-input-schema.json`` are safe to be used
* ``apache-ca-certificate`` shall be merged with ``apache-certificate``
* ``apache-ca-certificate`` shall be merged with ``apache-certificate``
* ``apache-ca-certificate`` shall be appended to ``apache-certificate`` if not already there
* ``apache-ca-certificate`` shall be appended to ``apache-certificate`` if not already there
...
@@ -58,6 +58,7 @@ Generally things to be done with ``caddy-frontend``:
...
@@ -58,6 +58,7 @@ Generally things to be done with ``caddy-frontend``:
* reduce the time of configuration validation (in ``instance-apache-frontend.cfg.in`` sections ``[configtest]``, ``[caddy-configuration]``, ``[nginx-configuration]``), as it is not scalable on frontend with 2000+ slaves (takes few minutes instead of few, < 5, seconds), issue posted `upstream <https://github.com/mholt/caddy/issues/2220>`_
* reduce the time of configuration validation (in ``instance-apache-frontend.cfg.in`` sections ``[configtest]``, ``[caddy-configuration]``, ``[nginx-configuration]``), as it is not scalable on frontend with 2000+ slaves (takes few minutes instead of few, < 5, seconds), issue posted `upstream <https://github.com/mholt/caddy/issues/2220>`_
* drop ``6tunnel`` and use ``bind`` in Caddy configuration, as soon as multiple binds will be possible, tracked in upstream `bind: support multiple values <https://github.com/mholt/caddy/pull/2128>`_ and `ipv6: does not bind on ipv4 and ipv6 for sites that resolve to both <https://github.com/mholt/caddy/issues/864>`_
* drop ``6tunnel`` and use ``bind`` in Caddy configuration, as soon as multiple binds will be possible, tracked in upstream `bind: support multiple values <https://github.com/mholt/caddy/pull/2128>`_ and `ipv6: does not bind on ipv4 and ipv6 for sites that resolve to both <https://github.com/mholt/caddy/issues/864>`_
* use caddy-frontend in `standalone style playbooks <https://lab.nexedi.com/nexedi/slapos.package/tree/master/playbook/roles/standalone-shared>`_
* use caddy-frontend in `standalone style playbooks <https://lab.nexedi.com/nexedi/slapos.package/tree/master/playbook/roles/standalone-shared>`_
* in ``templates/apache-custom-slave-list.cfg.in`` avoid repetetive ``part_list.append`` and use macro like in ERP5 SR (cf `Vincent's comment <https://lab.nexedi.com/nexedi/slapos/merge_requests/373#note_64362>`_)
{% set popen = functools_module.partial(subprocess_module.Popen, stdout=subprocess_module.PIPE, stderr=subprocess_module.STDOUT, stdin=subprocess_module.PIPE) %}
{% set part_list = [] %}
{% set part_list = [] %}
{% set single_type_key = 'single-' %}
{% set single_type_key = 'single-' %}
{% if slap_software_type == "replicate" %}
{% if slap_software_type == "replicate" %}
...
@@ -66,25 +67,64 @@ context =
...
@@ -66,25 +67,64 @@ context =
{% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') %}
{% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') %}
{% set authorized_slave_list = [] %}
{% set authorized_slave_list = [] %}
{% set rejected_slave_list = [] %}
{% set rejected_slave_list = [] %}
{% set used_host_list = [] %}
{% for slave in slave_instance_list %}
{% for slave in slave_instance_list %}
{# BBB: apache_custom_https AND apache_custom_http #}
{% set slave_dict = {'state': True} %}
{% if not ((slave.has_key('caddy_custom_http') or slave.has_key('apache_custom_http') or slave.has_key('caddy_custom_https') or slave.has_key('apache_custom_https')) and not slave.get('slave_reference') in authorized_slave_string) %}
{# BBB: apache_custom_https AND apache_custom_http #}
{% set slave_ok = True %}
{% set custom_domain = slave.get('custom_domain') %}
{% if slave.get('url') %}
{% if custom_domain and custom_domain in used_host_list %}
{% if subprocess_module.call([caddy_backend_url_validator, slave['url']]) == 1 %}
{% do slave_dict.__setitem__('state', False) %}
{% set slave_ok = False %}
{% else %}
{% do used_host_list.append(custom_domain) %}
{% endif %}
{% if slave.get('server-alias') %}
{% for slave_alias in slave['server-alias'].split() %}
{% if not validators.domain(slave_alias) %}
{% do slave_dict.__setitem__('state', False) %}
{% else %}
{% if slave_alias in used_host_list %}
{% do slave_dict.__setitem__('state', False) %}
{% else %}
{% do used_host_list.append(slave_alias) %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% if slave.get('https-url') %}
{% endif %}
{% if subprocess_module.call([caddy_backend_url_validator, slave['https-url']]) == 1 %}
{% for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %}
{% set slave_ok = False %}
{% if slave.get(key) %}
{% if not slave.get('slave_reference') in authorized_slave_string %}
{%- endif %} {#- if 'default-path' in slave_parameter #}
{%- endif %} {#- if default_path #}
rewrite {
rewrite {
regexp (.*)
regexp (.*)
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
} {# rewrite #}
} {# rewrite #}
{%- elif slave_type == 'redirect' and backend_url %} {#- if slave_type == 'zope' and backend_url #}
{%- elif slave_type == 'redirect' and backend_url %} {#- if slave_type == 'zope' and backend_url #}
# Redirect configuration
# Redirect configuration
...
@@ -103,12 +109,12 @@
...
@@ -103,12 +109,12 @@
} {# redir #}
} {# redir #}
{%- else %} {#- if slave_type == 'zope' and backend_url #}
{%- else %} {#- if slave_type == 'zope' and backend_url #}
{%- endif %} {#- if 'default-path' in slave_parameter #}
{%- endif %} {#- if default_path #}
rewrite {
rewrite {
regexp (.*)
regexp (.*)
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
"description":"Generate helper scripts to run test suite.",
"default":true,
"type":"boolean"
},
"node-count":{
"description":"Number of tests this instance can execute in parrallel. This must be at least equal to the number of nodes configured on testnode running the test",
"default":3,
"type":"integer"
},
"extra-database-count":{
"description":"Number of extra databases this instance tests will need.",
