Commit e36bc39c authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

Update Release Candidate

parents 75f350ea f93bb882
......@@ -35,6 +35,11 @@ recipe = slapos.recipe.build
shared = true
pyyaml = ${pyyaml-download:target}
pyaml = ${pyaml-download:target}
init =
# add the python executable in the options dict so that
# buildout signature changes if python executable changes
import sys
options['python-executable'] = sys.executable
install =
import os, sys
......
......@@ -48,11 +48,20 @@ md5sum = dbf727a4b0e365bf88d97cbfde590016
environment-extra =
# build Go without testing it
# NOTE go1.4 does not have build cache
make-targets= cd src && unset GOBIN && ./make.bash && cp -alf .. ${:location}
setarch =
make-targets= cd src && unset GOBIN && ${:setarch} ./make.bash && cp -alf .. ${:location}
# go1.4 is used for bootstrap and does not support CGO
environment-extra =
CGO_ENABLED=0
# skip-chown-tests.patch does not apply to go1.4, but we don't run go1.4 tests.
patches =
# go1.4 does not have support for arm64 - build it in arm32 mode
[golang14:platform.machine() == 'aarch64']
setarch = setarch arm
[golang1.12]
<= golang-common
......
......@@ -13,8 +13,8 @@ parts = haproxy
[haproxy]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.haproxy.org/download/2.0/src/haproxy-2.0.29.tar.gz
md5sum = a4c4983c7ed51946bdde1d0eceedd527
url = http://www.haproxy.org/download/2.6/src/haproxy-2.6.7.tar.gz
md5sum = cfa36413f2bc5187ab34ffcdf71914d4
configure-command = true
# for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET,
# otherwise use "generic".
......@@ -22,22 +22,43 @@ configure-command = true
# CPU is generic, and not native, as in SlapOS software released are
# distributed in binary form, which may lead to incompatibility of such
# compilation optimisation across various CPUs
TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
CPU=generic
ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
# By default haproxy is build w/o QUIC support
SSL_INC=${openssl:location}/include
SSL_LIB=${openssl:location}/lib
SSL_ADDLIB=-Wl,-rpath=${openssl:location}/lib
QUIC=
make-options =
TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
CPU=generic
ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
TARGET=${:TARGET}
CPU=${:CPU}
ARCH=${:ARCH}
PREFIX=@@LOCATION@@
USE_DL=1
USE_LUA=1
LUA_INC=${lua:location}/include
LUA_LIB=${lua:location}/lib
USE_OPENSSL=1
SSL_INC=${openssl:location}/include
SSL_LIB=${openssl:location}/lib
SSL_INC=${:SSL_INC}
SSL_LIB=${:SSL_LIB}
${:QUIC}
USE_PCRE=1
USE_ZLIB=1
ZLIB_INC=${zlib:location}/include
ZLIB_LIB=${zlib:location}/lib
ADDLIB="-Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
ADDLIB="${:SSL_ADDLIB} -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
environment =
PATH=${pcre:location}/bin:%(PATH)s
[haproxy-quic]
<= haproxy
SSL_INC=${openssl-quictls:location}/include
SSL_LIB=${openssl-quictls:location}/lib
SSL_ADDLIB=-Wl,-rpath=${openssl-quictls:location}/lib
QUIC=USE_QUIC=1
......@@ -62,48 +62,26 @@ context =
[versions]
Pygments = 2.2.0
astor = 0.5
backports-abc = 0.5
backports.shutil-get-terminal-size = 1.0.0
ipykernel = 4.5.2
ipython = 5.3.0
ipython-genutils = 0.1.0
ipywidgets = 6.0.0
jupyter-client = 5.0.0
jupyter-core = 4.3.0
jupyterlab = 0.26.3
jupyterlab-launcher = 0.3.1
matplotlib = 2.1.2
mistune = 0.7.3
nbformat = 4.3.0
notebook = 4.4.1
prompt-toolkit = 1.0.13
ptyprocess = 0.5.1
pyzmq = 16.0.2
scikit-learn = 0.18.1
seaborn = 0.7.1
simplegeneric = 0.8.1
statsmodels = 0.8.0
terminado = 0.6
tornado = 4.4.2
widgetsnbextension = 2.0.0
traitlets = 4.3.3
# nbconvert 4.2.0 depends on entrypoints egg that is not available as tar/zip source.
nbconvert = 4.1.0
pathlib2 = 2.2.1
patsy = 0.4.1
pexpect = 4.2.1
pickleshare = 0.7.4
scandir = 1.5
singledispatch = 3.4.0.3
wcwidth = 0.1.7
jupyter = 1.0.0
jupyter-console = 5.1.0
qtconsole = 4.3.0
et-xmlfile = 1.0.1
h5py = 2.7.1
mpmath = 1.0.0
openpyxl = 2.5.2
sympy = 1.1.1
xlrd = 1.1.0
jdcal = 1.4
......@@ -69,7 +69,6 @@ scripts =
pythonjupyter
jupyter
jupyter-trust
jupyter-nbconvert
jupyter-console
jupyter-migrate
jupyter-troubleshoot
......@@ -81,6 +80,7 @@ eggs = ${jupyter:eggs}
environment = jupyter-env
scripts =
jupyter-nbconvert
jupyter-nbextension
jupyter-notebook
jupyter-serverextension
......
[buildout]
extends =
../patch/buildout.cfg
parts =
libiconv
[libiconv]
patch-binary = ${patch:location}/bin/patch
patch-options = -p1
patches =
${:_profile_base_location_}/libiconv.gets.patch#8a20d8afe0617fce56f77537d2b84621
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz
md5sum = e34509b1623cec449dfeb73d7ce9c6c6
url = http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.17.tar.gz
md5sum = d718cd5a59438be666d1575855be72c3
--- libiconv-1.14.orig/srclib/stdio.in.h 2011-08-07 13:42:06.000000000 +0000
+++ libiconv-1.14/srclib/stdio.in.h 2013-01-09 19:56:21.115819812 +0000
@@ -680,22 +680,7 @@
#endif
#if @GNULIB_GETS@
-# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
-# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
-# undef gets
-# define gets rpl_gets
-# endif
-_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1)));
-_GL_CXXALIAS_RPL (gets, char *, (char *s));
-# else
-_GL_CXXALIAS_SYS (gets, char *, (char *s));
-# undef gets
-# endif
-_GL_CXXALIASWARN (gets);
-/* It is very rare that the developer ever has full control of stdin,
- so any use of gets warrants an unconditional warning. Assume it is
- always declared, since it is required by C89. */
-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#undef gets
#endif
......@@ -46,6 +46,11 @@ make-targets =
environment =
PERL=${perl:location}/bin/perl
[openssl-quictls]
<= openssl
url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1s+quic1.tar.gz
md5sum = 8ee8e1828879e2b527eca5dcc7923769
[openssl-output]
# Shared binary location to ease migration
recipe = plone.recipe.command
......
......@@ -18,7 +18,7 @@ parts =
python3
[python3]
<= python3.8
<= python3.9
[python3-common]
recipe = slapos.recipe.cmmi
......
[buildout]
parts =
selenium
[selenium]
recipe = zc.recipe.egg
egg = selenium
# patch to support python3.9
selenium-patches = https://github.com/SeleniumHQ/selenium/commit/ddd163b681776292a72c39352581cf5c9d4f88f4.patch#c801fade1cd2019c063a0f0ef7cca3fe
selenium-patch-options = -p2
[versions]
selenium = 3.141.0+SlapOSPatched001
......@@ -38,6 +38,7 @@ environment =
PATH=${nodejs:location}/bin:${pkgconfig:location}/bin:${python3:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${libsecret:pkg-config-path}
LDFLAGS=-Wl,-rpath=${libsecret:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib
NODE_OPTIONS=--max_old_space_size=4096
pre-configure =
mkdir -p $TMPDIR
echo '${package.json:content}' > %(location)s/package.json
......
......@@ -97,8 +97,8 @@ environment =
[xcbproto]
recipe = slapos.recipe.cmmi
shared = true
url = https://xcb.freedesktop.org/dist/xcb-proto-1.13.tar.bz2
md5sum = abe9aa4886138150bbc04ae4f29b90e3
url = https://xcb.freedesktop.org/dist/xcb-proto-1.15.1.tar.gz
md5sum = 3ee98337cda244996fab03df47e09df8
environment =
PATH=${libxml2:location}/bin:%(PATH)s
PYTHON=${buildout:executable}
......
......@@ -95,7 +95,6 @@ Automat = 0.3.0
zope.interface = 4.4.2
Nevow = 0.14.5
PyHamcrest = 2.0.2
Pygments = 2.9.0
Pyro = 3.16
bitarray = 2.1.3
constantly = 15.1.0
......@@ -103,7 +102,6 @@ future = 0.18.2
hyperlink = 21.0.0
incremental = 21.3.0
pathlib = 1.0.1
prompt-toolkit = 3.0.19
zeroconf-py2compat = 0.19.10
# Required by:
......
Changes
=======
Here are listed the most important changes, which might affect upgrades.
1.0.XXX (XXXX-XX-XX)
--------------------
* fix: exposed log file names are stabilised
* feature: in case of not found instance more information are provided
* feature: telemetry is fully disabled
* feature: Apache Traffic Server 8.0 is used
* feature: backend-haproxy statistic for haproxy's frontend is available
* fix: slave publication has been fixed in case of mixed case slave reference
* feature: running test/test.py resolves with starting backend used in tests
* fix: automatic caucase-updater usage has been fixed
* fix/workaround: reconnect to backend-haproxy from Caddy and Apache Traffic Server
* fix/feature: use explicitly Apache Traffic Server simulation of stale-if-error, as in reality Apache Traffic Server does not support it
* feature: dropped not used parameters
* feature: Strict-Transport-Security aka HSTS
* fix: use kedifa with with for file with multiple CAs
* feature: support query string (the characters after ? in the url) in url and https-url
* fix: by having unique acl names fix rare bug of directing traffic to https-url instead of url or otherwise
* feature: failover backend
1.0.164 (2020-09-24)
--------------------
* feature: serve a stale result up to 1 day if the origin server is down
* feature: request real frontend for slave introspection (aka log access)
* fix: Kedifa reloading, it was resulting with kedifa server disallowing access after some time
* feature: allow to set software release for each node, instead for the whole cluster
* fix: haproxy matches correct hostname in case of wildcards, instead of using wildcard host instead of the specific one
1.0.160 (2020-08-25)
--------------------
* haproxy updated from 2.0.15 to 2.0.17 in order to fix issue while accessing inaccessible backends
1.0.159 (2020-07-30)
--------------------
* logs are ensured to be available in slave's ``log-access-url``
* logs from backend Haproxy are also available to slaves
1.0.158 (2020-07-24)
--------------------
* manual customisation of profiles has been dropped, as not used, dropped keys are ``apache_custom_http``, ``apache_custom_https``, ``caddy_custom_http``, ``caddy_custom_https`` from slaves and ``-frontend-authorized-slave-string`` from master
* ``re6st-optimal-test`` has been dropped from slave
* QUIC is dropped, as was not used and has been superseded by HTTP/3, dropped key is ``enable-quic`` from master
* haproxy is used as a gateway to backends:
* ``automatic-internal-backend-client-caucase-csr`` switch for master is introduced to control it CSR signing
* ``proxy-try-duration`` and ``proxy-try-interval`` has been dropped, as Caddy is not used anymore to connect to the backend, and instead ``backend-connect-timeout`` and ``backend-connect-retries`` is used, as it comes from Haproxy
* ``backend-client-caucase-url`` is returned in master and slave, so that backends can use caucase to fetch CA from frontend cluster
* ``request-timeout`` is supported per slave, as now it became possible
* ``authenticate-to-backend`` is added for master and slave, defaulting to False, to have control over cluster default authentication, and make it possible to do it per slave
1.0.149 (2020-05-05)
--------------------
* no changes noted
import {{ slave_configuration_directory }}/*.conf
:{{ https_port }} {
tls {{ master_certificate }} {{ master_certificate }} {
# Allow http2
alpn h2 http/1.1
}
bind {{ local_ipv4 }}
status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 10000000
}
errors {{ error_log }} {
rotate_size 10000000
* {{ not_found_file }}
}
}
:{{ http_port }} {
bind {{ local_ipv4 }}
status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 10000000
}
errors {{ error_log }} {
rotate_size 10000000
* {{ not_found_file }}
}
}
# Access to server-status Caddy-style
https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-certificate'] }} {
# Allow http2
alpn h2 http/1.1
}
bind {{ local_ipv4 }}
basicauth "{{ username }}" {{ password | trim }} {
"Server Status"
/
}
expvar
pprof
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 10000000
}
errors {{ error_log }} {
rotate_size 10000000
* {{ not_found_file }}
}
}
##############################################################################
#
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
# Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
......@@ -25,8 +25,10 @@
#
##############################################################################
import itertools
import json
import os
import sys
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
......@@ -45,9 +47,138 @@ def setUpModule():
setup_module_executed = True
class ERP5InstanceTestCase(SlapOSInstanceTestCase):
# Metaclass to parameterize our tests.
# This is a rough adaption of the parameterized package:
# https://github.com/wolever/parameterized
# Consult following note for rationale why we don't use parameterized:
# https://lab.nexedi.com/nexedi/slapos/merge_requests/1306
class ERP5InstanceTestMeta(type):
"""Adjust ERP5InstanceTestCase instances to be run in several flavours (e.g. NEO/ZEO)
Adjustements can be declared via setting the '__test_matrix__' attribute
of a test case.
A test matrix is a dict which maps the flavoured class name suffix to
a tuple of parameters.
A parameter is a function which receives the instance_parameter_dict
and modifies it in place (therefore no return value is needed).
You can use the 'matrix' helper function to construct a test matrix.
If .__test_matrix__ is 'None' the test case is ignored.
If the test case should be run without any adaptions, you can set
.__test_matrix__ to 'matrix((default,))'.
"""
def __new__(cls, name, bases, attrs):
base_class = super().__new__(cls, name, bases, attrs)
if base_class._isParameterized():
cls._parameterize(base_class)
return base_class
# _isParameterized tells whether class is parameterized.
# All classes with 'metaclass=ERP5InstanceTestMeta' are parameterized
# except from a class which has been automatically instantiated from
# such user class. This exception prevents infinite recursion due to
# a parameterized class which tries to parameterize itself again.
def _isParameterized(self):
return not getattr(self, '.created_by_parametrize', False)
# Create multiple test classes from single definition.
@classmethod
def _parameterize(cls, base_class):
mod_dict = sys.modules[base_class.__module__].__dict__
for class_name_suffix, parameter_tuple in (base_class.__test_matrix__ or {}).items():
parameterized_cls_dict = dict(
base_class.__dict__,
**{
# Avoid infinite loop by a parameterized class which
# parameterize itself again and again and..
".created_by_parametrize": True,
# Switch
#
# .getInstanceParameterDict to ._test_getInstanceParameterDict
# ._base_getInstanceParameterDict to .getInstanceParameterDict
#
# so that we could inject base implementation to be called above
# user-defined getInstanceParameterDict.
"_test_getInstanceParameterDict": base_class.getInstanceParameterDict,
"getInstanceParameterDict": cls._getParameterizedInstanceParameterDict(parameter_tuple)
}
)
name = f"{base_class.__name__}_{class_name_suffix}"
mod_dict[name] = type(name, (base_class,), parameterized_cls_dict)
# _getParameterizedInstanceParameterDict returns a modified version of
# a test cases original 'getInstanceParameterDict'. The modified version
# applies parameters on the default instance parameters.
@staticmethod
def _getParameterizedInstanceParameterDict(parameter_tuple):
@classmethod
def getInstanceParameterDict(cls):
instance_parameter_dict = json.loads(
cls._test_getInstanceParameterDict().get("_", r"{}")
)
[p(instance_parameter_dict) for p in parameter_tuple]
return {"_": json.dumps(instance_parameter_dict)}
return getInstanceParameterDict
# Hide tests in unpatched base class: It doesn't make sense to run tests
# in original class, because parameters have not been assigned yet.
#
# We can't simply call 'delattr', because this wouldn't remove
# inherited tests. Overriding dir is sufficient, because this is
# the way how unittest discovers tests:
# https://github.com/python/cpython/blob/3.11/Lib/unittest/loader.py#L237
def __dir__(self):
if self._isParameterized():
return [attr for attr in super().__dir__() if not attr.startswith('test')]
return super().__dir__()
def matrix(*parameter_tuple):
"""matrix creates a mapping of test_name -> parameter_tuple.
Each provided parameter_tuple won't be combined within itself,
but with any other provided parameter_tuple, for instance
>>> parameter_tuple0 = (param0, param1)
>>> parameter_tuple1 = (param2, param3)
>>> matrix(parameter_tuple0, parameter_tuple1)
will return all options of (param0 | param1) & (param2 | param3):
- param0_param2
- param0_param3
- param1_param2
- param1_param3
"""
return {
"_".join([p.__name__ for p in params]): params
for params in itertools.product(*parameter_tuple)
}
# Define parameters (function which receives instance params + modifies them).
#
# default runs tests without any adaption
def default(instance_parameter_dict): ...
def zeo(instance_parameter_dict):
instance_parameter_dict['zodb'] = [{"type": "zeo", "server": {}}]
def neo(instance_parameter_dict):
# We don't provide encryption certificates in test runs for the sake
# of simplicity. By default SSL is turned on, we need to explicitly
# deactivate it:
# https://lab.nexedi.com/nexedi/slapos/blob/a8150a1ac/software/neoppod/instance-neo-input-schema.json#L61-65
instance_parameter_dict['zodb'] = [{"type": "neo", "server": {"ssl": False}}]
class ERP5InstanceTestCase(SlapOSInstanceTestCase, metaclass=ERP5InstanceTestMeta):
"""ERP5 base test case
"""
__test_matrix__ = matrix((zeo, neo)) # switch between NEO and ZEO mode
@classmethod
def getRootPartitionConnectionParameterDict(cls):
"""Return the output paramters from the root partition"""
......
......@@ -25,7 +25,7 @@ from slapos.testing.testcase import ManagedResource
from slapos.testing.utils import (CrontabMixin, ManagedHTTPServer,
findFreeTCPPort)
from . import ERP5InstanceTestCase, setUpModule
from . import ERP5InstanceTestCase, setUpModule, matrix, default
setUpModule # pyflakes
......@@ -132,6 +132,12 @@ class CaucaseService(ManagedResource):
class BalancerTestCase(ERP5InstanceTestCase):
# We explicitly specify 'balancer' as our software type here,
# therefore we don't request ZODB. We therefore don't
# need to run these tests with both NEO and ZEO mode,
# it wouldn't make any difference.
# https://lab.nexedi.com/nexedi/slapos/blob/273037c8/stack/erp5/instance.cfg.in#L216-230
__test_matrix__ = matrix((default,))
@classmethod
def getInstanceSoftwareType(cls):
......
##############################################################################
#
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
# Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
......@@ -46,7 +46,7 @@ import xmlrpc.client
import urllib3
from slapos.testing.utils import CrontabMixin
from . import ERP5InstanceTestCase, setUpModule
from . import ERP5InstanceTestCase, setUpModule, matrix, default
setUpModule # pyflakes
......@@ -119,6 +119,7 @@ class TestDefaultParameters(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
"""Test ERP5 can be instantiated with no parameters
"""
__partition_reference__ = 'defp'
__test_matrix__ = matrix((default,))
class TestMedusa(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
......@@ -310,6 +311,7 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac
"""Test override zope node parameters
"""
__partition_reference__ = 'override'
__test_matrix__ = matrix((default,))
@classmethod
def getInstanceParameterDict(cls):
......
......@@ -45,6 +45,9 @@ from slapos.testing.utils import getPromisePluginParameterDict
from . import ERP5InstanceTestCase
from . import setUpModule
from . import matrix
from . import default
setUpModule # pyflakes
......@@ -52,6 +55,12 @@ class MariaDBTestCase(ERP5InstanceTestCase):
"""Base test case for mariadb tests.
"""
__partition_reference__ = 'm'
# We explicitly specify 'mariadb' as our software type here,
# therefore we don't request ZODB. We therefore don't
# need to run these tests with both NEO and ZEO mode,
# it wouldn't make any difference.
# https://lab.nexedi.com/nexedi/slapos/blob/273037c8/stack/erp5/instance.cfg.in#L216-230
__test_matrix__ = matrix((default,))
@classmethod
def getInstanceSoftwareType(cls):
......
# Copyright (C) 2021 Nexedi SA and Contributors.
# Copyright (C) 2022 Nexedi SA and Contributors.
#
# This program is free software: you can Use, Study, Modify and Redistribute
# it under the terms of the GNU General Public License version 3, or (at your
......@@ -43,6 +43,18 @@ class TestWCFS(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
"""
__partition_reference__ = 'wcfs'
# Only run in ZEO mode; don't run with NEO.
# Current NEO/py and NEO/go versions have interoperability
# issues. Once these issues are fixed the following
# lines have to be removed so that test case runs agains NEO.
# Please see the following MR for more context:
# https://lab.nexedi.com/nexedi/slapos/merge_requests/1283#note_174854
@classmethod
def setUpClass(cls):
if json.loads(cls.getInstanceParameterDict()["_"])['zodb'][0]["type"] == "neo":
raise unittest.SkipTest("Not yet fixed WCFS+NEO interoperability issue.")
super().setUpClass()
@classmethod
def getInstanceParameterDict(cls):
return {'_': json.dumps({'wcfs': {'enable': True}})}
......
......@@ -46,7 +46,7 @@ from slapos.testing.testcase import (
makeModuleSetUpAndTestCaseClass,
)
old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.7/software/erp5/software.cfg'
old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.8/software/erp5/software.cfg'
new_software_release_url = os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'software.cfg'))
......
......@@ -13,6 +13,7 @@ extends =
../../component/nginx/buildout.cfg
../../component/openssl/buildout.cfg
../../component/curl/buildout.cfg
../../component/selenium/buildout.cfg
./buildout.hash.cfg
parts =
......@@ -36,7 +37,7 @@ parts =
recipe = zc.recipe.egg
eggs =
erp5.util
selenium
${selenium:egg}
certifi
${lxml-python:egg}
interpreter = pythonwitheggs
......@@ -126,6 +127,3 @@ output = ${buildout:directory}/template-nginx.cfg.in
[template-runTestSuite]
<= macro-template
output = ${buildout:directory}/runTestSuite.in
[versions]
selenium = 3.141.0
......@@ -43,64 +43,3 @@ output = ${buildout:directory}/template.cfg
[instance-jupyter]
<= download-file-base
[versions]
Pygments = 2.7.2
astor = 0.5
async-generator = 1.10
backports-abc = 0.5
backports.shutil-get-terminal-size = 1.0.0
bleach = 3.2.1
defusedxml = 0.6.0
entrypoints = 0.3
ipykernel = 5.3.4:whl
ipython = 5.3.0
ipython-genutils = 0.1.0
ipywidgets = 6.0.0
jupyter-client = 6.1.7
jupyter-core = 4.7.0
jupyterlab = 0.26.3
jupyterlab-launcher = 0.3.1
jupyterlab-pygments = 0.1.2
matplotlib = 2.1.2
mistune = 0.8.4
nest-asyncio = 1.4.3
nbclient = 0.5.1
nbformat = 5.0.8
notebook = 6.1.5
pandocfilters = 1.4.3
prompt-toolkit = 1.0.13
ptyprocess = 0.5.1
pyzmq = 20.0.0
scikit-learn = 0.20.4
seaborn = 0.7.1
simplegeneric = 0.8.1
statsmodels = 0.11.1
testpath = 0.4.4
terminado = 0.9.1
tornado = 6.1
traitlets = 5.0.5
webencodings = 0.5.1
widgetsnbextension = 2.0.0
Send2Trash = 1.5.0
argon2-cffi = 20.1.0
nbconvert = 6.0.7
pathlib2 = 2.2.1
patsy = 0.5.1
pexpect = 4.8.0
pickleshare = 0.7.4
prometheus-client = 0.9.0
scandir = 1.5
pytz = 2020.4
singledispatch = 3.4.0.3
wcwidth = 0.1.7
jupyter = 1.0.0
jupyter-console = 5.1.0
qtconsole = 4.3.0
et-xmlfile = 1.0.1
h5py = 2.7.1
mpmath = 1.0.0
openpyxl = 2.5.2
sympy = 1.1.1
xlrd = 1.1.0
jdcal = 1.4
......@@ -31,6 +31,7 @@ import json
import os
import requests
import sqlite3
import subprocess
from slapos.proxy.db_version import DB_VERSION
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
......@@ -268,3 +269,67 @@ class TestJupyterCustomAdditional(SelectMixin, InstanceTestCase):
# clean up the fake master
r.destroyed()
class TestIPython(InstanceTestCase):
converted_notebook = 'test.nbconvert.ipynb'
notebook_filename = 'test.ipynb'
test_sentence = 'test'
def setUp(self):
super().setUp()
notebook_source = {
"cells": [
{
"cell_type": "code",
"execution_count": None,
"metadata": {},
"outputs": [],
"source": [
"import sys\n",
"print('" + self.test_sentence + "')"
]
}
],
"metadata": {},
"nbformat": 4,
"nbformat_minor": 4
}
with open(self.notebook_filename, 'w') as notebook:
notebook.write(json.dumps(notebook_source))
def tearDown(self):
os.remove(self.notebook_filename)
if os.path.exists(self.converted_notebook):
os.remove(self.converted_notebook)
super().tearDown()
def test(self):
conversion_output = subprocess.check_output([
os.path.join(
self.computer_partition_root_path,
'software_release',
'bin',
'jupyter-nbconvert',
),
'--execute',
'--to',
'notebook',
self.notebook_filename,
], stderr=subprocess.STDOUT, text=True)
self.assertIn(
'[NbConvertApp] Converting notebook %s to notebook' % self.notebook_filename,
conversion_output,
)
self.assertRegex(
conversion_output,
r'\[NbConvertApp\] Writing \d+ bytes to %s' % self.converted_notebook
)
self.assertTrue(os.path.exists(self.converted_notebook))
with open(self.converted_notebook) as json_result:
self.assertEqual(
json.loads(json_result.read())['cells'][0]['outputs'][0]['text'][0],
self.test_sentence + '\n',
)
==============
Caddy Frontend
==============
=========
Rapid.CDN
=========
Frontend system using Caddy, based on apache-frontend software release, allowing to rewrite and proxy URLs like myinstance.myfrontenddomainname.com to real IP/URL of myinstance.
Software release which provides CDN - Content Delivery Network. It has a lot of features like:
Caddy Frontend works using the master instance / slave instance design. It means that a single main instance of Caddy will be used to act as frontend for many slaves.
This documentation covers only specific scenarios. Most of the parameters are described in `software.cfg.json <software.cfg.json>`_.
Software type
=============
Caddy frontend is available in 4 software types:
* ``default`` : The standard way to use the Caddy frontend configuring everything with a few given parameters
* ``custom-personal`` : This software type allow each slave to edit its Caddy configuration file
* ``default-slave`` : XXX
* ``custom-personal-slave`` : XXX
* provides cluster of exposed nodes in various regions
* handles zero knowledge for SSL certificates
* by using concept of SlapOS Master slaves allows user to request frontends with specific configuration
* provides various frontend types
This documentation is fully minimalistict, as `software.cfg.json <software.cfg.json>`_ contains most of explanations.
About frontend replication
==========================
......@@ -40,21 +33,19 @@ For example::
<parameter id="-frontend-type">custom-personal</parameter>
<parameter id="-frontend-2-state">stopped</parameter>
<parameter id="-sla-3-computer_guid">COMP-1234</parameter>
<parameter id="-frontend-3-software-release-url">https://lab.nexedi.com/nexedi/slapos/raw/someid/software/caddy-frontend/software.cfg</parameter>
<parameter id="-frontend-3-software-release-url">https://lab.nexedi.com/nexedi/slapos/raw/someid/software/rapid-cdn/software.cfg</parameter>
will request the third frontend on COMP-1234 and with SR https://lab.nexedi.com/nexedi/slapos/raw/someid/software/caddy-frontend/software.cfg. All frontends will be of software type ``custom-personal``. The second frontend will be requested with the state stopped.
will request the third frontend on COMP-1234 and with SR https://lab.nexedi.com/nexedi/slapos/raw/someid/software/rapid-cdn/software.cfg. All frontends will be of software type ``custom-personal``. The second frontend will be requested with the state stopped.
*Note*: the way slaves are transformed to a parameter avoid modifying more than 3 lines in the frontend logic.
**Important NOTE**: The way you ask for slave to a replicate frontend is the same as the one you would use for the software given in "-frontend-quantity". Do not forget to use "replicate" for software type. XXXXX So far it is not possible to do a simple request on a replicate frontend if you do not know the software_guid or other sla-parameter of the master instance. In fact we do not know yet the software type of the "requested" frontends. TO BE IMPLEMENTED
How to deploy a frontend server
===============================
This is to deploy an entire frontend server with a public IPv4. If you want to use an already deployed frontend to make your service available via ipv4, switch to the "Example" parts.
First, you will need to request a "master" instance of Caddy Frontend with:
First, you will need to request a "master" instance of Rapid.CDN with:
* A ``domain`` parameter where the frontend will be available
......@@ -65,10 +56,10 @@ like::
<parameter id="domain">moulefrite.org</parameter>
</instance>
Then, it is possible to request many slave instances (currently only from slapconsole, UI doesn't work yet) of Caddy Frontend, like::
Then, it is possible to request many slave instances (currently only from slapconsole, UI doesn't work yet) of Rapid.CDN , like::
instance = request(
software_release=caddy_frontend,
software_release=rapid_cdn,
partition_reference='frontend2',
shared=True,
partition_parameter_kw={"url":"https://[1:2:3:4]:1234/someresource"}
......@@ -81,9 +72,7 @@ Finally, the slave instance will be accessible from: https://someidentifier.moul
About SSL and SlapOS Master Zero Knowledge
==========================================
**IMPORTANT**: One Caddy can not serve more than one specific SSL site and be compatible with obsolete browser (i.e.: IE8). See http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
SSL keys and certificates are directly send to the frontend cluster in order to follow zero knowledge principle of SlapOS Master.
**IMPORTANT**: Old browsers, like Internet Explorer 8, which do not supporting `SNI <http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI>`_ might not be able to use SSL based endpoints (https).
*Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate. This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs.
......@@ -186,11 +175,11 @@ Using the IP given by the Master Instance. "domain" is a mandatory Parameter.
port
~~~~
Port used by Caddy. Optional parameter, defaults to 4443.
Port used by Rapid.CDN. Optional parameter, defaults to 4443.
plain_http_port
~~~~~~~~~~~~~~~
Port used by Caddy to serve plain http (only used to redirect to https).
Port used by Rapid.CDN to serve plain http (only used to redirect to https).
Optional parameter, defaults to 8080.
......@@ -247,7 +236,7 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
redirected and accessible from the proxy::
instance = request(
software_release=caddy_frontend,
software_release=rapid_cdn,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
......@@ -265,7 +254,7 @@ https://[1:2:3:4:5:6:7:8]:1234 will be redirected and accessible from the
proxy::
instance = request(
software_release=caddy_frontend,
software_release=rapid_cdn,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
......@@ -285,7 +274,7 @@ https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
the proxy::
instance = request(
software_release=caddy_frontend,
software_release=rapid_cdn,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
......@@ -304,65 +293,13 @@ Simple Example
Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
instance = request(
software_release=caddy_frontend,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
software_type="custom-personal",
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
Simple Cache Example - XXX - to be written
------------------------------------------
Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
instance = request(
software_release=caddy_frontend,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
software_type="custom-personal",
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
"domain": "www.example.org",
"enable_cache": "True",
Advanced example - XXX - to be written
--------------------------------------
Request slave frontend instance using custom apache configuration, willing to use cache and ssl certificates.
Listening to a custom domain and redirecting to /erp5/ so that
https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
the proxy::
instance = request(
software_release=caddy_frontend,
software_release=rapid_cdn,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
software_type="custom-personal",
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
"enable_cache":"true",
"type":"zope",
"path":"/erp5",
"domain":"example.org",
"ssl_key":"-----BEGIN RSA PRIVATE KEY-----
XXXXXXX..........XXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----",
"ssl_crt":'-----BEGIN CERTIFICATE-----
XXXXXXXXXXX.............XXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----',
"ssl_ca_crt":'-----BEGIN CERTIFICATE-----
XXXXXXXXX...........XXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----',
"ssl_csr":'-----BEGIN CERTIFICATE REQUEST-----
XXXXXXXXXXXXXXX.............XXXXXXXXXXXXXXXXXX
-----END CERTIFICATE REQUEST-----',
}
)
Promises
========
......@@ -415,8 +352,7 @@ Solution 2 (network capability)
It is also possible to directly allow the service to listen on 80 and 443 ports using the following command::
setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$CADDY_FRONTEND_SOFTWARE_RELEASE_MD5/go.work/bin/caddy
setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$CADDY_FRONTEND_SOFTWARE_RELEASE_MD5/parts/6tunnel/bin/6tunnel
setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$RAPID_CDN_SOFTWARE_RELEASE_MD5/parts/haproxy/sbin/haproxy
Then specify in the master instance parameters:
......@@ -450,7 +386,7 @@ Keep the naming in instance profiles:
Instantiated cluster structure
------------------------------
Instantiating caddy-frontend results with a cluster in various partitions:
Instantiating Rapid.CDN results with a cluster in various partitions:
* master (the controlling one)
* kedifa (contains kedifa server)
......@@ -458,20 +394,20 @@ Instantiating caddy-frontend results with a cluster in various partitions:
It means sites are served in ``frontend-node-N`` partition, and this partition is structured as:
* Caddy serving the browser [client-facing-caddy]
* Haproxy serving the browser [client-facing-haproxy]
* (optional) Apache Traffic Server for caching [ats]
* Haproxy as a way to communicate to the backend [backend-facing-haproxy]
* some other additional tools (6tunnel, monitor, etc)
* some other additional tools (monitor, etc)
In case of slaves without cache (``enable_cache = False``) the request will travel as follows::
client-facing-caddy --> backend-facing-haproxy --> backend
client-facing-haproxy --> backend-facing-haproxy --> backend
In case of slaves using cache (``enable_cache = True``) the request will travel as follows::
client-facing-caddy --> ats --> backend-facing-haproxy --> backend
client-facing-haproxy --> ats --> backend-facing-haproxy --> backend
Usage of Haproxy as a relay to the backend allows much better control of the backend, removes the hassle of checking the backend from Caddy and allows future developments like client SSL certificates to the backend or even health checks.
Usage of Haproxy as a relay to the backend allows much better control of the backend, removes the hassle of checking the backend from frontend Haproxy and allows future developments like client SSL certificates to the backend or even health checks.
Kedifa implementation
---------------------
......@@ -487,7 +423,7 @@ If ``automatic-internal-kedifa-caucase-csr`` is enabled (by default it is) there
Support for X-Real-Ip and X-Forwarded-For
-----------------------------------------
X-Forwarded-For and X-Real-Ip are transmitted to the backend, but only for IPv4 access to the frontend. In case of IPv6 access, the provided IP will be wrong, because of using 6tunnel.
X-Forwarded-For and X-Real-Ip are transmitted to the backend.
Automatic Internal Caucase CSR
------------------------------
......@@ -517,3 +453,30 @@ Having in mind such structure:
In ``caucase-instance`` CAUCASE user is created by automatically signing one user certificate, which allows to sign service certificates.
The ``csr-instance`` creates CSR, extracts the ID of the CSR, exposes it via HTTP and ask caucase on ``caucase-instance`` to sign it. The ``caucase-instance`` checks that exposed CSR id matches the one send to caucase and by using created user to signs it.
Content-Type header
~~~~~~~~~~~~~~~~~~~
The ``Content-Type`` header is not modified by the CDN at all. Previous implementation based on Caddy software tried to guess it.
Date header
~~~~~~~~~~~
The ``Date`` is added only if not sent by the backend. It's done on backend-facing component and kept in caching component as is. Previous implementation was adding this header in the cache component.
websocket
~~~~~~~~~
All frontends are websocket aware now, and ``type:websocket`` parameter became optional. It's required if support for ``websocket-path-list`` or ``websocket-transparent`` is required.
Experimental QuicTLS
~~~~~~~~~~~~~~~~~~~~
`QuicTLS <https://github.com/quictls/openssl>`_ can be used instead of classic OpenSSL on given node by using parameter ``-frontend-i-experimental-haproxy-flavour`` and setting it to ``quic``. This allows to test out if there are any issues with QuicTLS are with normal usage.
Experimental QUIC
~~~~~~~~~~~~~~~~~
QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too.
Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS.
......@@ -14,7 +14,7 @@
# not need these here).
[template]
filename = instance.cfg.in
md5sum = d408adbd12d4161c22fe9c29118fd83e
md5sum = a7cd4f5e23208bd9bf37cec03ad92fcd
[profile-common]
filename = instance-common.cfg.in
......@@ -22,35 +22,35 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend]
filename = instance-frontend.cfg.in
md5sum = 7c966ea975cea4dcea09281466df8082
md5sum = daf89318c2c155132c34b91105c68806
[profile-master]
filename = instance-master.cfg.in
md5sum = cfd5212f27696311f12c92dfce32cc59
md5sum = b026a6df40f3d1090ceaa3451a9293fe
[profile-slave-list]
filename = instance-slave-list.cfg.in
md5sum = aba91817a1b58377597500f676603d23
md5sum = ca2e775e7bd2a96e46113a628461a46f
[profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in
md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-caddy-frontend-configuration]
_update_hash_filename_ = templates/Caddyfile.in
md5sum = 9600df12af5787227825ddffd715b9cf
[template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = 4af0e29ac2399aac10de116b4fa3ac25
[template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in
md5sum = 13c294af9950939c76021eb19305f3ab
[template-not-found-html]
_update_hash_filename_ = templates/notfound.html
md5sum = 88af61e7abbf30dc99a1a2526161128d
[template-default-slave-virtualhost]
_update_hash_filename_ = templates/default-virtualhost.conf.in
md5sum = 57c86795293b11300a036f5f8cf2c868
md5sum = d56e2cfab274cbbbe5b387f2f6e417df
[template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = 81c73a4995409acb548621e5fb11d481
md5sum = b4b55d931249f11e4e1256afeb74b503
[template-empty]
_update_hash_filename_ = templates/empty.in
......@@ -104,6 +104,10 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
filename = instance-kedifa.cfg.in
md5sum = d790e23ebf7b07bb245322629d402551
[template-frontend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
md5sum = 420f66264d4cd24070a5a7b325e09ccd
[template-backend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
md5sum = ba91b7778c3d730353d42d7804ef8050
......
{% import "caucase" as caucase with context %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- if instance_parameter_dict.get('configuration.frontend-haproxy-flavour', 'basic') == 'quic' %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
{%- if instance_parameter_dict.get('configuration.frontend-haproxy-quic', 'false').lower() in TRUE_VALUES %}
{%- set FRONTEND_HAPROXY_QUIC = True %}
{%- else %}
{%- set FRONTEND_HAPROXY_QUIC = False %}
{%- endif %}
{%- else %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_executable'] %}
{%- set FRONTEND_HAPROXY_QUIC = False %}
{%- endif %}
{%- set BACKEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_executable'] %}
[buildout]
extends =
{{ software_parameter_dict['profile_common'] }}
......@@ -8,21 +20,13 @@ extends =
parts =
directory
logrotate-entry-caddy
caddy-frontend
software-py
switch-frontend-softwaretype
caucase-updater
caucase-updater-promise
backend-client-caucase-updater
backend-client-caucase-updater-promise
frontend-caddy-graceful
port-redirection
promise-frontend-caddy-configuration
promise-caddy-frontend-v4-https
promise-caddy-frontend-v4-http
promise-caddy-frontend-v6-https
promise-caddy-frontend-v6-http
promise-logrotate-setup
trafficserver-launcher
......@@ -37,13 +41,23 @@ parts =
trafficserver-promise-listen-port
trafficserver-promise-cache-availability
cron-entry-logrotate-trafficserver
## Monitor for Caddy
## Monitor
monitor-base
monitor-ats-cache-stats-wrapper
monitor-traffic-summary-last-stats-wrapper
monitor-caddy-server-status-wrapper
monitor-verify-re6st-connectivity
frontend-haproxy-rsyslogd-configuration
frontend-haproxy-rsyslogd
logrotate-entry-frontend-haproxy
frontend-haproxy
frontend-haproxy-graceful
promise-frontend-frontend-haproxy-configuration
promise-frontend-haproxy-v4-https
promise-frontend-haproxy-v4-http
promise-frontend-haproxy-v6-https
promise-frontend-haproxy-v6-http
backend-haproxy-rsyslogd-configuration
backend-haproxy-rsyslogd
logrotate-entry-backend-haproxy
......@@ -147,6 +161,7 @@ backup = ${:srv}/backup
log = ${:var}/log
run = ${:var}/run
backend-haproxy-rsyslogd-spool = ${:run}/backend-haproxy-rsyslogd-spool
frontend-haproxy-rsyslogd-spool = ${:run}/frontend-haproxy-rsyslogd-spool
service = ${:etc}/service
etc-run = ${:etc}/run
......@@ -175,8 +190,6 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output
[frontend-configuration]
ip-access-certificate = ${self-signed-ip-access:certificate}
caddy-ipv6 = {{ instance_parameter_dict['ipv6-random'] }}
caddy-https-port = ${configuration:port}
slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf
slave-introspection-https-port = ${configuration:slave-introspection-https-port}
slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access}
......@@ -187,7 +200,7 @@ recipe = plone.recipe.command
update-command = ${:command}
ipv6 = ${slap-configuration:ipv6-random}
ipv4 = {{instance_parameter_dict['ipv4-random']}}
certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
certificate = ${frontend-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
{#- Can be stopped on error, as does not rely on self provided service #}
stop-on-error = True
command =
......@@ -211,7 +224,7 @@ recipe = plone.recipe.command
update-command = ${:command}
ipv6 = ${slap-configuration:ipv6-random}
ipv4 = {{instance_parameter_dict['ipv4-random']}}
certificate = ${caddy-directory:master-autocert-dir}/fallback-access.crt
certificate = ${frontend-directory:master-autocert-dir}/fallback-access.crt
{#- Can be stopped on error, as does not rely on self provided service #}
stop-on-error = True
command =
......@@ -244,7 +257,9 @@ context =
[software-release-path]
template-empty = {{ software_parameter_dict['template_empty'] }}
template-default-slave-virtualhost = {{ software_parameter_dict['template_default_slave_virtualhost'] }}
template-frontend-haproxy-configuration = {{ software_parameter_dict['template_frontend_haproxy_configuration'] }}
template-frontend-haproxy-crt-list = {{ software_parameter_dict['template_frontend_haproxy_crt_list'] }}
template-frontend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_frontend_haproxy_rsyslogd_conf'] }}
template-backend-haproxy-configuration = {{ software_parameter_dict['template_backend_haproxy_configuration'] }}
template-backend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_backend_haproxy_rsyslogd_conf'] }}
template-expose-csr-nginx-conf = {{ software_parameter_dict['template_expose_csr_nginx_conf'] }}
......@@ -357,114 +372,108 @@ backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url']
partition_ipv6 = ${slap-configuration:ipv6-random}
url-ready-file = ${directory:var}/url-ready.txt
extra-context =
key caddy_configuration_directory caddy-directory:slave-configuration
key backend_client_caucase_url :backend-client-caucase-url
import furl_module furl
import urllib_module urllib
import operator_module operator
key master_key_download_url :master_key_download_url
key autocert caddy-directory:autocert
key caddy_log_directory caddy-directory:slave-log
key url_ready_file :url-ready-file
key expose_csr_organization :organization
key expose_csr_organizational_unit :organizational-unit
key global_ipv6 slap-configuration:ipv6-random
key empty_template software-release-path:template-empty
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key template_expose_csr_nginx_conf software-release-path:template-expose-csr-nginx-conf
key software_type :software_type
key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:output
key frontend_lazy_graceful_reload frontend-haproxy-lazy-graceful:output
key monitor_base_url monitor-instance-parameter:monitor-base-url
key node_id frontend-node-id:value
key version_hash version-hash:value
key software_release_url version-hash:software-release-url
key node_information frontend-node-information:value
key custom_ssl_directory caddy-directory:custom-ssl-directory
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:output
# BBB: SlapOS Master non-zero knowledge END
key custom_ssl_directory frontend-directory:custom-ssl-directory
## frontend haproxy
key template_frontend_haproxy_configuration software-release-path:template-frontend-haproxy-configuration
key template_frontend_haproxy_crt_list software-release-path:template-frontend-haproxy-crt-list
## backend haproxy
key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration
## Configuration passed by section
section frontend_directory frontend-directory
section configuration configuration
section frontend_haproxy_configuration frontend-haproxy-configuration
section backend_haproxy_configuration backend-haproxy-configuration
section instance_parameter_dict instance-parameter-section
section frontend_configuration frontend-configuration
section caddy_configuration caddy-configuration
section kedifa_configuration kedifa-configuration
section software_parameter_dict software-parameter-section
# Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template]
< = jinja2-template-base
url = {{ software_parameter_dict['template_caddy_frontend_configuration'] }}
output = ${caddy-configuration:frontend-configuration}
# Deploy frontend with Jinja power
[frontend-haproxy-rsyslogd-config]
log-socket = ${directory:run}/fhlog.sck
log-file = ${directory:log}/frontend-haproxy.log
pid-file = ${directory:run}/frontend-haproxy-rsyslogd.pid
spool-directory = ${directory:frontend-haproxy-rsyslogd-spool}
graceful-command = kill -HUP $(cat ${:pid-file})
slave-log-directory = ${frontend-directory:slave-log}
[frontend-haproxy-rsyslogd-configuration]
<= jinja2-template-base
url = ${software-release-path:template-frontend-haproxy-rsyslogd-conf}
output = ${directory:etc}/frontend-haproxy-rsyslogd.conf
local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
extra-context =
key instance_home buildout:directory
key master_certificate caddy-configuration:master-certificate
key access_log caddy-configuration:access-log
key slave_configuration_directory caddy-directory:slave-configuration
key master_certificate frontend-haproxy-configuration:master-certificate
key access_log frontend-haproxy-configuration:access-log
key slave_configuration_directory frontend-directory:slave-configuration
section frontend_configuration frontend-configuration
key http_port configuration:plain_http_port
key https_port configuration:port
key global_ipv6 slap-configuration:ipv6-random
key local_ipv4 :local_ipv4
key error_log caddy-configuration:error-log
key not_found_file caddy-configuration:not-found-file
key error_log frontend-haproxy-configuration:error-log
key username monitor-instance-parameter:username
key password monitor-htpasswd:passwd
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:output
# BBB: SlapOS Master non-zero knowledge END
section configuration frontend-haproxy-rsyslogd-config
[caddy-wrapper]
recipe = slapos.recipe.template:jinja2
inline =
#!/bin/sh
export CADDYPATH=${directory:frontend_cluster}
ulimit -n $(ulimit -Hn)
exec {{ software_parameter_dict['caddy'] }} \
-conf ${dynamic-caddy-frontend-template:output} \
-log ${caddy-configuration:error-log} \
-log-roll-mb 0 \
-http2=true \
-grace {{ instance_parameter_dict['configuration.mpm-graceful-shutdown-timeout'] }}s \
-disable-http-challenge \
-disable-tls-alpn-challenge \
"$@"
output = ${directory:bin}/caddy-wrapper
[caddy-frontend]
[frontend-haproxy-rsyslogd]
recipe = slapos.cookbook:wrapper
command-line = ${caddy-wrapper:output} -pidfile ${caddy-configuration:pid-file}
wrapper-path = ${directory:service}/frontend_caddy
command-line = {{ software_parameter_dict['rsyslogd_executable'] }} -i ${frontend-haproxy-rsyslogd-config:pid-file} -n -f ${frontend-haproxy-rsyslogd-configuration:output}
wrapper-path = ${directory:service}/frontend-haproxy-rsyslogd
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
hash-files = ${caddy-wrapper:output}
[not-found-html]
recipe = plone.recipe.command
update-command = ${:command}
filename = notfound.html
command = ln -sf {{ software_parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename}
[caddy-directory]
recipe = slapos.cookbook:mkdirectory
document-root = ${directory:srv}/htdocs
slave-configuration = ${directory:etc}/caddy-slave-conf.d/
slave-log = ${directory:log}/httpd
autocert = ${directory:srv}/autocert
master-autocert-dir = ${:autocert}/master-autocert
custom-ssl-directory = ${:slave-configuration}/ssl
[logrotate-entry-frontend-haproxy]
<= logrotate-entry-base
name = frontend-haproxy
log = ${frontend-haproxy-rsyslogd-config:log-file}
rotate-num = ${configuration:rotate-num}
# Note: Slaves do not define their own reload, as this would be repeated,
# because sharedscripts work per entry, and each slave needs its own
# olddir
# Here we trust that there will be something to be rotated with error
# or access log, and that this will trigger postrotate script.
post = ${frontend-haproxy-rsyslogd-lazy-graceful:output} &
delaycompress =
[caddy-configuration]
frontend-configuration = ${directory:etc}/Caddyfile
[frontend-haproxy-configuration]
file = ${directory:etc}/frontend-haproxy.cfg
crt-list = ${directory:etc}/frontend-haproxy-crt-list.txt
log-socket = ${frontend-haproxy-rsyslogd-config:log-socket}
access-log = ${directory:log}/frontend-access.log
error-log = ${directory:log}/frontend-error.log
pid-file = ${directory:run}/httpd.pid
frontend-graceful-command = ${frontend-caddy-validate:output} && kill -USR1 $(cat ${:pid-file})
not-found-file = ${caddy-directory:document-root}/${not-found-html:filename}
master-certificate = ${caddy-directory:master-autocert-dir}/master.pem
frontend-graceful-command = ${frontend-haproxy-validate:output} && kill -USR2 $(cat ${:pid-file})
not-found-file = {{ software_parameter_dict['template_not_found_html'] }}
master-certificate = ${frontend-directory:master-autocert-dir}/master.pem
self-signed-fallback-certificate = ${self-signed-fallback-access:certificate}
http-port = ${configuration:plain_http_port}
https-port = ${configuration:port}
# Communication with ATS
cache-port = ${trafficserver-variable:input-port}
# slave instrspection
......@@ -472,6 +481,10 @@ slave-introspection-access-log = ${directory:log}/slave-introspection-access.log
slave-introspection-error-log = ${directory:log}/slave-introspection-error.log
slave-introspection-pid-file = ${directory:run}/slave-introspection.pid
slave-introspection-graceful-command = ${slave-introspection-validate:output} && kill -HUP $(cat ${:slave-introspection-pid-file})
local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value}
quic = {{ FRONTEND_HAPROXY_QUIC }}
# BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access]
......@@ -498,18 +511,13 @@ context =
output = ${directory:bbb-ssl-dir}/frontend.crt
# BBB: SlapOS Master non-zero knowledge END
[logrotate-entry-caddy]
<= logrotate-entry-base
name = caddy
log = ${caddy-configuration:error-log} ${caddy-configuration:access-log}
rotate-num = ${configuration:rotate-num}
# Note: Slaves do not define their own reload, as this would be repeated,
# because sharedscripts work per entry, and each slave needs its own
# olddir
# Here we trust that there will be something to be rotated with error
# or access log, and that this will trigger postrotate script.
post = ${frontend-caddy-lazy-graceful:output} &
delaycompress =
[frontend-directory]
recipe = slapos.cookbook:mkdirectory
slave-configuration = ${directory:etc}/frontend-haproxy.d/
slave-log = ${directory:log}/httpd
autocert = ${directory:srv}/autocert
master-autocert-dir = ${:autocert}/master-autocert
custom-ssl-directory = ${:slave-configuration}/ssl
#################
# Trafficserver
......@@ -659,13 +667,13 @@ command = ${trafficserver-rotate-script:output}
### End of ATS sections
### Caddy Graceful and promises
[frontend-caddy-configuration-state]
### Frontend Graceful and promises
[frontend-haproxy-configuration-state]
< = jinja2-template-base
url = {{ software_parameter_dict['template_configuration_state_script'] }}
output = ${directory:bin}/${:_buildout_section_name_}
path_list = ${caddy-configuration:frontend-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
path_list = ${frontend-haproxy-configuration:file} ${frontend-haproxy-configuration:crt-list} ${frontend-directory:master-autocert-dir}/*.key ${frontend-directory:master-autocert-dir}/*.crt ${frontend-directory:master-autocert-dir}/*.pem ${frontend-directory:autocert}/*.pem ${frontend-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
sha256sum = {{ software_parameter_dict['sha256sum'] }}
extra-context =
......@@ -675,45 +683,60 @@ extra-context =
key sha256sum :sha256sum
key signature_file :signature_file
[frontend-caddy-configuration-state-graceful]
< = frontend-caddy-configuration-state
[frontend-haproxy-configuration-state-graceful]
< = frontend-haproxy-configuration-state
signature_file = ${directory:run}/graceful_configuration_state_signature
[frontend-caddy-configuration-state-validate]
< = frontend-caddy-configuration-state
[frontend-haproxy-configuration-state-validate]
< = frontend-haproxy-configuration-state
signature_file = ${directory:run}/validate_configuration_state_signature
[frontend-caddy-graceful]
[frontend-haproxy-graceful]
< = jinja2-template-base
url = {{ software_parameter_dict['template_graceful_script'] }}
output = ${directory:etc-run}/frontend-caddy-safe-graceful
output = ${directory:etc-run}/frontend-haproxy-safe-graceful
mode = 0700
extra-context =
key graceful_reload_command caddy-configuration:frontend-graceful-command
key configuration_state frontend-caddy-configuration-state-graceful:output
key graceful_reload_command frontend-haproxy-configuration:frontend-graceful-command
key configuration_state frontend-haproxy-configuration-state-graceful:output
[frontend-caddy-validate]
[frontend-haproxy-validate]
< = jinja2-template-base
url = {{ software_parameter_dict['template_validate_script'] }}
output = ${directory:bin}/frontend-caddy-validate
last_state_file = ${directory:run}/caddy_configuration_last_state
validate_command = ${caddy-wrapper:output} -validate
output = ${directory:bin}/frontend-haproxy-validate
mode = 0700
last_state_file = ${directory:run}/frontend_haproxy_configuration_last_state
validate_command = {{ FRONTEND_HAPROXY_EXECUTABLE }} -f ${frontend-haproxy-configuration:file} -c
extra-context =
raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
key validate_command :validate_command
key configuration_state_command frontend-haproxy-configuration-state-validate:output
key last_state_file :last_state_file
[backend-haproxy-validate]
<= jinja2-template-base
url = {{ software_parameter_dict['template_validate_script'] }}
output = ${directory:bin}/backend-haproxy-validate
mode = 0700
last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
validate_command = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file} -c
extra-context =
raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
key validate_command :validate_command
key configuration_state_command frontend-caddy-configuration-state-validate:output
key configuration_state_command backend-haproxy-configuration-state-validate:output
key last_state_file :last_state_file
[frontend-caddy-lazy-graceful]
[frontend-haproxy-lazy-graceful]
< = jinja2-template-base
url = {{ software_parameter_dict['template_lazy_script_call'] }}
output = ${directory:bin}/frontend-caddy-lazy-graceful
output = ${directory:bin}/frontend-haproxy-lazy-graceful
mode = 0700
pid-file = ${directory:run}/lazy-graceful.pid
wait_time = 60
extra-context =
key pid_file :pid-file
key wait_time :wait_time
key lazy_command caddy-configuration:frontend-graceful-command
key lazy_command frontend-haproxy-configuration:frontend-graceful-command
# Promises checking configuration:
[promise-helper-last-configuration-state]
......@@ -722,41 +745,41 @@ url = {{ software_parameter_dict['template_empty'] }}
output = ${directory:bin}/frontend-read-last-configuration-state
content =
#!/bin/sh
exit `cat ${frontend-caddy-validate:last_state_file}`
exit `cat ${frontend-haproxy-validate:last_state_file}`
context =
key content :content
[promise-frontend-caddy-configuration]
[promise-frontend-frontend-haproxy-configuration]
<= monitor-promise-base
promise = validate_frontend_configuration
name = frontend-caddy-configuration-promise.py
name = frontend-frontend-haproxy-configuration-promise.py
config-verification-script = ${promise-helper-last-configuration-state:output}
[promise-caddy-frontend-v4-https]
[promise-frontend-haproxy-v4-https]
<= monitor-promise-base
promise = check_socket_listening
name = caddy_frontend_ipv4_https.py
name = frontend_haproxy_ipv4_https.py
config-host = {{ instance_parameter_dict['ipv4-random'] }}
config-port = ${configuration:port}
[promise-caddy-frontend-v4-http]
[promise-frontend-haproxy-v4-http]
<= monitor-promise-base
promise = check_socket_listening
name = caddy_frontend_ipv4_http.py
name = frontend_haproxy_ipv4_http.py
config-host = {{ instance_parameter_dict['ipv4-random'] }}
config-port = ${configuration:plain_http_port}
[promise-caddy-frontend-v6-https]
[promise-frontend-haproxy-v6-https]
<= monitor-promise-base
promise = check_socket_listening
name = caddy_frontend_ipv6_https.py
name = frontend_haproxy_ipv6_https.py
config-host = {{ instance_parameter_dict['ipv6-random'] }}
config-port = ${configuration:port}
[promise-caddy-frontend-v6-http]
[promise-frontend-haproxy-v6-http]
<= monitor-promise-base
promise = check_socket_listening
name = caddy_frontend_ipv6_http.py
name = frontend_haproxy_ipv6_http.py
config-host = {{ instance_parameter_dict['ipv6-random'] }}
config-port = ${configuration:plain_http_port}
......@@ -795,10 +818,30 @@ statistic-username = ${monitor-instance-parameter:username}
statistic-password = ${monitor-htpasswd:passwd}
statistic-identification = {{ instance_parameter_dict['configuration.frontend-name'] + ' @ ' + slapparameter_dict['cluster-identification'] }}
statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access}
version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value}
[frontend-haproxy]
recipe = slapos.cookbook:wrapper
command-line = {{ FRONTEND_HAPROXY_EXECUTABLE }} -f ${frontend-haproxy-configuration:file}
wrapper-path = ${directory:service}/frontend-haproxy
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[frontend-haproxy-rsyslogd-lazy-graceful]
< = jinja2-template-base
url = {{ software_parameter_dict['template_lazy_script_call'] }}
output = ${directory:bin}/frontend-haproxy-rsyslogd-lazy-graceful
mode = 0700
pid-file = ${directory:run}/frontend-haproxy-rsyslogd-lazy-graceful.pid
wait_time = 60
extra-context =
key pid_file :pid-file
key wait_time :wait_time
key lazy_command frontend-haproxy-rsyslogd-config:graceful-command
[backend-haproxy]
recipe = slapos.cookbook:wrapper
command-line = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file}
command-line = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file}
wrapper-path = ${directory:service}/backend-haproxy
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
......@@ -863,7 +906,7 @@ extra-context =
url = {{ software_parameter_dict['template_validate_script'] }}
output = ${directory:bin}/backend-haproxy-validate
last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c
validate_command = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file} -c
extra-context =
raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
key validate_command :validate_command
......@@ -892,7 +935,7 @@ log-file = ${directory:log}/backend-haproxy.log
pid-file = ${directory:run}/backend-haproxy-rsyslogd.pid
spool-directory = ${directory:backend-haproxy-rsyslogd-spool}
graceful-command = kill -HUP $(cat ${:pid-file})
log-directory = ${caddy-directory:slave-log}
log-directory = ${frontend-directory:slave-log}
[backend-haproxy-rsyslogd-configuration]
<= jinja2-template-base
......@@ -940,14 +983,6 @@ command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ software_param
extra-context =
key content monitor-ats-cache-stats-wrapper:command
[monitor-caddy-server-status-wrapper]
< = jinja2-template-base
url = {{ software_parameter_dict['template_wrapper'] }}
output = ${directory:bin}/monitor-caddy-server-status-wrapper
command = {{ software_parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter_dict['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1
extra-context =
key content monitor-caddy-server-status-wrapper:command
[monitor-ats-cache-stats-config]
< = jinja2-template-base
url = {{ software_parameter_dict['template_empty'] }}
......@@ -1027,7 +1062,7 @@ url = {{ software_parameter_dict['template_graceful_script'] }}
output = ${directory:etc-run}/slave-introspection-safe-graceful
extra-context =
key graceful_reload_command caddy-configuration:slave-introspection-graceful-command
key graceful_reload_command frontend-haproxy-configuration:slave-introspection-graceful-command
key configuration_state slave-introspection-configuration-state-graceful:output
[slave-introspection-validate]
......@@ -1068,9 +1103,9 @@ config-port = ${frontend-configuration:slave-introspection-https-port}
[logrotate-entry-slave-introspection]
<= logrotate-entry-base
name = slave-introspection
log = ${caddy-configuration:slave-introspection-access-log} ${caddy-configuration:slave-introspection-error-log}
log = ${frontend-haproxy-configuration:slave-introspection-access-log} ${frontend-haproxy-configuration:slave-introspection-error-log}
rotate-num = ${configuration:rotate-num}
post = kill -USR1 $(cat ${caddy-configuration:slave-introspection-pid-file})
post = kill -USR2 $(cat ${frontend-haproxy-configuration:slave-introspection-pid-file})
delaycompress =
[promise-logrotate-setup]
......
......@@ -34,12 +34,6 @@
"title": "Enable HTTP2 by Default",
"type": "string"
},
"mpm-graceful-shutdown-timeout": {
"default": 5,
"description": "Value passed to -grace parameter of Caddy, see https://caddyserver.com/docs/cli .",
"title": "Duration of the graceful shutdown period. Warning: Changing the parameter will result in restarting Caddy process.",
"type": "integer"
},
"re6st-verification-url": {
"description": "Url to verify if the internet and/or re6stnet is working.",
"title": "Test Verification URL",
......@@ -78,9 +72,9 @@
"type": "string"
},
"ciphers": {
"description": "List of ciphers. Empty defaults to Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
"title": "Ordered space separated list of ciphers",
"type": "string"
"type": "string",
"default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
},
"request-timeout": {
"default": 600,
......
......@@ -5,7 +5,27 @@
{%- set NAME_BASE = 'caddy-frontend' %}
{#- DANGER! DANGER! #}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %}
{%- set GOOD_CIPHER_LIST = [
'ECDHE-ECDSA-AES256-GCM-SHA384',
'ECDHE-RSA-AES256-GCM-SHA384',
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES128-GCM-SHA256',
] %}
{%- set CIPHER_TRANSLATION_DICT = {
'ECDHE-ECDSA-WITH-CHACHA20-POLY1305': 'ECDHE-ECDSA-CHACHA20-POLY1305',
'ECDHE-RSA-WITH-CHACHA20-POLY1305': 'ECDHE-RSA-CHACHA20-POLY1305',
'ECDHE-RSA-AES256-CBC-SHA': 'ECDHE-RSA-AES256-SHA',
'ECDHE-RSA-AES128-CBC-SHA': 'ECDHE-RSA-AES128-SHA',
'ECDHE-ECDSA-AES256-CBC-SHA': 'ECDHE-ECDSA-AES256-SHA',
'ECDHE-ECDSA-AES128-CBC-SHA': 'ECDHE-ECDSA-AES128-SHA',
'RSA-AES256-CBC-SHA': 'AES256-SHA',
'RSA-AES128-CBC-SHA': 'AES128-SHA',
'ECDHE-RSA-3DES-EDE-CBC-SHA': 'ECDHE-RSA-DES-CBC3-SHA',
'RSA-3DES-EDE-CBC-SHA': 'DES-CBC3-SHA'
} %}
{%- for key, value in CIPHER_TRANSLATION_DICT.items() %}
{%- do GOOD_CIPHER_LIST.append(value) %}
{%- endfor %}
{#- Allow to pass only some parameters to frontend nodes #}
{%- set FRONTEND_NODE_PASSED_KEY_LIST = [
'plain_http_port',
......@@ -14,7 +34,6 @@
'apache-key',
'domain',
'enable-http2-by-default',
'mpm-graceful-shutdown-timeout',
're6st-verification-url',
'backend-connect-timeout',
'backend-connect-retries',
......@@ -148,6 +167,10 @@ context =
{% do frontend_section_list.append(request_section_title) %}
{% endif %}
{% do part_list.append(request_section_title) %}
{% set frontend_haproxy_flavour_key = "-frontend-%s-experimental-haproxy-flavour" % i %}
{% do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
{% set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
{% do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
# Filling request dict for slave
{% set request_content_dict = {
'config': config_dict,
......@@ -216,8 +239,13 @@ context =
{% if slave_cipher_list %}
{% for cipher in slave_cipher_list %}
{% if cipher not in GOOD_CIPHER_LIST %}
{% if cipher in CIPHER_TRANSLATION_DICT %}
{# Real translation happens in instance-slave-list.cfg.in #}
{% do slave_warning_list.append('Cipher %r translated to %r' % (cipher, CIPHER_TRANSLATION_DICT[cipher])) %}
{% else %}
{% do slave_error_list.append('Cipher %r is not supported.' % (cipher,)) %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{# Check strict-transport-security #}
......
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Values returned by Caddy Frontend instanciation",
"description": "Values returned by Rapid.CDN instanciation",
"properties": {
"accepted-slave-amount": {
"description": "Amount of Slaves allocated to the Instance which are deployed",
......
......@@ -15,7 +15,7 @@
},
"type": {
"default": "",
"description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster.",
"description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster. All frontends support websocket by default and under the hood, but switch to type:websocket allow to configure websocket-path-list and websocket-transparent options.",
"enum": [
"",
"zope",
......@@ -34,7 +34,7 @@
},
"enable_cache": {
"default": "false",
"description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend Caddy and backend",
"description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend and backend",
"enum": [
"false",
"true"
......@@ -120,7 +120,7 @@
},
"websocket-transparent": {
"default": "true",
"description": "If set to false, websocket slave will be without Caddy's transparent proxy mode. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.",
"description": "If set to false, websocket slave will be without passing X-Real-Ip, X-Forwarded-Proto and X-Forwarded-Port. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.",
"enum": [
"false",
"true"
......@@ -210,9 +210,9 @@
"type": "integer"
},
"ciphers": {
"description": "List of ciphers. Empty defaults to cluster list of ciphers, which by default are Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
"title": "Ordered space separated list of ciphers",
"type": "string"
"type": "string",
"default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
},
"authenticate-to-backend": {
"description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
......
......@@ -3,7 +3,7 @@
{%- set backend_slave_list = [] %}
{%- set frontend_slave_list = [] %}
{%- set part_list = [] %}
{%- set cache_port = caddy_configuration.get('cache-port') %}
{%- set cache_port = frontend_haproxy_configuration.get('cache-port') %}
{%- set cache_access = "http://%s:%s/HTTP" % (instance_parameter_dict['ipv4-random'], cache_port) %}
{%- set ssl_cache_access = "http://%s:%s/HTTPS" % (instance_parameter_dict['ipv4-random'], cache_port) %}
{%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %}
......@@ -17,9 +17,9 @@
{%- do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %}
{%- endif %}
{%- if master_key_download_url %}
{%- do kedifa_updater_mapping.append((master_key_download_url, caddy_configuration['master-certificate'], apache_certificate)) %}
{%- do kedifa_updater_mapping.append((master_key_download_url, frontend_haproxy_configuration['master-certificate'], apache_certificate)) %}
{%- else %}
{%- do kedifa_updater_mapping.append(('notreadyyet', caddy_configuration['master-certificate'], apache_certificate)) %}
{%- do kedifa_updater_mapping.append(('notreadyyet', frontend_haproxy_configuration['master-certificate'], apache_certificate)) %}
{%- endif %}
{%- if kedifa_configuration['slave_kedifa_information'] %}
{%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
......@@ -40,6 +40,18 @@ context =
[slave-htpasswd]
{#- Prepare configuration parameters #}
{%- set CIPHER_TRANSLATION_DICT = {
'ECDHE-ECDSA-WITH-CHACHA20-POLY1305': 'ECDHE-ECDSA-CHACHA20-POLY1305',
'ECDHE-RSA-WITH-CHACHA20-POLY1305': 'ECDHE-RSA-CHACHA20-POLY1305',
'ECDHE-RSA-AES256-CBC-SHA': 'ECDHE-RSA-AES256-SHA',
'ECDHE-RSA-AES128-CBC-SHA': 'ECDHE-RSA-AES128-SHA',
'ECDHE-ECDSA-AES256-CBC-SHA': 'ECDHE-ECDSA-AES256-SHA',
'ECDHE-ECDSA-AES128-CBC-SHA': 'ECDHE-ECDSA-AES128-SHA',
'RSA-AES256-CBC-SHA': 'AES256-SHA',
'RSA-AES128-CBC-SHA': 'AES128-SHA',
'ECDHE-RSA-3DES-EDE-CBC-SHA': 'ECDHE-RSA-DES-CBC3-SHA',
'RSA-3DES-EDE-CBC-SHA': 'DES-CBC3-SHA'
} %}
{%- set DEFAULT_PORT = {'http': 80, 'https': 443, '': None} %}
{%- for key in ['enable-http2-by-default'] %}
{%- do configuration.__setitem__(key, ('' ~ configuration[key]).lower() in TRUE_VALUES) %}
......@@ -53,7 +65,7 @@ context =
{#- * stabilise values for backend #}
{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
{%- set parsed = urllib_module.parse.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split()} %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
......@@ -86,11 +98,14 @@ context =
{%- do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
{%- do slave_instance.__setitem__('path', slave_instance.get('path', '').strip('/')) %}
{#- Manage ciphers #}
{%- set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %}
{%- set slave_ciphers = [] %}
{%- for cipher in slave_instance.get('ciphers', '').strip().split() %}
{%- do slave_ciphers.append(CIPHER_TRANSLATION_DICT.get(cipher, cipher)) %}
{%- endfor %}
{%- if slave_ciphers %}
{%- set slave_cipher_list = ' '.join(slave_ciphers) %}
{%- set slave_cipher_list = ':'.join(slave_ciphers) %}
{%- else %}
{%- set slave_cipher_list = configuration['ciphers'].strip() %}
{%- set slave_cipher_list = ':'.join(configuration['ciphers'].strip().split()) %}
{%- endif %}
{%- do slave_instance.__setitem__('ciphers', slave_cipher_list) %}
{#- Manage common instance parameters #}
......@@ -98,7 +113,8 @@ context =
{%- set enable_cache = (slave_instance['enable_cache'] and slave_type != 'redirect') %}
{%- set slave_reference = slave_instance.get('slave_reference') %}
{%- set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
{#- Setup backend URLs for front facing Caddy #}
{#- Setup backend URLs for frontend-haproxy #}
{%- if slave_type == 'redirect' %}
{%- do slave_instance.__setitem__('backend-http-url', slave_instance.get('url', '').rstrip('/')) %}
{%- if slave_instance.get('https-url') %}
......@@ -121,12 +137,24 @@ context =
{%- do slave_instance.__setitem__('backend-https-url', backend_haproxy_https_url) %}
{%- endif %}
{%- endif %}
{%- for frontend_key, key in [('backend-http-info', 'backend-http-url'), ('backend-https-info', 'backend-https-url')] %}
{%- if key in slave_instance %}
{%- set parsed = urllib_module.parse.urlparse(slave_instance[key]) %}
{%- do slave_instance.__setitem__(frontend_key, {
'scheme': parsed.scheme,
'hostname': parsed.hostname,
'port': parsed.port or DEFAULT_PORT[parsed.scheme],
'path': parsed.path,
'fragment': parsed.fragment,
'query': parsed.query }) %}
{%- endif %}
{%- endfor %}
{%- if slave_kedifa %}
{%- set key_download_url = slave_kedifa.get('key-download-url') %}
{%- else %}
{%- set key_download_url = 'notreadyyet' %}
{%- endif %}
{%- set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
{%- set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
{%- set slave_publish_dict = {} %}
{%- set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
......@@ -137,7 +165,6 @@ context =
{%- set slave_ln_section = slave_reference + "-ln" %}
{#- extend parts #}
{%- do part_list.extend([slave_ln_section]) %}
{%- do part_list.extend([slave_section_title]) %}
{%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
{#- Pass backend timeout values #}
{%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
......@@ -176,11 +203,9 @@ context =
{%- do slave_instance.__setitem__('health-check-http-path', '') %}
{%- endif %} {# if slave_instance['health-check'] #}
{#- Set Up log files #}
{%- do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}
{%- do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %}
{%- do slave_parameter_dict.__setitem__('backend_log', '/'.join([caddy_log_directory, '%s_backend_log' % slave_reference])) %}
{%- do slave_parameter_dict.__setitem__('access_log', '/'.join([frontend_directory['slave-log'], '%s_access_log' % slave_reference])) %}
{%- do slave_parameter_dict.__setitem__('backend_log', '/'.join([frontend_directory['slave-log'], '%s_backend_log' % slave_reference])) %}
{%- do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %}
{%- do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %}
{%- do slave_instance.__setitem__('backend_log', slave_parameter_dict.get('backend_log')) %}
{#- Add slave log directory to the slave log access dict #}
{%- do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}
......@@ -241,7 +266,7 @@ log-directory = {{ '${slave-log-directory-dict:' + slave_reference + '}' }}
[{{slave_logrotate_section}}]
<= logrotate-entry-base
name = ${:_buildout_section_name_}
log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}} {{slave_parameter_dict.get('backend_log')}}
log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('backend_log')}}
backup = {{ '${' + slave_log_directory_section + ':log-directory}' }}
rotate-num = {{ dumps('' ~ configuration['rotate-num']) }}
# disable delayed compression, as log filenames shall be stable
......@@ -253,20 +278,22 @@ delaycompress =
recipe = plone.recipe.command
stop-on-error = false
log-directory = {{ '${' + slave_logrotate_section + ':backup}' }}
command = ln -sf {{slave_parameter_dict.get('error_log')}} ${:log-directory}/error.log && ln -sf {{slave_parameter_dict.get('access_log')}} ${:log-directory}/access.log && ln -sf {{slave_parameter_dict.get('backend_log')}} ${:log-directory}/backend.log
command =
ln -sf {{slave_parameter_dict.get('access_log')}} ${:log-directory}/access.log
ln -sf {{slave_parameter_dict.get('backend_log')}} ${:log-directory}/backend.log
{#- Set password for slave #}
[{{slave_password_section}}]
recipe = slapos.cookbook:generate.password
storage-path = {{caddy_configuration_directory}}/.{{slave_reference}}.passwd
storage-path = {{ frontend_directory['slave-configuration'] }}/.{{slave_reference}}.passwd
bytes = 8
[{{ slave_htpasswd_section }}]
recipe = plone.recipe.command
{#- Can be stopped on error, as does not rely on self provided service #}
stop-on-error = True
file = {{ caddy_configuration_directory }}/.{{ slave_reference }}.htpasswd
file = {{ frontend_directory['slave-configuration'] }}/.{{ slave_reference }}.htpasswd
{#- update-command is not needed, as if the ${:password} would change, the whole part will be recalculated #}
password = {{ '${' + slave_password_section + ':passwd}' }}
command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_reference.lower() }} ${:password}
......@@ -275,14 +302,15 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_refere
{#- Set Slave Certificates if needed #}
{#- Set certificate key for custom configuration #}
{%- set cert_name = slave_reference.replace('-','.') + '.pem' %}
{%- set certificate = '%s/%s' % (autocert, cert_name) %}
{%- set certificate = '%s/%s' % (frontend_directory['autocert'], cert_name) %}
{%- do slave_parameter_dict.__setitem__('certificate', certificate )%}
{%- do slave_instance.__setitem__('certificate', certificate )%}
{#- Set ssl certificates for each slave #}
{%- for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt', 'health-check-failover-ssl-proxy-ca-crt')%}
{%- set cert_file_key = 'path_to_' + cert_name %}
{%- if cert_name in slave_instance %}
{%- set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
{%- set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{%- set cert_file = '/'.join([frontend_directory['custom-ssl-directory'], cert_title.replace('-','.')]) %}
{%- do part_list.append(cert_title) %}
{%- do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
{%- do slave_instance.__setitem__(cert_file_key, cert_file) %}
......@@ -317,7 +345,7 @@ cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.ge
extra-context =
key content :cert-content
{%- else %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate, caddy_configuration['master-certificate'])) %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate, frontend_haproxy_configuration['master-certificate'])) %}
{%- endif %}
{#- BBB: SlapOS Master non-zero knowledge END #}
......@@ -329,26 +357,12 @@ certificate = {{ certificate }}
https_port = {{ dumps('' ~ configuration['port']) }}
http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
version-hash = {{ version_hash }}
node-id = {{ node_id }}
{%- for key, value in slave_instance.items() %}
{%- if value is not none %}
{{ key }} = {{ dumps(value) }}
{%- endif %}
{%- endfor %}
[{{ slave_section_title }}]
< = jinja2-template-base
output = {{ caddy_configuration_directory }}/${:filename}
url = {{ template_default_slave_configuration }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
filename = {{ '%s.conf' % slave_reference }}
{{ '\n' }}
{%- set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
{%- if monitor_ipv6_test %}
{%- set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
......@@ -387,35 +401,16 @@ config-frequency = 720
{%- do part_list.append('slave-introspection') %}
{#- ############################################## #}
{#- ## Prepare virtualhost for slaves using cache #}
{#- Define IPv6 to IPV4 tunneling #}
[tunnel-6to4-base]
recipe = slapos.cookbook:wrapper
ipv4 = ${slap-configuration:ipv4-random}
ipv6 = ${slap-configuration:ipv6-random}
wrapper-path = {{ directory['service'] }}/6tunnel-${:ipv6-port}
command-line = {{ software_parameter_dict['sixtunnel'] }}/bin/6tunnel -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[tunnel-6to4-base-http_port]
<= tunnel-6to4-base
ipv4-port = {{ configuration['plain_http_port'] }}
ipv6-port = {{ configuration['plain_http_port'] }}
[tunnel-6to4-base-https_port]
<= tunnel-6to4-base
ipv4-port = {{ configuration['port'] }}
ipv6-port = {{ configuration['port'] }}
[slave-introspection-parameters]
local-ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
global-ipv6 = {{ dumps(global_ipv6) }}
https-port = {{ frontend_configuration['slave-introspection-https-port'] }}
ip-access-certificate = {{ frontend_configuration.get('ip-access-certificate') }}
nginx-mime = {{ software_parameter_dict['nginx_mime'] }}
access-log = {{ dumps(caddy_configuration['slave-introspection-access-log']) }}
error-log = {{ dumps(caddy_configuration['slave-introspection-error-log']) }}
access-log = {{ dumps(frontend_haproxy_configuration['slave-introspection-access-log']) }}
error-log = {{ dumps(frontend_haproxy_configuration['slave-introspection-error-log']) }}
var = {{ directory['slave-introspection-var'] }}
pid = {{ caddy_configuration['slave-introspection-pid-file'] }}
pid = {{ frontend_haproxy_configuration['slave-introspection-pid-file'] }}
[slave-introspection-config]
<= jinja2-template-base
......@@ -437,7 +432,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{#- Publish information for the instance #}
[publish-caddy-information]
[publish]
recipe = slapos.cookbook:publish.serialised
{%- if configuration['extra_slave_instance_list'] %}
{#- sort_keys are important in order to avoid shuffling parameters on each run #}
......@@ -462,8 +457,8 @@ recipe = slapos.cookbook:wrapper
command-line = {{ software_parameter_dict['kedifa-updater'] }}
--server-ca-certificate {{ kedifa_configuration['ca-certificate'] }}
--identity {{ kedifa_configuration['certificate'] }}
--master-certificate {{ caddy_configuration['master-certificate'] }}
--on-update "{{ caddy_configuration['frontend-graceful-command'] }}"
--master-certificate {{ frontend_haproxy_configuration['master-certificate'] }}
--on-update "{{ frontend_haproxy_configuration['frontend-graceful-command'] }}"
${kedifa-updater-mapping:file}
{{ kedifa_configuration['kedifa-updater-state-file'] }}
......@@ -474,7 +469,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
recipe = plone.recipe.command
{#- Can be stopped on error, as does not rely on self provided service but on service which comes from another partition #}
stop-on-error = True
command = {{ software_parameter_dict['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{ caddy_configuration['frontend-graceful-command'] }}"
command = {{ software_parameter_dict['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{ frontend_haproxy_configuration['frontend-graceful-command'] }}"
update-command = ${:command}
[kedifa-updater-mapping]
......@@ -487,6 +482,38 @@ inline =
output = ${:file}
##<Frontend haproxy>
[frontend-haproxy-slave-list]
list = {{ dumps(sorted(frontend_slave_list, key=operator_module.itemgetter('slave_reference'))) }}
[frontend-haproxy-crt-list]
<= jinja2-template-base
template = {{ template_frontend_haproxy_crt_list }}
rendered = ${frontend-haproxy-config:crt-list}
extra-context =
key frontend_slave_list frontend-haproxy-slave-list:list
section configuration frontend-haproxy-config
[frontend-haproxy-configuration]
< = jinja2-template-base
template = {{ template_frontend_haproxy_configuration }}
rendered = ${frontend-haproxy-config:file}
extra-context =
key frontend_slave_list frontend-haproxy-slave-list:list
key crt_list frontend-haproxy-crt-list:rendered
section configuration frontend-haproxy-config
[frontend-haproxy-config]
{%- for key, value in frontend_haproxy_configuration.items() %}
{{ key }} = {{ value }}
{%- endfor %}
local-ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
global-ipv6 = ${slap-configuration:ipv6-random}
request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
autocert-directory = {{ frontend_directory['autocert'] }}
##</Frontend haproxy>
##<Backend haproxy>
[backend-haproxy-configuration]
< = jinja2-template-base
......@@ -506,8 +533,6 @@ global-ipv6 = ${slap-configuration:ipv6-random}
request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
backend-connect-retries = {{ dumps('' ~ configuration['backend-connect-retries']) }}
version-hash = {{ version_hash }}
node-id = {{ node_id }}
[template-expose-csr-link-csr]
recipe = plone.recipe.command
......@@ -527,7 +552,7 @@ csr = {{ backend_haproxy_configuration['csr'] }}
filename = kedifa-csr.pem
csr = {{ kedifa_configuration['csr'] }}
##<Backend haproxy>
##</Backend haproxy>
[buildout]
extends =
......@@ -538,15 +563,14 @@ extends =
parts +=
kedifa-updater
kedifa-updater-run
frontend-haproxy-configuration
backend-haproxy-configuration
promise-logrotate-setup
promise-key-download-url-ready
{%- for part in part_list %}
{{ ' %s' % part }}
{%- endfor %}
publish-caddy-information
tunnel-6to4-base-http_port
tunnel-6to4-base-https_port
publish
promise-expose-csr-ip-port
cache-access = {{ cache_access }}
......
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Values returned by Caddy Frontend instanciation",
"description": "Values returned by Rapid.CDN slave instanciation",
"properties": {
"domain": {
"description": "Base domain used by the instance",
......
......@@ -96,9 +96,8 @@ configuration.disk-cache-size = 8G
configuration.ram-cache-size = 1G
configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
configuration.enable-http2-by-default = true
configuration.ciphers =
configuration.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA
configuration.request-timeout = 600
configuration.mpm-graceful-shutdown-timeout = 5
configuration.frontend-name =
configuration.backend-connect-timeout = 5
configuration.backend-connect-retries = 3
......
......@@ -3,11 +3,9 @@ extends =
buildout.hash.cfg
../../stack/slapos.cfg
../../component/dash/buildout.cfg
../../component/caddy/buildout.cfg
../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/trafficserver/buildout.cfg
../../component/6tunnel/buildout.cfg
../../component/xz-utils/buildout.cfg
../../component/rsyslogd/buildout.cfg
../../component/haproxy/buildout.cfg
......@@ -83,10 +81,11 @@ profile_slave_list = ${profile-slave-list:target}
# templates
template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target}
template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target}
template_frontend_haproxy_configuration = ${template-frontend-haproxy-configuration:target}
template_frontend_haproxy_crt_list = ${template-frontend-haproxy-crt-list:target}
template_frontend_haproxy_rsyslogd_conf = ${template-frontend-haproxy-rsyslogd-conf:target}
template_lazy_script_call = ${template-lazy-script-call:target}
template_configuration_state_script = ${template-configuration-state-script:target}
template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
template_empty = ${template-empty:target}
template_graceful_script = ${template-graceful-script:target}
template_not_found_html = ${template-not-found-html:target}
......@@ -103,11 +102,10 @@ template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
bin_directory = ${buildout:bin-directory}
# files
sixtunnel = ${6tunnel:location}
nginx = ${nginx-output:nginx}
nginx_mime = ${nginx-output:mime}
caddy = ${caddy:output}
haproxy_executable = ${haproxy:location}/sbin/haproxy
haproxy_quic_executable = ${haproxy-quic:location}/sbin/haproxy
rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
curl = ${curl:location}
dash = ${dash:location}
......@@ -156,13 +154,13 @@ url = ${:_profile_base_location_}/${:filename}
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/${:_update_hash_filename_}
[template-caddy-frontend-configuration]
[template-frontend-haproxy-configuration]
<=download-template
[template-not-found-html]
[template-frontend-haproxy-crt-list]
<=download-template
[template-default-slave-virtualhost]
[template-not-found-html]
<=download-template
[template-backend-haproxy-configuration]
......@@ -209,6 +207,9 @@ output = ${buildout:directory}/template-wrapper.cfg
[template-expose-csr-nginx-conf]
<=download-template
[template-frontend-haproxy-rsyslogd-conf]
<=download-template
[versions]
kedifa = 0.0.6
# Modern KeDiFa requires zc.lockfile
......
{
"description": "Caddy Frontend",
"name": "Caddy Frontend",
"description": "Rapid.CDN",
"name": "Rapid.CDN",
"serialisation": "xml",
"software-type": {
"custom-personal": {
......
......@@ -60,6 +60,8 @@ frontend http-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %}
......@@ -71,12 +73,14 @@ frontend https-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }}
{%- endfor %}
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }}
{%- endfor %}
{% endfor %}
{%- for slave_instance in backend_slave_list %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
......@@ -122,7 +126,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- do active_check_list.append('rise %s' % (slave_instance['health-check-rise'])) %}
{%- do active_check_list.append('fall %s' % (slave_instance['health-check-fall'])) %}
{%- if slave_instance['health-check-http-method'] != 'CONNECT' %}
{%- do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode, slave_instance['health-check-http-version'])) %}
{%- do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode | replace('%', '%%'), slave_instance['health-check-http-version'])) %}
{%- endif %}
{%- do active_check_option_list.append('timeout check %ss' % (slave_instance['health-check-timeout'])) %}
{%- endif %}
......@@ -191,4 +195,5 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{% endfor %}
{# END OF FILE #}
......@@ -2,11 +2,6 @@
{%- if slave_parameter['prefer-gzip-encoding-to-backend'] %}
{%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
{%- if slave_parameter['path'].strip().strip('/') %}
{%- set zope_path = slave_parameter['path'].strip().strip('/') ~ '/' %}
{%- else %}
{%- set zope_path = '' %}
{%- endif %}
{%- set http_host_list = [] %}
{%- set https_host_list = [] %}
{%- for host in slave_parameter['host_list'] %}
......@@ -16,32 +11,11 @@
{%- macro proxy_header() %}
timeout {{ slave_parameter['request-timeout'] }}s
# force reset of X-Forwarded-For
header_upstream X-Forwarded-For {remote}
# workaround for lost connection to haproxy by reconnecting
try_duration 3s
try_interval 250ms
header_upstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
{%- if not slave_parameter['disable-via-header'] %}
header_downstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
{%- endif %}
{%- endmacro %} {# proxy_header #}
{%- macro hsts_header(tls) %}
{%- if tls %}
{%- if slave_parameter['strict-transport-security'] > 0 %}
{%- set strict_transport_security = ['max-age=%i' % (slave_parameter['strict-transport-security'],)] %}
{%- if slave_parameter['strict-transport-security-sub-domains'] %}
{%- do strict_transport_security.append('; includeSubDomains') %}
{%- endif %}
{%- if slave_parameter['strict-transport-security-preload'] %}
{%- do strict_transport_security.append('; preload') %}
{%- endif %}
header_downstream Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- endmacro %} {# hsts_header #}
{%- for tls in [True, False] %}
{%- if tls %}
{%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %}
......@@ -55,16 +29,6 @@
bind {{ slave_parameter['local_ipv4'] }}
{%- if tls %}
tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
{%- if slave_parameter['ciphers'] %}
ciphers {{ slave_parameter['ciphers'] }}
{%- endif %}
{%- if slave_parameter['enable_h2'] %}
# Allow http2
alpn h2 http/1.1
{%- else %} {#- if slave_parameter['enable_h2'] #}
# Disallow HTTP2
alpn http/1.1
{%- endif %} {#- if slave_parameter['enable_h2'] #}
} {# tls #}
{%- endif %} {#- if tls #}
log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
......@@ -100,75 +64,10 @@
redir 302 {
/ https://{host}{rewrite_uri}
}
{%- elif slave_parameter['type'] == 'zope' and backend_url %}
# Zope configuration
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }}
proxy "/{{ proxy_name }}" {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
{%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip
header_upstream Accept-Encoding gzip
{%- endif %} {#- if proxy_name == 'prefer-gzip' #}
{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
{%- if slave_parameter['disable-via-header'] %}
header_downstream -Via
{%- endif %} {#- if slave_parameter['disable-via-header'] #}
{%- if slave_parameter['disable-no-cache-request'] %}
header_upstream -Cache-Control
header_upstream -Pragma
{%- endif %} {#- if slave_parameter['disable-no-cache-request'] #}
transparent
} {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- if slave_parameter['default-path'] %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter['default-path'] }}
} {# redir #}
{%- endif %} {#- if slave_parameter['default-path'] #}
{%- if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
rewrite {
regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
{%- if tls %}
to /prefer-gzip/VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- else %}
to /prefer-gzip/VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- endif %}
}
rewrite {
regexp (.*)
if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
{%- if tls %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- else %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- endif %}
}
{%- else %}
rewrite {
regexp (.*)
{%- if tls %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- else %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- endif %}
} {# rewrite #}
{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
{%- elif slave_parameter['type'] == 'redirect' %}
{%- if backend_url %}
# Redirect configuration
redir 302 {
/ {{ backend_url }}{rewrite_uri}
}
{%- endif %}
{%- elif slave_parameter['type'] == 'notebook' %}
proxy / {{ backend_url }} {
{{ proxy_header() }}
......@@ -186,36 +85,6 @@
websocket
without /proxy/
}
{%- elif slave_parameter['type'] == 'websocket' %}
{%- if slave_parameter['websocket-path-list'] %}
proxy / {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %}
header_upstream Host {host}
{%- endif %}
}
{%- for websocket_path in slave_parameter['websocket-path-list'] %}
proxy "/{{ websocket_path }}" {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
websocket
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %}
header_upstream Host {host}
{%- endif %}
}
{%- endfor %}
{%- else %}
proxy / {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
websocket
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %}
header_upstream Host {host}
{%- endif %}
......@@ -223,12 +92,6 @@
{%- endif %}
{%- else %} {#- if slave_parameter['type'] == 'zope' and backend_url #}
# Default configuration
{%- if slave_parameter['default-path'] %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter['default-path'] }}
} {# redir #}
{%- endif %} {#- if slave_parameter['default-path'] #}
{%- if backend_url %}
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
......
{%- for slave in frontend_slave_list %}
{%- set entry_list = [] %}
{%- set sslbindconf = [] %}
{#- <crtfile> #}
{%- do entry_list.append(slave['certificate']) %}
{%- if slave['ciphers'] %}
{%- do sslbindconf.append('ciphers %s' % (slave['ciphers']),) %}
{%- endif %}
{%- if slave['enable_h2'] %}
{%- do sslbindconf.append('alpn h2,http/1.1,http/1.0') %}
{%- else %}
{%- do sslbindconf.append('alpn http/1.1,http/1.0') %}
{%- endif %}
{%- do entry_list.append('[' + ' '.join(sslbindconf) + ']') %}
{#- <snifilter> #}
{%- do entry_list.extend(slave['host_list']) %}
{{- ' '.join(entry_list) }}
{% endfor -%}
# Fallback to default certificate
{{ configuration['master-certificate'] }}
# END OF FILE
module(
load="imuxsock"
SysSock.Name="{{ configuration['log-socket'] }}")
# Just simply output the raw line without any additional information, as
# haproxy emits enough information by itself
# Also cut out first empty space in msg, which is related to rsyslogd
# internal and end up cutting on 8k, as it's default of $MaxMessageSize
template(name="rawoutput" type="string" string="%msg:2:8192%\n")
$ActionFileDefaultTemplate rawoutput
$FileCreateMode 0600
$DirCreateMode 0700
$Umask 0022
$WorkDirectory {{ configuration['spool-directory'] }}
# Setup logging per slave, by extracting the slave name from the log stream
{%- set regex = "^\\\\s*(\\\\S.*)-https{0,1} (.*)" %}
# Extract file name part from 1st match
template(name="extract_slave_name" type="string" string="%msg:R,ERE,1,FIELD:{{ regex }}--end%")
set $!slave_name = exec_template("extract_slave_name");
template(name="slave_output" type="string" string="{{ configuration['slave-log-directory'] }}/%$!slave_name%_access_log")
# Output only 2nd match, add the newline in the ned
template(name="haproxy_slave_line" type="string" string="%msg:R,ERE,2,FIELD:{{ regex }}--end%\n")
# React on match
if (re_match($msg, '{{ regex }}')) then {
action(type="omfile" dynaFile="slave_output" template="haproxy_slave_line")
stop
}
{#- emit all not catched messages to full log file #}
*.* {{ configuration['log-file'] }}
{%- if configuration['quic'] == 'True' %}
{%- set QUIC = True %}
{%- else %}
{%- set QUIC = False %}
{%- endif %}
global
pidfile {{ configuration['pid-file'] }}
# master-worker is compatible with foreground with process management
master-worker
expose-experimental-directives
log {{ configuration['log-socket'] }} local0
defaults
mode http
log global
option httplog
timeout queue 60s
timeout server {{ configuration['request-timeout'] }}s
timeout client {{ configuration['request-timeout'] }}s
timeout connect 2s
retries 3
timeout tunnel 1h
default-server init-addr last,libc,none
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'backend-http-info', 'https': 'backend-https-info'} %}
{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
{#- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] #}
{%- set host_list = (slave_instance.get('server-alias') or '').split() %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
{%- set matched = {'count': 0} %}
{%- for host in host_list %}
{#- Match up to the end or optional port (starting with ':') #}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
{%- if wildcard and host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
# match wildcard {{ host }}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
{%- elif not wildcard and not host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
{%- endif %}
{%- endfor %}
{%- if matched['count'] > 0 %}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
{%- endif %}
{#- endif #}
{%- endmacro %}
{%- macro frontend_common() %}
# normalize URIs as it's expected by the backends
http-request normalize-uri path-merge-slashes
http-request normalize-uri path-strip-dot
http-request normalize-uri path-strip-dotdot
# Combined Log Format
capture request header REMOTE_USER len 255
capture request header Referer len 255
capture request header User-Agent len 255
log-format "%{+E}o %b %ci - %[capture.req.hdr(0)] [%trl] \"%HM %HU %HV\" %ST %B \"%[capture.req.hdr(1)]\" \"%[capture.req.hdr(2)]\" %Ta"
# setup Via
http-request add-header Via "%HV rapid-cdn-frontend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
# setup X-Forwarded-For
http-request set-header X-Forwarded-For "%ci"
{%- endmacro %}
frontend http-frontend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
bind {{ configuration['global-ipv6'] }}:{{ configuration['http-port'] }}
{{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', True) }}
{%- endfor %}
default_backend BACKEND_NOT_FOUND
frontend https-frontend
bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
bind {{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
{%- if QUIC %}
bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
http-response set-header alt-svc "h3=\":%fp\";ma=900;"
{#- Ask Chromium to use QUIC #}
http-response set-header alternate-protocol %fp:quic
{%- endif %}
{{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }}
{%- endfor %}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }}
{%- endfor %}
default_backend BACKEND_NOT_FOUND
# Backends
{%- for slave_instance in frontend_slave_list %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %}
backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- if scheme == 'http' and slave_instance['https-only'] %}
{#- Support https-only if connected via http #}
redirect scheme https code 302
{%- else %}
{%- if 'hostname' in info_dict and 'port' in info_dict %}
{%- if slave_instance['type'] == 'redirect' %}
redirect prefix {{ info_dict['scheme'] }}://{{ info_dict['hostname'] }}:{{ info_dict['port'] }} code 302
{%- else %}
server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }} {{ info_dict['hostname'] }}:{{ info_dict['port'] }}
{%- if slave_instance['disable-via-header'] %}
http-response del-header Via
{%- else %}
http-response add-header Via "%HV rapid-cdn-frontend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
{%- endif %}
{%- if scheme == 'https' %}
{%- if slave_instance['strict-transport-security'] > 0 %}
{%- set strict_transport_security = ['max-age=%i' % (slave_instance['strict-transport-security'],)] %}
{%- if slave_instance['strict-transport-security-sub-domains'] %}
{%- do strict_transport_security.append('; includeSubDomains') %}
{%- endif %}
{%- if slave_instance['strict-transport-security-preload'] %}
{%- do strict_transport_security.append('; preload') %}
{%- endif %}
http-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- for disabled_cookie in slave_instance['disabled-cookie-list'] %}
http-request replace-header Cookie (.*)(^{{ disabled_cookie | replace('%', '%%') }}=[^;]*;\ |;\ {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*) \1\3
{%- endfor %}
{%- if slave_instance['disable-no-cache-request'] %}
http-request del-header Cache-Control
http-request del-header Pragma
{%- endif %}
{%- if slave_instance['prefer-gzip-encoding-to-backend'] %}
http-request set-header Accept-Encoding gzip if { hdr(Accept-Encoding) -m sub gzip }
{%- endif %}
{%- if slave_instance['type'] == 'notebook' %}
{#- In haproxy world type:notebook is simple type:websocket with default parameters #}
{%- do slave_instance.__setitem__('type', 'websocket') %}
{%- do slave_instance.__setitem__('websocket-path-list', None) %}
{%- do slave_instance.__setitem__('websocket-transparent', True) %}
{%- endif %}
{%- if slave_instance['type'] == 'websocket' %}
{%- if slave_instance['websocket-path-list'] %}
{%- set acl_entry = ['acl is_websocket '] %}
{%- for path in slave_instance['websocket-path-list'] %}
{%- do acl_entry.append('path -i -m beg /%s || ' % (path.replace('%', '%%'),)) %}
{%- endfor %}
{%- do acl_entry.append('always_false') %}
{{ ''.join(acl_entry) }}
{%- else %}
acl is_websocket always_true
{%- endif %}
http-request set-header X-Forwarded-Proto {{ scheme }} if !is_websocket
http-request set-header X-Forwarded-Port {{ configuration[scheme + '-port'] }} if !is_websocket
{%- if slave_instance['websocket-transparent'] %}
http-request set-header X-Real-Ip "%ci" if is_websocket
http-request set-header X-Forwarded-Proto {{ scheme }} if is_websocket
http-request set-header X-Forwarded-Port {{ configuration[scheme + '-port'] }} if is_websocket
{%- else %}
{#- Pass-thourgh: X-Forwarded-Proto, X-Forwarded-Port #}
{%- endif %}
{%- else %}
http-request set-header X-Forwarded-Proto {{ scheme }}
http-request set-header X-Forwarded-Port {{ configuration[scheme + '-port'] }}
{%- endif %} {# if slave_instance['type'] == 'websocket' #}
{%- if slave_instance['type'] == 'zope' %}
{%- if slave_instance['default-path'] %}
http-request redirect location {{ scheme}}://%[hdr(host)]/{{ slave_instance['default-path'] | replace('%', '%%') }} code 301 if { path / }
{%- set not_path_acl = 'if ! { path / }' %}
{%- else %}
{%- set not_path_acl = '' %}
{%- endif %}
{%- if slave_instance['path'].strip().strip('/') %}
{%- set zope_path = slave_instance['path'].strip().strip('/').replace('%', '%%') ~ '/' %}
{%- else %}
{%- set zope_path = '' %}
{%- endif %}
http-request set-path /VirtualHostBase/{{ scheme }}/%[req.hdr(Host),field(1,:)]:{{ slave_instance['virtualhostroot-%s-port' % (scheme,)] }}/{{ zope_path }}VirtualHostRoot%[path] {{ not_path_acl }}
{%- endif %}
{%- if info_dict['path'] %}
http-request set-path {{ info_dict['path'] }}%[path]
{%- endif %} {# if info_dict['path'] #}
{%- endif %} {# if slave_instance['type'] == 'redirect' #}
{%- endif %} {# if 'hostname' in info_dict and 'port' in info_dict #}
{%- endif %} {# if scheme == 'http' and slave_instance['https-only'] #}
{%- endfor %} {# for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() #}
{%- endfor %} {# for slave_instance in frontend_slave_list #}
backend BACKEND_NOT_FOUND
{#- a bit hacky but working way to provide default CDN's 404 #}
{#- inspired by https://sleeplessbeastie.eu/2020/05/11/how-to-serve-single-file-using-haproxy/ #}
http-request set-log-level silent
errorfile 503 {{ configuration['not-found-file'] }}
{# END OF FILE #}
HTTP/1.0 404 Not Found
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html>
<head>
<title>Instance not found</title>
......
......@@ -27,11 +27,11 @@
from setuptools import setup, find_packages
version = '0.0.1.dev0'
name = 'slapos.test.caddy-frontend'
name = 'slapos.test.rapid-cdn'
setup(name=name,
version=version,
description="Test for SlapOS' Caddy Frontend",
description="Test for SlapOS' Rapid.CDN",
maintainer="Nexedi",
maintainer_email="info@nexedi.com",
url="https://lab.nexedi.com/nexedi/slapos",
......
......@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source
import json
import multiprocessing
import subprocess
from unittest import skip, expectedFailure
from unittest import skip
import ssl
from http.server import HTTPServer
from http.server import BaseHTTPRequestHandler
......@@ -406,7 +406,7 @@ class TestDataMixin(object):
# test00 name chosen to be run just after setup
self._test_file_list(['var', 'run'], [
# can't be sure regarding its presence
'caddy_configuration_last_state',
'frontend_haproxy_configuration_last_state',
'validate_configuration_state_signature',
# run by cron from time to time
'monitor/monitor-collect.pid',
......@@ -430,11 +430,6 @@ class TestDataMixin(object):
data_replacement_dict = {
'{hash-generic}': generateHashFromFiles(hash_file_list)
}
for caddy_wrapper_path in glob.glob(os.path.join(
self.instance_path, '*', 'bin', 'caddy-wrapper')):
partition_id = caddy_wrapper_path.split('/')[-3]
data_replacement_dict['{hash-caddy-%s}' % (partition_id)] = \
generateHashFromFiles([caddy_wrapper_path] + hash_file_list)
for backend_haproxy_wrapper_path in glob.glob(os.path.join(
self.instance_path, '*', 'bin', 'backend-haproxy-wrapper')):
partition_id = backend_haproxy_wrapper_path.split('/')[-3]
......@@ -708,7 +703,8 @@ class TestHandler(BaseHTTPRequestHandler):
response = base64.b64decode(self.headers['x-reply-body'])
time.sleep(timeout)
self.send_response(status_code)
self.send_response_only(status_code)
self.send_header('Server', self.server_version)
for key, value in list(header_dict.items()):
self.send_header(key, value)
......@@ -937,8 +933,8 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
time.sleep(2)
# assert that in the worst case last run was correct
assert return_code == 0, output
# give caddy a moment to refresh its config, as sending signal does not
# block until caddy is refreshed
# give haproxy a moment to refresh its config, as sending signal does not
# block until haproxy is refreshed
time.sleep(2)
@classmethod
......@@ -989,15 +985,11 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
def assertResponseHeaders(
self, result, cached=False, via=True, backend_reached=True):
headers = result.headers.copy()
self.assertKeyWithPop('Date', headers)
# drop vary-keys
headers.pop('Connection', None)
headers.pop('Content-Length', None)
headers.pop('Keep-Alive', None)
headers.pop('Transfer-Encoding', None)
self.assertKeyWithPop('Content-Length', headers)
if backend_reached:
self.assertEqual('TestBackend', headers.pop('Server', ''))
self.assertKeyWithPop('Date', headers)
via_id = '%s-%s' % (
self.node_information_dict['node-id'],
......@@ -1047,17 +1039,9 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
)
self.assertEqual(
sorted([q['name'] for q in result.json()]),
['access.log', 'backend.log', 'error.log'])
self.assertEqual(
http.client.OK,
requests.get(url + 'access.log', verify=False).status_code
)
self.assertEqual(
http.client.OK,
requests.get(url + 'error.log', verify=False).status_code
)
# assert only for few tests, as backend log is not available for many of
# them, as it's created on the fly
['access.log', 'backend.log'])
# assert only for few tests, as logs are available for sure only
# for few of them
for test_name in [
'test_url', 'test_auth_to_backend', 'test_compressed_result']:
if self.id().endswith(test_name):
......@@ -1065,6 +1049,10 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
http.client.OK,
requests.get(url + 'backend.log', verify=False).status_code
)
self.assertEqual(
http.client.OK,
requests.get(url + 'access.log', verify=False).status_code
)
def assertKedifaKeysWithPop(self, parameter_dict, prefix=''):
generate_auth_url = parameter_dict.pop('%skey-generate-auth-url' % (
......@@ -1229,13 +1217,13 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
break
@classmethod
def waitForCaddy(cls):
def waitForFrontend(cls):
def method():
fakeHTTPSResult(
cls._ipv4_address,
'/',
)
cls.waitForMethod('waitForCaddy', method)
cls.waitForMethod('waitForFrontend', method)
@classmethod
def _cleanup(cls, snapshot_name):
......@@ -1250,7 +1238,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
os.environ.get(
'SLAPOS_TEST_WORKING_DIR',
os.path.join(os.getcwd(), '.slapos'))),
'caddy-frontend-test')
'rapid-cdn-test')
if not os.path.isdir(cls.working_directory):
os.mkdir(cls.working_directory)
......@@ -1282,7 +1270,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
cls.software_path = os.path.realpath(os.path.join(
cls.computer_partition_root_path, 'software_release'))
cls.setUpMaster()
cls.waitForCaddy()
cls.waitForFrontend()
except BaseException:
cls.logger.exception("Error during setUpClass")
# "{}.{}.setUpClass".format(cls.__module__, cls.__name__) is already used
......@@ -1450,9 +1438,15 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
self.instance_path, '*', 'var', 'log', 'httpd', log_name
))[0]
with open(log_file) as fh:
# sometimes logs appear with a bit of delay, so give it a chance
for _ in range(5):
with open(log_file, 'r') as fh:
line = fh.readlines()[-1]
if re.match(log_regexp, line):
break
time.sleep(0.5)
self.assertRegex(
fh.readlines()[-1],
line,
log_regexp)
......@@ -1646,7 +1640,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
'request-timeout': '12',
}
......@@ -1925,7 +1918,19 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
},
'ciphers': {
'ciphers': 'RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA',
}
},
'ciphers-translation-all': {
# all ciphers from instance-master.cfg.in found in GOOD_CIPHER_LIST
# and keys of CIPHER_TRANSLATION_DICT in order to check translations
'ciphers':
'ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 '
'ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 '
'ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 '
'ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA '
'ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA '
'RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA '
'RSA-3DES-EDE-CBC-SHA',
},
}
monitor_setup_url_key = 'monitor-setup-url'
......@@ -2095,15 +2100,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com',
'accepted-slave-amount': '55',
'accepted-slave-amount': '56',
'rejected-slave-amount': '0',
'slave-amount': '55',
'slave-amount': '56',
'rejected-slave-dict': {
},
'warning-slave-dict': {
'_Url': [
"slave url ' %(backend)s/?a=b&c= ' has been converted to "
"'%(backend)s/?a=b&c='" % {'backend': self.backend_url}]}
"'%(backend)s/?a=b&c='" % {'backend': self.backend_url}],
'_ciphers': [
"Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
"Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'"],
'_ciphers-translation-all': [
"Cipher 'ECDHE-ECDSA-AES128-CBC-SHA' translated to "
"'ECDHE-ECDSA-AES128-SHA'",
"Cipher 'ECDHE-ECDSA-AES256-CBC-SHA' translated to "
"'ECDHE-ECDSA-AES256-SHA'",
"Cipher 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305' translated to "
"'ECDHE-ECDSA-CHACHA20-POLY1305'",
"Cipher 'ECDHE-RSA-3DES-EDE-CBC-SHA' translated to "
"'ECDHE-RSA-DES-CBC3-SHA'",
"Cipher 'ECDHE-RSA-AES128-CBC-SHA' translated to "
"'ECDHE-RSA-AES128-SHA'",
"Cipher 'ECDHE-RSA-AES256-CBC-SHA' translated to "
"'ECDHE-RSA-AES256-SHA'",
"Cipher 'ECDHE-RSA-WITH-CHACHA20-POLY1305' translated to "
"'ECDHE-RSA-CHACHA20-POLY1305'",
"Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
"Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'",
"Cipher 'RSA-AES256-CBC-SHA' translated to 'AES256-SHA'"]
}
}
self.assertEqual(
......@@ -2163,11 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
expected_node_information
)
def test_slave_partition_state(self):
partition_path = self.getSlavePartitionPath()
with open(os.path.join(partition_path, 'bin', 'caddy-wrapper')) as fh:
self.assertIn('-grace 2s', fh.read())
def test_monitor_conf(self):
monitor_conf_list = glob.glob(
os.path.join(
......@@ -2249,25 +2272,23 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertFalse('connection-parameter-hash' in line)
self.assertFalse('timestamp' in line)
def assertBackendHeaders(
self, backend_header_dict, domain, source_ip=SOURCE_IP, port=HTTPS_PORT,
proto='https', ignore_header_list=None, cached=False):
if ignore_header_list is None:
ignore_header_list = []
if 'Host' not in ignore_header_list:
def assertRequestHeaders(
self, header_dict, domain=None, source_ip=SOURCE_IP,
port=HTTPS_PORT, proto='https', cached=False):
if domain is not None:
self.assertEqual(
backend_header_dict['host'],
header_dict['host'],
'%s:%s' % (domain, port))
self.assertEqual(
backend_header_dict['x-forwarded-for'],
header_dict['x-forwarded-for'],
source_ip
)
self.assertEqual(
backend_header_dict['x-forwarded-port'],
header_dict['x-forwarded-port'],
port
)
self.assertEqual(
backend_header_dict['x-forwarded-proto'],
header_dict['x-forwarded-proto'],
proto
)
via_id = '%s-%s' % (
......@@ -2281,7 +2302,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'http/1.1 rapid-cdn-cache-%(via_id)s' % dict(via_id=via_id),
'HTTP/1.1 rapid-cdn-backend-%(via_id)s' % dict(via_id=via_id)
],
backend_header_dict['via']
header_dict['via']
)
else:
self.assertEqual(
......@@ -2290,18 +2311,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'HTTP/1.1 rapid-cdn-frontend-%(via_id)s' % dict(via_id=via_id),
'HTTP/1.1 rapid-cdn-backend-%(via_id)s' % dict(via_id=via_id)
],
backend_header_dict['via']
header_dict['via']
)
def test_telemetry_disabled(self):
# here we trust that telemetry not present in error log means it was
# really disabled
error_log_file = glob.glob(
os.path.join(
self.instance_path, '*', 'var', 'log', 'frontend-error.log'))[0]
with open(error_log_file) as fh:
self.assertNotIn('Sending telemetry', fh.read(), 'Telemetry enabled')
def test_url(self):
parameter_dict = self.assertSlaveBase(
'Url',
......@@ -2336,7 +2348,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqual(j['Incoming Headers']['timeout'], '10')
self.assertFalse('Content-Encoding' in headers)
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
'secured=value;secure, nonsecured=value',
......@@ -2373,6 +2385,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
headers = self.assertResponseHeaders(
result_http, via=False, backend_reached=False)
self.assertEqual(
'https://url.example.com:%s/test-path/deeper' % (HTTP_PORT,),
headers['Location']
......@@ -2396,6 +2409,19 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertIn("backend _Url-http\n", content)
self.assertNotIn("backend _Url-https\n", content)
# check out access via IPv6
out_ipv6, err_ipv6 = self._curl(
parameter_dict['domain'], self._ipv6_address, HTTPS_PORT)
try:
j = json.loads(out_ipv6.decode())
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (out_ipv6.decode(),))
self.assertEqual(
self._ipv6_address,
j['Incoming Headers']['x-forwarded-for']
)
def test_url_netloc_list(self):
parameter_dict = self.assertSlaveBase('url-netloc-list')
result = fakeHTTPSResult(parameter_dict['domain'], 'path')
......@@ -2443,7 +2469,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqual(j['Incoming Headers']['timeout'], '10')
self.assertFalse('Content-Encoding' in result.headers)
self.assertBackendHeaders(
self.assertRequestHeaders(
j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
......@@ -2518,7 +2544,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqual(j['Incoming Headers']['timeout'], '10')
self.assertFalse('Content-Encoding' in result.headers)
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
'secured=value;secure, nonsecured=value',
......@@ -2607,40 +2633,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
}
)
self.assertEqual(
'text/xml; charset=utf-8',
result.headers['Content-Type']
)
@skip('Feature postponed')
def test_url_ipv6_access(self):
parameter_dict = self.parseSlaveParameterDict('url')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'url.example.com',
'replication_number': '1',
'url': 'http://url.example.com',
'site_url': 'http://url.example.com',
'secure_access': 'https://url.example.com',
},
parameter_dict
)
result_ipv6 = fakeHTTPSResult(
parameter_dict['domain'], self._ipv6_address, 'test-path',
source_ip=self._ipv6_address)
self.assertEqual(
self._ipv6_address,
result_ipv6.json()['Incoming Headers']['x-forwarded-for']
)
self.assertEqual(
self.certificate_pem,
der2pem(result_ipv6.peercert))
self.assertEqualResultJson(result_ipv6, 'Path', '/test-path')
self.assertNotIn('Content-Type', result.headers)
def test_type_zope_path(self):
parameter_dict = self.assertSlaveBase('type-zope-path')
......@@ -2749,7 +2742,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqual(j['Incoming Headers']['timeout'], '10')
self.assertFalse('Content-Encoding' in result.headers)
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
'secured=value;secure, nonsecured=value',
......@@ -3057,7 +3050,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson(
result,
......@@ -3076,7 +3069,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
self.assertEqual(
'https://typezope.example.com:%s/test-path/deep/.././deeper' % (
'https://typezope.example.com:%s/test-path/deeper' % (
HTTP_PORT,),
result.headers['Location']
)
......@@ -3097,7 +3090,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson(
result,
......@@ -3132,7 +3125,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson(
result,
......@@ -3175,7 +3168,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson(
result,
......@@ -3195,7 +3188,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
self.assertEqual(
'https://%s:%s/test-path/deep/.././deeper' % (
'https://%s:%s/test-path/deeper' % (
parameter_dict['domain'], HTTP_PORT),
result.headers['Location']
)
......@@ -3213,7 +3206,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson(
result,
......@@ -3236,7 +3229,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
self.assertEqual(
'https://%s:%s/test-path/deep/.././deeper' % (
'https://%s:%s/test-path/deeper' % (
parameter_dict['domain'], HTTP_PORT),
result.headers['Location']
)
......@@ -3274,29 +3267,35 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
def test_type_notebook(self):
# CDN's type:notebook in haproxy world is simply like type:websocket on
# default parameters, so test has been adapted
# generally, websocket is possible to be served on any path, which is
# haproxy default
parameter_dict = self.assertSlaveBase('type-notebook')
result = fakeHTTPSResult(
parameter_dict['domain'],
'test-path',
HTTPS_PORT)
parameter_dict['domain'], 'test-path',
headers={'Connection': 'Upgrade'})
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
result = fakeHTTPSResult(
parameter_dict['domain'],
'test/terminals/websocket/test',
HTTPS_PORT)
self.assertEqualResultJson(
result,
'Path',
'/test-path'
)
try:
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/terminals/websocket')
'Upgrade',
j['Incoming Headers']['connection']
)
self.assertTrue('x-real-ip' in j['Incoming Headers'])
self.assertFalse(
isHTTP2(parameter_dict['domain']))
......@@ -3321,7 +3320,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
'Upgrade',
j['Incoming Headers']['connection']
......@@ -3351,10 +3350,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
parsed = urllib.parse.urlparse(self.backend_url)
self.assertBackendHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
ignore_header_list=['Host'])
self.assertRequestHeaders(
j['Incoming Headers'], port='17', proto='irc')
self.assertEqual(
'Upgrade',
j['Incoming Headers']['connection']
......@@ -3386,8 +3383,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertTrue('x-real-ip' in j['Incoming Headers'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertFalse('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult(
parameter_dict['domain'], 'ws/test-path',
......@@ -3404,7 +3401,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
'Upgrade',
j['Incoming Headers']['connection']
......@@ -3426,7 +3423,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
'Upgrade',
j['Incoming Headers']['connection']
......@@ -3457,10 +3454,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
parsed = urllib.parse.urlparse(self.backend_url)
self.assertBackendHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
ignore_header_list=['Host'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertFalse('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult(
......@@ -3478,9 +3472,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
ignore_header_list=['Host'])
self.assertRequestHeaders(
j['Incoming Headers'], port='17', proto='irc')
self.assertEqual(
'Upgrade',
j['Incoming Headers']['connection']
......@@ -3502,9 +3495,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
ignore_header_list=['Host'])
self.assertRequestHeaders(
j['Incoming Headers'], port='17', proto='irc')
self.assertEqual(
'Upgrade',
j['Incoming Headers']['connection']
......@@ -3532,6 +3524,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
result.headers['Location']
)
self.assertResponseHeaders(
result, via=False, backend_reached=False)
result = fakeHTTPResult(
parameter_dict['domain'],
'test-path/deep/.././deeper')
......@@ -3546,6 +3541,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
result.headers['Location']
)
self.assertResponseHeaders(
result, via=False, backend_reached=False)
def test_type_redirect_custom_domain(self):
parameter_dict = self.assertSlaveBase(
'type-redirect-custom_domain', hostname='customdomaintyperedirect')
......@@ -3568,6 +3566,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
result.headers['Location']
)
self.assertResponseHeaders(
result, via=False, backend_reached=False)
def test_ssl_proxy_verify_ssl_proxy_ca_crt_unverified(self):
parameter_dict = self.assertSlaveBase(
'ssl-proxy-verify_ssl_proxy_ca_crt-unverified')
......@@ -3614,7 +3615,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertFalse('Content-Encoding' in result.headers)
......@@ -3728,7 +3729,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
def test_ciphers(self):
parameter_dict = self.assertSlaveBase('ciphers')
parameter_dict = self.assertSlaveBase(
'ciphers', expected_parameter_dict={
'warning-list': [
"Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
"Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'"]})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
......@@ -3754,12 +3759,73 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
configuration_file = glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d', '_ciphers.conf'
self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
))[0]
with open(configuration_file) as fh:
self.assertIn(
'ciphers RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA',
fh.read())
self.assertTrue(
'/_ciphers.pem [ciphers DES-CBC3-SHA:AES128-SHA '
in fh.read()
)
def test_ciphers_translation_all(self):
parameter_dict = self.assertSlaveBase(
'ciphers-translation-all', expected_parameter_dict={
'warning-list': [
"Cipher 'ECDHE-ECDSA-AES128-CBC-SHA' translated to "
"'ECDHE-ECDSA-AES128-SHA'",
"Cipher 'ECDHE-ECDSA-AES256-CBC-SHA' translated to "
"'ECDHE-ECDSA-AES256-SHA'",
"Cipher 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305' translated to "
"'ECDHE-ECDSA-CHACHA20-POLY1305'",
"Cipher 'ECDHE-RSA-3DES-EDE-CBC-SHA' translated to "
"'ECDHE-RSA-DES-CBC3-SHA'",
"Cipher 'ECDHE-RSA-AES128-CBC-SHA' translated to "
"'ECDHE-RSA-AES128-SHA'",
"Cipher 'ECDHE-RSA-AES256-CBC-SHA' translated to "
"'ECDHE-RSA-AES256-SHA'",
"Cipher 'ECDHE-RSA-WITH-CHACHA20-POLY1305' translated to "
"'ECDHE-RSA-CHACHA20-POLY1305'",
"Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
"Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'",
"Cipher 'RSA-AES256-CBC-SHA' translated to 'AES256-SHA'"]})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(http.client.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
http.client.FOUND,
result_http.status_code
)
self.assertEqual(
'https://cipherstranslationall.example.com:%s/test-path' % (HTTP_PORT,),
result_http.headers['Location']
)
configuration_file = glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
))[0]
with open(configuration_file) as fh:
self.assertTrue(
'/_ciphers.translation.all.pem [ciphers '
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:'
'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:'
'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:'
'ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:'
'ECDHE-ECDSA-AES128-SHA:AES256-SHA:AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:'
'DES-CBC3-SHA'
in fh.read()
)
def test_enable_cache_custom_domain(self):
parameter_dict = self.assertSlaveBase(
......@@ -3788,7 +3854,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(
self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True)
def test_enable_cache_server_alias(self):
......@@ -3816,7 +3882,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(
self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True)
result = fakeHTTPResult(
......@@ -3899,7 +3965,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(
self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True)
# BEGIN: Check that squid.log is correctly filled in
......@@ -4038,7 +4104,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(
self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True)
# check stale-if-error support is really respected if not present in the
......@@ -4168,7 +4234,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(
self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True)
try:
......@@ -4202,7 +4268,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
)
backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(
self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True)
def test_enable_http2_false(self):
......@@ -4223,6 +4289,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
{
'Content-Type': 'application/json',
'Set-Cookie': 'secured=value;secure, nonsecured=value',
'Connection': 'keep-alive',
},
headers
)
......@@ -4247,6 +4314,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
{
'Content-type': 'application/json',
'Set-Cookie': 'secured=value;secure, nonsecured=value',
'Connection': 'keep-alive',
},
headers
)
......@@ -4269,7 +4337,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding'])
......@@ -4281,7 +4349,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding'])
......@@ -4309,7 +4377,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'],
port=HTTP_PORT, proto='http')
self.assertEqual(
......@@ -4322,7 +4390,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'],
port=HTTP_PORT, proto='http')
self.assertEqual(
......@@ -4355,7 +4423,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding'])
......@@ -4367,7 +4435,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding'])
......@@ -4446,16 +4514,18 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
result.headers['Location']
)
def _curl(self, domain, ip, port, cookie):
def _curl(self, domain, ip, port, cookie=None):
replacement_dict = dict(
domain=domain, ip=TEST_IP, port=HTTPS_PORT)
domain=domain, ip=ip, port=port)
curl_command = [
'curl', '-v', '-k',
'-H', 'Host: %(domain)s' % replacement_dict,
'--resolve', '%(domain)s:%(port)s:%(ip)s' % replacement_dict,
'--cookie', cookie,
'https://%(domain)s:%(port)s/' % replacement_dict,
]
if cookie is not None:
curl_command.extend(['--cookie', cookie])
curl_command.extend([
'https://%(domain)s:%(port)s/' % replacement_dict])
prc = subprocess.Popen(
curl_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
......@@ -4466,37 +4536,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
curl_command, out, err))
return out, err
@expectedFailure
def test_disabled_cookie_list(self):
parameter_dict = self.assertSlaveBase('disabled-cookie-list')
out, err = self._curl(
parameter_dict['domain'], TEST_IP, HTTPS_PORT,
# Note: Cookie order is extremely important here, do not change
# or test will start to pass incorrectly
'Coconut=absent; Chocolate=absent; Coffee=present; Vanilia=absent',
'Tea=present; Coconut=absent; DarkChocolate=present; Chocolate=absent; '
'Coffee=present; Vanilia=absent; Water=present',
)
# self check - were the cookies sent in required order?
self.assertIn(
'ookie: Coconut=absent; Chocolate=absent; Coffee=present; '
'Vanilia=absent',
'ookie: Tea=present; Coconut=absent; DarkChocolate=present; '
'Chocolate=absent; Coffee=present; Vanilia=absent; Water=present',
err.decode())
# real test - all configured cookies are dropped
self.assertEqual(
'Coffee=present', json.loads(out)['Incoming Headers']['cookie'])
'Tea=present; DarkChocolate=present; Coffee=present; Water=present',
json.loads(out)['Incoming Headers']['cookie'])
def test_disabled_cookie_list_simple(self):
parameter_dict = self.assertSlaveBase('disabled-cookie-list')
parameter_dict = self.assertSlaveBase('disabled-cookie-list-simple')
out, err = self._curl(
parameter_dict['domain'], TEST_IP, HTTPS_PORT,
'WhiteChocolate=present; Chocolate=absent; Coffee=present',
'Chocolate=absent; Coffee=present',
)
# self check - were the cookies sent in required order?
self.assertIn(
'ookie: WhiteChocolate=present; Chocolate=absent; Coffee=present',
'ookie: Chocolate=absent; Coffee=present',
err.decode())
# real test - all configured cookies are dropped
self.assertEqual(
'WhiteChocolate=present ; Coffee=present',
'Coffee=present',
json.loads(out)['Incoming Headers']['cookie'])
def test_https_url(self):
......@@ -4515,7 +4586,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/https/test-path/deeper')
self.assertBackendHeaders(
self.assertRequestHeaders(
result.json()['Incoming Headers'],
parameter_dict['domain'])
......@@ -4545,6 +4616,30 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
timeout connect 10s
retries 5""" in content)
def test_header_date(self):
# Precisely check out Date header behaviour
frontend = 'url_https-url'
parameter_dict = self.assertSlaveBase(frontend)
backend_url = self.getSlaveParameterDictDict()[
frontend]['https-url'].strip()
normal_path = 'normal'
with_date_path = 'with_date'
specific_date = 'Fri, 07 Dec 2001 00:00:00 GMT'
result_configure = requests.put(
backend_url + '/' + with_date_path, headers={
'X-Reply-Header-Date': specific_date
})
self.assertEqual(result_configure.status_code, http.client.CREATED)
result_normal = fakeHTTPSResult(parameter_dict['domain'], normal_path)
result_with_date = fakeHTTPSResult(
parameter_dict['domain'], with_date_path)
# Prove that Date header with value specific_date send by backend is NOT
# modified by the CDN, but some Date header is added, if backend sends non
self.assertEqual(result_with_date.headers['Date'], specific_date)
self.assertNotEqual(result_normal.headers['Date'], specific_date)
def test_https_url_netloc_list(self):
parameter_dict = self.assertSlaveBase('https-url-netloc-list')
result = fakeHTTPSResult(parameter_dict['domain'], 'path')
......@@ -4651,17 +4746,21 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
parameter_dict['domain'], 'test-path')
self.assertEqual(http.client.FOUND, result_http.status_code)
# prove 2nd frontend by inspection of the instance
slave_configuration_name = '_replicate.conf'
slave_configuration_file_list = [
'/'.join([f[0], slave_configuration_name]) for f in [
q for q in os.walk(self.instance_path)
if slave_configuration_name in q[2]
]
]
self.assertEqual(
2, len(slave_configuration_file_list), slave_configuration_file_list)
# prove replication by asserting that slave ended up in both nodes
frontend_haproxy_cfg_list = glob.glob(
os.path.join(self.instance_path, '*', 'etc', 'frontend-haproxy.cfg'))
self.assertEqual(2, len(frontend_haproxy_cfg_list))
for frontend_haproxy_cfg in frontend_haproxy_cfg_list:
with open(frontend_haproxy_cfg) as fh:
self.assertIn('backend _replicate-http', fh.read())
self.assertEqual(
2,
len(
glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'frontend-haproxy.d',
'._replicate.htpasswd')))
)
class TestReplicateSlaveOtherDestroyed(SlaveHttpFrontendTestCase):
......@@ -4947,7 +5046,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
}
@classmethod
......@@ -5106,7 +5204,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
}
@classmethod
......@@ -5665,7 +5762,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
}
@classmethod
......@@ -5761,7 +5857,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
'ciphers': 'ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384'
}
......@@ -5821,12 +5916,12 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
configuration_file = glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d',
'_default_ciphers.conf'
self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
))[0]
with open(configuration_file) as fh:
self.assertIn(
'ciphers ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384',
'_default_ciphers.pem [ciphers '
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384 ',
fh.read())
def test_own_ciphers(self):
......@@ -5847,12 +5942,12 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
configuration_file = glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d',
'_own_ciphers.conf'
self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
))[0]
with open(configuration_file) as fh:
self.assertIn(
'ciphers ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256',
'_own_ciphers.pem [ciphers '
'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 ',
fh.read())
......@@ -6470,7 +6565,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
'request-timeout': '12',
}
......@@ -6573,7 +6667,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'apache-key': self.key_pem,
'domain': 'example.com',
'enable-http2-by-default': True,
'mpm-graceful-shutdown-timeout': 2,
're6st-verification-url': 're6st-verification-url',
'backend-connect-timeout': 2,
'backend-connect-retries': 1,
......@@ -6665,12 +6758,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'domain': 'example.com',
'enable-http2-by-default': 'True',
'extra_slave_instance_list': '[]',
'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-1',
'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8411,
'monitor-username': 'admin',
'mpm-graceful-shutdown-timeout': '2',
'plain_http_port': '11080',
'port': '11443',
'ram-cache-size': '512K',
......@@ -6691,12 +6785,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'domain': 'example.com',
'enable-http2-by-default': 'True',
'extra_slave_instance_list': '[]',
'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-2',
'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8412,
'monitor-username': 'admin',
'mpm-graceful-shutdown-timeout': '2',
'plain_http_port': '11080',
'port': '11443',
'ram-cache-size': '256K',
......@@ -6717,12 +6812,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'domain': 'example.com',
'enable-http2-by-default': 'True',
'extra_slave_instance_list': '[]',
'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-3',
'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8413,
'monitor-username': 'admin',
'mpm-graceful-shutdown-timeout': '2',
'plain_http_port': '11080',
'port': '11443',
're6st-verification-url': 're6st-verification-url',
......@@ -6765,7 +6861,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'full_address_list': [],
'instance_title': 'testing partition 0',
'kedifa_port': '15080',
'mpm-graceful-shutdown-timeout': '2',
'plain_http_port': '11080',
'port': '11443',
're6st-verification-url': 're6st-verification-url',
......@@ -6793,7 +6888,6 @@ class TestSlaveHealthCheck(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
'request-timeout': '12',
}
......@@ -6930,7 +7024,7 @@ backend _health-check-custom-http
retries 3
server _health-check-custom-backend-http %s check inter 15s"""
""" rise 3 fall 7
option httpchk POST /POST-path%%20to%%20be%%20encoded HTTP/1.0
option httpchk POST /POST-path%%%%20to%%%%20be%%%%20encoded HTTP/1.0
timeout check 7s""" % (backend,),
'health-check-default': """\
backend _health-check-default-http
......
......@@ -104,6 +104,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -106,6 +106,8 @@
"domain": "example.com",
"enable-http2-by-default": "false",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -62,6 +62,8 @@
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -15,8 +15,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -25,8 +23,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -30,14 +30,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -60,6 +60,8 @@
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -62,6 +62,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -76,6 +76,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -7,10 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_default_access_log
T-2/var/log/httpd/_default_error_log
T-2/var/log/frontend-haproxy.log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -76,6 +76,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_default_access_log
T-2/var/log/httpd/_default_backend_log
T-2/var/log/httpd/_default_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -80,6 +80,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......@@ -117,6 +119,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-2",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_replicate_access_log
T-2/var/log/httpd/_replicate_backend_log
T-2/var/log/httpd/_replicate_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......@@ -19,10 +17,7 @@ T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
T-3/var/log/backend-haproxy.log
T-3/var/log/expose-csr.log
T-3/var/log/frontend-access.log
T-3/var/log/frontend-error.log
T-3/var/log/httpd/_replicate_access_log
T-3/var/log/httpd/_replicate_error_log
T-3/var/log/frontend-haproxy.log
T-3/var/log/monitor-httpd-access.log
T-3/var/log/monitor-httpd-error.log
T-3/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......@@ -16,5 +18,6 @@ T-3/var/run/backend-haproxy.pid
T-3/var/run/backend_haproxy_configuration_last_state
T-3/var/run/backend_haproxy_graceful_configuration_state_signature
T-3/var/run/graceful_configuration_state_signature
T-3/var/run/httpd.pid
T-3/var/run/slave_introspection_configuration_last_state
T-3/var/run/slave_introspection_graceful_configuration_state_signature
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......@@ -37,8 +36,6 @@ T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-3:6tunnel-11080-{hash-generic}-on-watch STOPPED
T-3:6tunnel-11443-{hash-generic}-on-watch STOPPED
T-3:backend-client-login-certificate-caucase-updater-on-watch STOPPED
T-3:backend-haproxy-{hash-generic}-on-watch STOPPED
T-3:backend-haproxy-rsyslogd-{hash-generic}-on-watch STOPPED
......@@ -47,8 +44,9 @@ T-3:bootstrap-monitor EXITED
T-3:certificate_authority-{hash-generic}-on-watch STOPPED
T-3:crond-{hash-generic}-on-watch STOPPED
T-3:expose-csr-{hash-generic}-on-watch STOPPED
T-3:frontend-caddy-safe-graceful EXITED
T-3:frontend_caddy-{hash-caddy-T-3}-on-watch STOPPED
T-3:frontend-haproxy-{hash-generic}-on-watch STOPPED
T-3:frontend-haproxy-rsyslogd-{hash-generic}-on-watch STOPPED
T-3:frontend-haproxy-safe-graceful EXITED
T-3:kedifa-login-certificate-caucase-updater-on-watch STOPPED
T-3:kedifa-updater-{hash-generic}-on-watch STOPPED
T-3:monitor-httpd-{hash-generic}-on-watch STOPPED
......
......@@ -35,14 +35,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......@@ -60,14 +60,14 @@ T-3/etc/plugin/backend-haproxy-statistic-frontend.py
T-3/etc/plugin/backend_haproxy_http.py
T-3/etc/plugin/backend_haproxy_https.py
T-3/etc/plugin/buildout-T-3-status.py
T-3/etc/plugin/caddy_frontend_ipv4_http.py
T-3/etc/plugin/caddy_frontend_ipv4_https.py
T-3/etc/plugin/caddy_frontend_ipv6_http.py
T-3/etc/plugin/caddy_frontend_ipv6_https.py
T-3/etc/plugin/caucase-updater.py
T-3/etc/plugin/check-free-disk-space.py
T-3/etc/plugin/expose-csr-ip-port-listening.py
T-3/etc/plugin/frontend-caddy-configuration-promise.py
T-3/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-3/etc/plugin/frontend_haproxy_ipv4_http.py
T-3/etc/plugin/frontend_haproxy_ipv4_https.py
T-3/etc/plugin/frontend_haproxy_ipv6_http.py
T-3/etc/plugin/frontend_haproxy_ipv6_https.py
T-3/etc/plugin/monitor-bootstrap-status.py
T-3/etc/plugin/monitor-http-frontend.py
T-3/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -15,7 +15,6 @@
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"request-timeout": "12",
......@@ -435,6 +434,12 @@
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ciphers",
"slave_title": "_ciphers"
},
{
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA RSA-3DES-EDE-CBC-SHA",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ciphers-translation-all",
"slave_title": "_ciphers-translation-all"
}
],
"timestamp": "@@TIMESTAMP@@"
......@@ -476,6 +481,10 @@
"ciphers": "RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA",
"slave_reference": "_ciphers"
},
{
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA RSA-3DES-EDE-CBC-SHA",
"slave_reference": "_ciphers-translation-all"
},
{
"custom_domain": "mycustomdomain.example.com",
"slave_reference": "_custom_domain",
......@@ -777,7 +786,9 @@
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"authenticate-to-backend\": true, \"slave_reference\": \"_Url\", \"url\": \" http://@@_ipv4_address@@:@@_server_http_port@@//?a=b&c= \"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend-backend-ignore\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_auth-to-backend-not-configured\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"slave_reference\": \"_bad-backend\", \"url\": \"http://bad.backend/\"}, {\"ciphers\": \"RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA\", \"slave_reference\": \"_ciphers\"}, {\"custom_domain\": \"mycustomdomain.example.com\", \"slave_reference\": \"_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"mycustomdomainserveralias.example.com\", \"server-alias\": \"mycustomdomainserveralias1.example.com\", \"slave_reference\": \"_custom_domain_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"*.customdomain.example.com\", \"slave_reference\": \"_custom_domain_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Coconut Chocolate Vanilia\", \"slave_reference\": \"_disabled-cookie-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Chocolate\", \"slave_reference\": \"_disabled-cookie-list-simple\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_empty\"}, {\"slave_reference\": \"_enable-http2-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable-http2\": false, \"slave_reference\": \"_enable-http2-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_enable_cache\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-no-cache-request\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-no-cache-request\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-via-header\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-via-header\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"https-only\": false, \"slave_reference\": \"_enable_cache-https-only-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainenablecache.example.com\", \"enable_cache\": true, \"slave_reference\": \"_enable_cache_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"server-alias\": \"enablecacheserveralias1.example.com\", \"slave_reference\": \"_enable_cache_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"slave_reference\": \"_https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"https-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"slave_reference\": \"_https-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}, {\"monitor-ipv4-test\": \"monitor-ipv4-test\", \"slave_reference\": \"_monitor-ipv4-test\"}, {\"monitor-ipv6-test\": \"monitor-ipv6-test\", \"slave_reference\": \"_monitor-ipv6-test\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend-https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias1.example.com alias2.example.com\", \"slave_reference\": \"_server-alias\", \"strict-transport-security\": \"200\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias3.example.com\", \"slave_reference\": \"_server-alias-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"\", \"slave_reference\": \"_server-alias-empty\", \"strict-transport-security\": \"200\", \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"*.alias1.example.com\", \"slave_reference\": \"_server-alias-wildcard\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"alias4.example.com\", \"server-alias\": \"\", \"slave_reference\": \"_server-alias_custom_domain-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify-unverified\", \"ssl-proxy-verify\": true, \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@test_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@another_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"https-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"slave_reference\": \"_type-redirect\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomaintyperedirect.example.com\", \"slave_reference\": \"_type-redirect-custom_domain\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-websocket-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-zope\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"default-path\": \"///default-path/to/some/resource///\", \"slave_reference\": \"_type-zope-default-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"path\": \"///path/to/some/resource///\", \"slave_reference\": \"_type-zope-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend-https-only\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"slave_reference\": \"_type-zope-virtualhostroot-http-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-http-port\": \"12345\"}, {\"slave_reference\": \"_type-zope-virtualhostroot-https-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-https-port\": \"12345\"}, {\"slave_reference\": \"_url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\"}, {\"backend-connect-retries\": 5, \"backend-connect-timeout\": 10, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"request-timeout\": 15, \"slave_reference\": \"_url_https-url\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}]",
"extra_slave_instance_list": "[{\"authenticate-to-backend\": true, \"slave_reference\": \"_Url\", \"url\": \" http://@@_ipv4_address@@:@@_server_http_port@@//?a=b&c= \"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend-backend-ignore\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_auth-to-backend-not-configured\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"slave_reference\": \"_bad-backend\", \"url\": \"http://bad.backend/\"}, {\"ciphers\": \"RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA\", \"slave_reference\": \"_ciphers\"}, {\"ciphers\": \"ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA RSA-3DES-EDE-CBC-SHA\", \"slave_reference\": \"_ciphers-translation-all\"}, {\"custom_domain\": \"mycustomdomain.example.com\", \"slave_reference\": \"_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"mycustomdomainserveralias.example.com\", \"server-alias\": \"mycustomdomainserveralias1.example.com\", \"slave_reference\": \"_custom_domain_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"*.customdomain.example.com\", \"slave_reference\": \"_custom_domain_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Coconut Chocolate Vanilia\", \"slave_reference\": \"_disabled-cookie-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Chocolate\", \"slave_reference\": \"_disabled-cookie-list-simple\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_empty\"}, {\"slave_reference\": \"_enable-http2-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable-http2\": false, \"slave_reference\": \"_enable-http2-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_enable_cache\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-no-cache-request\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-no-cache-request\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-via-header\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-via-header\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"https-only\": false, \"slave_reference\": \"_enable_cache-https-only-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainenablecache.example.com\", \"enable_cache\": true, \"slave_reference\": \"_enable_cache_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"server-alias\": \"enablecacheserveralias1.example.com\", \"slave_reference\": \"_enable_cache_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"slave_reference\": \"_https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"https-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"slave_reference\": \"_https-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}, {\"monitor-ipv4-test\": \"monitor-ipv4-test\", \"slave_reference\": \"_monitor-ipv4-test\"}, {\"monitor-ipv6-test\": \"monitor-ipv6-test\", \"slave_reference\": \"_monitor-ipv6-test\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend-https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias1.example.com alias2.example.com\", \"slave_reference\": \"_server-alias\", \"strict-transport-security\": \"200\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias3.example.com\", \"slave_reference\": \"_server-alias-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"\", \"slave_reference\": \"_server-alias-empty\", \"strict-transport-security\": \"200\", \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"*.alias1.example.com\", \"slave_reference\": \"_server-alias-wildcard\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"alias4.example.com\", \"server-alias\": \"\", \"slave_reference\": \"_server-alias_custom_domain-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify-unverified\", \"ssl-proxy-verify\": true, \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@test_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@another_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"https-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"slave_reference\": \"_type-redirect\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomaintyperedirect.example.com\", \"slave_reference\": \"_type-redirect-custom_domain\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-websocket-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-zope\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"default-path\": \"///default-path/to/some/resource///\", \"slave_reference\": \"_type-zope-default-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"path\": \"///path/to/some/resource///\", \"slave_reference\": \"_type-zope-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend-https-only\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"slave_reference\": \"_type-zope-virtualhostroot-http-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-http-port\": \"12345\"}, {\"slave_reference\": \"_type-zope-virtualhostroot-https-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-https-port\": \"12345\"}, {\"slave_reference\": \"_url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\"}, {\"backend-connect-retries\": 5, \"backend-connect-timeout\": 10, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"request-timeout\": 15, \"slave_reference\": \"_url_https-url\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......@@ -785,11 +796,10 @@
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"request-timeout": "12",
"slave-kedifa-information": "{\"_Url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-backend-ignore\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-not-configured\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@?auth=\"}, \"_bad-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@?auth=\"}, \"_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@?auth=\"}, \"_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@?auth=\"}, \"_custom_domain_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_custom_domain_wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list-simple\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@?auth=\"}, \"_empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@?auth=\"}, \"_enable-http2-default\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@?auth=\"}, \"_enable-http2-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-no-cache-request\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-via-header\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@?auth=\"}, \"_enable_cache-https-only-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@?auth=\"}, \"_enable_cache_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@?auth=\"}, \"_https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@?auth=\"}, \"_https-url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv4-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv6-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_server-alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@?auth=\"}, \"_server-alias-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@?auth=\"}, \"_server-alias-empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@?auth=\"}, \"_server-alias-wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@?auth=\"}, \"_server-alias_custom_domain-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@?auth=\"}, \"_type-notebook\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@?auth=\"}, \"_type-redirect\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@?auth=\"}, \"_type-redirect-custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@?auth=\"}, \"_type-websocket\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-zope\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@?auth=\"}, \"_type-zope-default-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-http-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-https-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@?auth=\"}, \"_url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_url_https-url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@?auth=\"}}"
"slave-kedifa-information": "{\"_Url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-backend-ignore\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-not-configured\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@?auth=\"}, \"_bad-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@?auth=\"}, \"_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@?auth=\"}, \"_ciphers-translation-all\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers-translation-all_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers-translation-all_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers-translation-all_key-generate-auth-url@@?auth=\"}, \"_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@?auth=\"}, \"_custom_domain_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_custom_domain_wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list-simple\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@?auth=\"}, \"_empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@?auth=\"}, \"_enable-http2-default\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@?auth=\"}, \"_enable-http2-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-no-cache-request\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-via-header\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@?auth=\"}, \"_enable_cache-https-only-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@?auth=\"}, \"_enable_cache_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@?auth=\"}, \"_https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@?auth=\"}, \"_https-url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv4-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv6-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_server-alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@?auth=\"}, \"_server-alias-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@?auth=\"}, \"_server-alias-empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@?auth=\"}, \"_server-alias-wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@?auth=\"}, \"_server-alias_custom_domain-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@?auth=\"}, \"_type-notebook\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@?auth=\"}, \"_type-redirect\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@?auth=\"}, \"_type-redirect-custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@?auth=\"}, \"_type-websocket\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-zope\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@?auth=\"}, \"_type-zope-default-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-http-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-https-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@?auth=\"}, \"_url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_url_https-url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
"instance_title": "caddy-frontend-1",
......
......@@ -7,166 +7,109 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_backend_log
T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_auth-to-backend-backend-ignore_access_log
T-2/var/log/httpd/_auth-to-backend-backend-ignore_backend_log
T-2/var/log/httpd/_auth-to-backend-backend-ignore_error_log
T-2/var/log/httpd/_auth-to-backend-not-configured_access_log
T-2/var/log/httpd/_auth-to-backend-not-configured_backend_log
T-2/var/log/httpd/_auth-to-backend-not-configured_error_log
T-2/var/log/httpd/_auth-to-backend_access_log
T-2/var/log/httpd/_auth-to-backend_backend_log
T-2/var/log/httpd/_auth-to-backend_error_log
T-2/var/log/httpd/_bad-backend_access_log
T-2/var/log/httpd/_bad-backend_backend_log
T-2/var/log/httpd/_bad-backend_error_log
T-2/var/log/httpd/_ciphers-translation-all_access_log
T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log
T-2/var/log/httpd/_custom_domain_backend_log
T-2/var/log/httpd/_custom_domain_error_log
T-2/var/log/httpd/_custom_domain_server_alias_access_log
T-2/var/log/httpd/_custom_domain_server_alias_backend_log
T-2/var/log/httpd/_custom_domain_server_alias_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
T-2/var/log/httpd/_custom_domain_wildcard_access_log
T-2/var/log/httpd/_custom_domain_wildcard_error_log
T-2/var/log/httpd/_disabled-cookie-list-simple_access_log
T-2/var/log/httpd/_disabled-cookie-list-simple_backend_log
T-2/var/log/httpd/_disabled-cookie-list-simple_error_log
T-2/var/log/httpd/_disabled-cookie-list_access_log
T-2/var/log/httpd/_disabled-cookie-list_backend_log
T-2/var/log/httpd/_disabled-cookie-list_error_log
T-2/var/log/httpd/_empty_access_log
T-2/var/log/httpd/_empty_error_log
T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_backend_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable_cache-disable-no-cache-request_access_log
T-2/var/log/httpd/_enable_cache-disable-no-cache-request_backend_log
T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log
T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
T-2/var/log/httpd/_enable_cache-https-only-false_access_log
T-2/var/log/httpd/_enable_cache-https-only-false_backend_log
T-2/var/log/httpd/_enable_cache-https-only-false_error_log
T-2/var/log/httpd/_enable_cache_access_log
T-2/var/log/httpd/_enable_cache_backend_log
T-2/var/log/httpd/_enable_cache_custom_domain_access_log
T-2/var/log/httpd/_enable_cache_custom_domain_backend_log
T-2/var/log/httpd/_enable_cache_custom_domain_error_log
T-2/var/log/httpd/_enable_cache_error_log
T-2/var/log/httpd/_enable_cache_server_alias_access_log
T-2/var/log/httpd/_enable_cache_server_alias_backend_log
T-2/var/log/httpd/_enable_cache_server_alias_error_log
T-2/var/log/httpd/_https-only_access_log
T-2/var/log/httpd/_https-only_backend_log
T-2/var/log/httpd/_https-only_error_log
T-2/var/log/httpd/_https-url-netloc-list_access_log
T-2/var/log/httpd/_https-url-netloc-list_backend_log
T-2/var/log/httpd/_https-url-netloc-list_error_log
T-2/var/log/httpd/_monitor-ipv4-test_access_log
T-2/var/log/httpd/_monitor-ipv4-test_error_log
T-2/var/log/httpd/_monitor-ipv6-test_access_log
T-2/var/log/httpd/_monitor-ipv6-test_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_backend_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_server-alias-duplicated_access_log
T-2/var/log/httpd/_server-alias-duplicated_backend_log
T-2/var/log/httpd/_server-alias-duplicated_error_log
T-2/var/log/httpd/_server-alias-empty_access_log
T-2/var/log/httpd/_server-alias-empty_backend_log
T-2/var/log/httpd/_server-alias-empty_error_log
T-2/var/log/httpd/_server-alias-wildcard_access_log
T-2/var/log/httpd/_server-alias-wildcard_backend_log
T-2/var/log/httpd/_server-alias-wildcard_error_log
T-2/var/log/httpd/_server-alias_access_log
T-2/var/log/httpd/_server-alias_backend_log
T-2/var/log/httpd/_server-alias_custom_domain-duplicated_access_log
T-2/var/log/httpd/_server-alias_custom_domain-duplicated_backend_log
T-2/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
T-2/var/log/httpd/_server-alias_error_log
T-2/var/log/httpd/_ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd/_ssl-proxy-verify-unverified_backend_log
T-2/var/log/httpd/_ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_backend_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_backend_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_error_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
T-2/var/log/httpd/_ssl_ca_crt_only_access_log
T-2/var/log/httpd/_ssl_ca_crt_only_backend_log
T-2/var/log/httpd/_ssl_ca_crt_only_error_log
T-2/var/log/httpd/_type-notebook_access_log
T-2/var/log/httpd/_type-notebook_backend_log
T-2/var/log/httpd/_type-notebook_error_log
T-2/var/log/httpd/_type-redirect-custom_domain_access_log
T-2/var/log/httpd/_type-redirect-custom_domain_error_log
T-2/var/log/httpd/_type-redirect_access_log
T-2/var/log/httpd/_type-redirect_error_log
T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_access_log
T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_backend_log
T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_error_log
T-2/var/log/httpd/_type-websocket-websocket-path-list_access_log
T-2/var/log/httpd/_type-websocket-websocket-path-list_backend_log
T-2/var/log/httpd/_type-websocket-websocket-path-list_error_log
T-2/var/log/httpd/_type-websocket-websocket-transparent-false_access_log
T-2/var/log/httpd/_type-websocket-websocket-transparent-false_backend_log
T-2/var/log/httpd/_type-websocket-websocket-transparent-false_error_log
T-2/var/log/httpd/_type-websocket_access_log
T-2/var/log/httpd/_type-websocket_backend_log
T-2/var/log/httpd/_type-websocket_error_log
T-2/var/log/httpd/_type-zope-default-path_access_log
T-2/var/log/httpd/_type-zope-default-path_backend_log
T-2/var/log/httpd/_type-zope-default-path_error_log
T-2/var/log/httpd/_type-zope-path_access_log
T-2/var/log/httpd/_type-zope-path_backend_log
T-2/var/log/httpd/_type-zope-path_error_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_backend_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_backend_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log
T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_backend_log
T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_error_log
T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_access_log
T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_backend_log
T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_error_log
T-2/var/log/httpd/_type-zope_access_log
T-2/var/log/httpd/_type-zope_backend_log
T-2/var/log/httpd/_type-zope_error_log
T-2/var/log/httpd/_url-netloc-list_access_log
T-2/var/log/httpd/_url-netloc-list_backend_log
T-2/var/log/httpd/_url-netloc-list_error_log
T-2/var/log/httpd/_url_https-url_access_log
T-2/var/log/httpd/_url_https-url_backend_log
T-2/var/log/httpd/_url_https-url_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,16 +34,16 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -16,7 +16,6 @@
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"root_instance_title": "testing partition 0",
......@@ -93,6 +92,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"ciphers\": \"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256\", \"enable_cache\": true, \"slave_reference\": \"_own_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......@@ -100,7 +101,6 @@
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"slave-kedifa-information": "{\"_default_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@?auth=\"}, \"_own_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@?auth=\"}}"
......
......@@ -7,14 +7,11 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_default_ciphers_access_log
T-2/var/log/httpd/_default_ciphers_backend_log
T-2/var/log/httpd/_default_ciphers_error_log
T-2/var/log/httpd/_own_ciphers_access_log
T-2/var/log/httpd/_own_ciphers_backend_log
T-2/var/log/httpd/_own_ciphers_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -34,16 +34,16 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -15,7 +15,6 @@
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"request-timeout": "12",
......@@ -282,6 +281,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"health-check\": true, \"health-check-http-method\": \"CONNECT\", \"slave_reference\": \"_health-check-connect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-fall\": \"7\", \"health-check-http-method\": \"POST\", \"health-check-http-path\": \"/POST-path to be encoded\", \"health-check-http-version\": \"HTTP/1.0\", \"health-check-interval\": \"15\", \"health-check-rise\": \"3\", \"health-check-timeout\": \"7\", \"slave_reference\": \"_health-check-custom\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"slave_reference\": \"_health-check-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_health-check-disabled\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-authenticate-to-failover-backend\": true, \"health-check-failover-https-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url-auth-to-backend\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-auth-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-failover-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@test_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-missing\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-missing\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@another_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-unverified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-unverified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......@@ -289,7 +290,6 @@
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"request-timeout": "12",
......
......@@ -7,38 +7,27 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_health-check-connect_access_log
T-2/var/log/httpd/_health-check-connect_backend_log
T-2/var/log/httpd/_health-check-connect_error_log
T-2/var/log/httpd/_health-check-custom_access_log
T-2/var/log/httpd/_health-check-custom_backend_log
T-2/var/log/httpd/_health-check-custom_error_log
T-2/var/log/httpd/_health-check-default_access_log
T-2/var/log/httpd/_health-check-default_backend_log
T-2/var/log/httpd/_health-check-default_error_log
T-2/var/log/httpd/_health-check-disabled_access_log
T-2/var/log/httpd/_health-check-disabled_backend_log
T-2/var/log/httpd/_health-check-disabled_error_log
T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_access_log
T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_backend_log
T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_error_log
T-2/var/log/httpd/_health-check-failover-url-netloc-list_access_log
T-2/var/log/httpd/_health-check-failover-url-netloc-list_backend_log
T-2/var/log/httpd/_health-check-failover-url-netloc-list_error_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_access_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_backend_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_error_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_access_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_backend_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_error_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_backend_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd/_health-check-failover-url_access_log
T-2/var/log/httpd/_health-check-failover-url_backend_log
T-2/var/log/httpd/_health-check-failover-url_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -15,7 +15,6 @@
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"request-timeout": "12",
......@@ -90,6 +89,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"custom_domain\": \"*.alias1.example.com\", \"slave_reference\": \"_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/wildcard\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/zspecific\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......@@ -97,7 +98,6 @@
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"request-timeout": "12",
......
......@@ -7,14 +7,11 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_wildcard_access_log
T-2/var/log/httpd/_wildcard_backend_log
T-2/var/log/httpd/_wildcard_error_log
T-2/var/log/httpd/_zspecific_access_log
T-2/var/log/httpd/_zspecific_backend_log
T-2/var/log/httpd/_zspecific_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -17,7 +17,6 @@
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"root_instance_title": "testing partition 0",
......@@ -241,6 +240,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"ssl_crt\": \"@@customdomain_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@customdomain_ca_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@certificate_pem_double@@\", \"ssl_key\": \"@@key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"ssl_ca_crt\": \"some garbage\", \"ssl_crt\": \"@@sslcacrtgarbage_ca_certificate_pem_double@@\", \"ssl_key\": \"@@sslcacrtgarbage_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_master_kedifa_overrides\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave\", \"ssl_crt\": \"@@ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master_kedifa_overrides\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......@@ -248,7 +249,6 @@
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"slave-kedifa-information": "{\"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}}"
......
......@@ -7,44 +7,31 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_backend_log
T-2/var/log/httpd/_ssl_from_master_error_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_backend_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_error_log
T-2/var/log/httpd/_ssl_from_slave_access_log
T-2/var/log/httpd/_ssl_from_slave_backend_log
T-2/var/log/httpd/_ssl_from_slave_error_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_access_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_backend_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -17,7 +17,6 @@
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"root_instance_title": "testing partition 0",
......@@ -81,6 +80,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......@@ -88,7 +89,6 @@
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}"
......
......@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_backend_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -17,7 +17,6 @@
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"root_instance_title": "testing partition 0",
......@@ -81,6 +80,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......@@ -88,7 +89,6 @@
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}"
......
......@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_backend_log
T-2/var/log/httpd/_ssl_from_master_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
......
......@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
......@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
......@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
......@@ -13,6 +13,7 @@ extends =
../../component/python-mysqlclient/buildout.cfg
../../component/python-pynacl/buildout.cfg
../../component/python-backports-lzma/buildout.cfg
../../component/selenium/buildout.cfg
../../stack/slapos.cfg
../../stack/nxdtest.cfg
......@@ -41,11 +42,6 @@ setup = ${slapos-repository:location}/
egg = slapos.test.backupserver
setup = ${slapos-repository:location}/software/backupserver/test/
[slapos.test.caddy-frontend-setup]
<= setup-develop-egg
egg = slapos.test.caddy-frontend
setup = ${slapos-repository:location}/software/caddy-frontend/test/
[slapos.test.dufs-setup]
<= setup-develop-egg
egg = slapos.test.dufs
......@@ -101,6 +97,11 @@ setup = ${slapos-repository:location}/software/powerdns/test/
egg = slapos.test.proftpd
setup = ${slapos-repository:location}/software/proftpd/test/
[slapos.test.rapid-cdn-setup]
<= setup-develop-egg
egg = slapos.test.rapid-cdn
setup = ${slapos-repository:location}/software/rapid-cdn/test/
[slapos.test.re6stnet-setup]
<= setup-develop-egg
egg = slapos.test.re6stnet
......@@ -296,12 +297,12 @@ eggs +=
${backports.lzma:egg}
${bcrypt:egg}
${psycopg2:egg}
${selenium:egg}
slapos.libnetworkcache
supervisor
${slapos.cookbook-setup:egg}
${slapos.test.backupserver-setup:egg}
${slapos.test.beremiz-ide-setup:egg}
${slapos.test.caddy-frontend-setup:egg}
${slapos.test.caucase-setup:egg}
${slapos.test.cloudooo-setup:egg}
${slapos.test.dream-setup:egg}
......@@ -330,6 +331,7 @@ eggs +=
${slapos.test.plantuml-setup:egg}
${slapos.test.powerdns-setup:egg}
${slapos.test.proftpd-setup:egg}
${slapos.test.rapid-cdn-setup:egg}
${slapos.test.re6stnet-setup:egg}
${slapos.test.repman-setup:egg}
${slapos.test.restic_rest_server-setup:egg}
......@@ -389,7 +391,6 @@ tests =
json-schemas ${slapos.cookbook-setup:setup}
backupserver ${slapos.test.backupserver-setup:setup}
beremiz-ide ${slapos.test.beremiz-ide-setup:setup}
caddy-frontend ${slapos.test.caddy-frontend-setup:setup}
caucase ${slapos.test.caucase-setup:setup}
cloudooo ${slapos.test.cloudooo-setup:setup}
dream ${slapos.test.dream-setup:setup}
......@@ -421,6 +422,7 @@ tests =
plantuml ${slapos.test.plantuml-setup:setup}
powerdns ${slapos.test.powerdns-setup:setup}
proftpd ${slapos.test.proftpd-setup:setup}
rapid-cdn ${slapos.test.rapid-cdn-setup:setup}
re6stnet ${slapos.test.re6stnet-setup:setup}
repman ${slapos.test.repman-setup:setup}
restic-rest-server ${slapos.test.restic_rest_server-setup:setup}
......@@ -443,7 +445,6 @@ image = 1.5.25
plantuml = 0.3.0:whl
pysftp = 0.2.9
requests-toolbelt = 0.8.0
selenium = 3.141.0
testfixtures = 6.11.0
mysqlclient = 2.1.1
pexpect = 4.8.0
......
......@@ -15,7 +15,7 @@
[instance-theia]
_update_hash_filename_ = instance-theia.cfg.jinja.in
md5sum = bd79a9e6306b321414b9f83524308e5f
md5sum = 937f8ebdfa8112aafe11235a23fb85a9
[instance]
_update_hash_filename_ = instance.cfg.in
......
......@@ -13,7 +13,9 @@ theia-environment-parts =
settings.json
theia-parts =
frontend-reload
frontend-instance
frontend-instance-rsyslogd
python-server
promises
parts =
......@@ -90,11 +92,13 @@ recipe =
instance-promises =
$${theia-listen-promise:name}
$${frontend-listen-promise:name}
$${python-server-listen-promise:name}
$${frontend-authentication-promise:name}
$${remote-frontend-url-available-promise:name}
{% if additional_frontend %}
$${remote-additional-frontend-url-available-promise:name}
{% endif %}
$${frontend-instance-rsyslogd-promise:name}
$${slapos-standalone-listen-promise:name}
$${slapos-standalone-ready-promise:name}
$${slapos-autorun-promise:name}
......@@ -116,6 +120,13 @@ name = $${:_buildout_section_name_}.py
config-host = $${frontend-instance:ip}
config-port = $${frontend-instance:port}
[python-server-listen-promise]
<= monitor-promise-base
promise = check_socket_listening
name = $${:_buildout_section_name_}.py
config-host = $${python-server-port:ip}
config-port = $${python-server-port:port}
[frontend-authentication-promise]
<= monitor-promise-base
promise = check_url_available
......@@ -142,6 +153,12 @@ config-url = $${remote-additional-frontend:connection-secure_access}
config-http-code = 401
{% endif %}
[frontend-instance-rsyslogd-promise]
<= monitor-promise-base
promise = check_command_execute
name = rsyslogd_listen_promise.py
config-command = test -S $${frontend-instance-rsyslogd-config:log-socket}
[slapos-standalone-listen-promise]
<= monitor-promise-base
promise = check_socket_listening
......@@ -207,7 +224,7 @@ sla-instance_guid = {{ parameter_dict['additional-frontend-guid'] }}
{% endif %}
# Local Caddy Frontend
# Local Haproxy Frontend
# --------------------
[frontend-instance-password]
......@@ -215,6 +232,39 @@ recipe = slapos.cookbook:generate.password
username = admin
storage-path = $${buildout:parts-directory}/.$${:_buildout_section_name_}
[frontend-instance-rsyslogd-config]
recipe = slapos.recipe.template
output = $${directory:etc}/$${:_buildout_section_name_}
log-file = $${directory:log}/frontend-instance.log
log-socket = $${directory:run}/rsyslog.sock
pidfile = $${directory:pidfiles}/rsyslogd.pid
inline =
module(
load="imuxsock"
SysSock.Name="$${:log-socket}")
# Just simply output the raw line without any additional information, as
# haproxy emits enough information by itself
# Also cut out first empty space in msg, which is related to rsyslogd
# internal and end up cutting on 8k, as it's default of $MaxMessageSize
template(name="rawoutput" type="string" string="%msg:2:8192%\n")
$ActionFileDefaultTemplate rawoutput
$FileCreateMode 0600
$DirCreateMode 0700
$Umask 0022
$WorkDirectory $${directory:run}
*.* $${:log-file};rawoutput
[frontend-instance-rsyslogd]
recipe = slapos.cookbook:wrapper
command-line = ${rsyslogd:location}/sbin/rsyslogd -i $${frontend-instance-rsyslogd-config:pidfile} -n -f $${frontend-instance-rsyslogd-config:output}
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
hash-files = $${frontend-instance-rsyslogd-config:output}
[frontend-instance-port]
recipe = slapos.cookbook:free_port
minimum = 3000
......@@ -224,61 +274,83 @@ ip = {{ ipv6_random }}
[frontend-instance-certificate]
recipe = plone.recipe.command
command =
if [ ! -e $${:key-file} ]
if [ ! -e $${:cert-file} ]
then
${openssl-output:openssl} req -x509 -nodes -days 3650 \
-subj "/C=AA/ST=X/L=X/O=Dis/CN=$${:common-name}" \
-newkey rsa:1024 -keyout $${:key-file} \
-newkey rsa:1024 -keyout $${:cert-file} \
-out $${:cert-file}
fi
update-command = $${:command}
key-file = $${directory:etc}/$${:_buildout_section_name_}.key
cert-file = $${directory:etc}/$${:_buildout_section_name_}.crt
cert-file = $${directory:etc}/$${:_buildout_section_name_}.pem
common-name = $${frontend-instance-config:ip}
location =
$${:key-file}
$${:cert-file}
[frontend-instance-config]
recipe = slapos.recipe.template
output = $${directory:etc}/$${:_buildout_section_name_}
blankline =
inline =
:$${:port} {
bind $${:ip}
tls $${frontend-instance-certificate:cert-file} $${frontend-instance-certificate:key-file}
log stdout
errors stderr
gzip
# because caddy does not support upgrade http2 to websocket
# https://tools.ietf.org/html/rfc8441
tls {
alpn http/1.1
}
root $${directory:frontend-static}
browse
proxy / $${theia-instance:base-url} {
except $${frontend-instance-fonts:folder-name} $${frontend-instance-slapos.css:folder-name} public $${favicon.ico:filename} $${frontend-instance-logo:filename}
}
proxy /services $${theia-instance:base-url} {
websocket
}
proxy /socket.io $${theia-instance:base-url} {
websocket
}
basicauth $${frontend-instance-password:username} $${frontend-instance-password:passwd} {
realm "Theia"
/
}
}
global
maxconn 4096
master-worker
pidfile $${frontend-instance:pidfile}
log $${frontend-instance-rsyslogd-config:log-socket} local0 info
defaults
log global
option httplog
mode http
retries 1
option redispatch
maxconn 2000
balance roundrobin
timeout connect 10s
timeout queue 60s
timeout server 305s
timeout client 305s
# compress some content types
compression algo gzip
compression type application/font-woff application/font-woff2 application/hal+json application/javascript application/json application/rss+xml application/wasm application/x-font-opentype application/x-font-ttf application/x-javascript application/xml image/svg+xml text/cache-manifest text/css text/html text/javascript text/plain text/xml
userlist basic-auth-list
user $${frontend-instance-password:username} insecure-password $${frontend-instance-password:passwd}
frontend app
log global
bind $${:ip}:$${:port} ssl crt $${frontend-instance-certificate:cert-file} alpn h2,http/1.1
# writing twice the same ACL is doing OR
acl is_public path_beg /public/
acl is_public path /$${favicon.ico:filename}
acl auth_ok http_auth(basic-auth-list)
# No authentication for public folder
http-request auth unless auth_ok || is_public
use_backend static if { path_beg /$${frontend-instance-fonts:folder-name} } || { path_beg /$${frontend-instance-slapos.css:folder-name} } || { path /$${frontend-instance-logo:filename} } || is_public
default_backend nodejs
backend nodejs
log global
server nodejs_backend $${theia-instance:ip}:$${theia-instance:port}
backend static
log global
server static_backend $${python-server-port:ip}:$${python-server-port:port}
$${:blankline}
ip = $${frontend-instance-port:ip}
hostname = [$${:ip}]
port = $${frontend-instance-port:port}
pidfile = $${directory:pidfiles}/haproxy.pid
[frontend-instance]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line =
${caddy:output} -conf $${frontend-instance-config:output} -pidfile $${:pidfile}
${haproxy:location}/sbin/haproxy -f $${frontend-instance-config:output}
hash-files = $${frontend-instance-config:output}
ip = $${frontend-instance-config:ip}
hostname = $${frontend-instance-config:hostname}
......@@ -287,7 +359,7 @@ pidfile = $${directory:pidfiles}/$${:_buildout_section_name_}.pid
url = https://$${:hostname}:$${:port}/
[frontend-instance-fonts]
; XXX caddy 1 does not seem to serve different folders at different locations
; XXX python server only serves one folder
; so we link fonts in static folder
recipe = plone.recipe.command
location = $${directory:frontend-static}/$${:folder-name}
......@@ -314,18 +386,6 @@ folder-name = css
context =
key logo_image frontend-instance-logo:filename
[frontend-reload]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line =
${bash:location}/bin/bash -c
"kill -s USR1 $$(${coreutils:location}/bin/cat $${frontend-instance:pidfile}) \
&& ${coreutils:location}/bin/sleep infinity"
hash-files =
$${frontend-instance-config:output}
$${frontend-instance:wrapper-path}
wait-for-files = $${frontend-instance:pidfile}
[favicon.ico]
# generate a pseudo random favicon, different for each instance name.
recipe = slapos.recipe.build
......@@ -350,6 +410,20 @@ install =
location = $${directory:frontend-static}/$${:filename}
filename = $${:_buildout_section_name_}
# Local Python Server
# -------------------
[python-server-port]
recipe = slapos.cookbook:free_port
minimum = 3000
maximum = 3100
ip = {{ ipv4_random }}
[python-server]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line = $${buildout:executable} -m http.server $${python-server-port:port} --bind $${python-server-port:ip} --directory $${directory:frontend-static}
# Common Environment
# ------------------
......@@ -406,7 +480,6 @@ hash-existing-files =
ip = {{ ipv4_random }}
hostname = $${:ip}
port = $${theia-service:port}
base-url = $${theia-service:base-url}
[theia-shell]
recipe = slapos.recipe.template:jinja2
......
[buildout]
extends =
../../component/caddy/buildout.cfg
../../component/haproxy/buildout.cfg
../../component/rsyslogd/buildout.cfg
../../component/git/buildout.cfg
../../component/bash/buildout.cfg
../../component/bash-completion/buildout.cfg
......
......@@ -146,17 +146,17 @@ class TestTheia(TheiaTestCase):
)).geturl()
self.get(authenticated_url)
# there's a public folder to serve file
# there's a public folder to serve file (no need for authentication)
with open('{}/srv/frontend-static/public/test_file'.format(
self.getPath()), 'w') as f:
f.write("hello")
resp = self.get(urljoin(authenticated_url, '/public/'))
resp = self.get(urljoin(url, '/public/'))
self.assertIn('test_file', resp.text)
resp = self.get(urljoin(authenticated_url, '/public/test_file'))
resp = self.get(urljoin(url, '/public/test_file'))
self.assertEqual('hello', resp.text)
# there's a (not empty) favicon
resp = self.get(urljoin(authenticated_url, '/favicon.ico'))
# there's a (not empty) favicon (no need for authentication)
resp = self.get(urljoin(url, '/favicon.ico'))
self.assertTrue(resp.raw)
# there is a CSS referencing fonts
......
......@@ -62,6 +62,7 @@ extends =
../../component/bcrypt/buildout.cfg
../../component/python-pynacl/buildout.cfg
../../component/python-xmlsec/buildout.cfg
../../component/selenium/buildout.cfg
../../stack/caucase/buildout.cfg
../../software/neoppod/software-common.cfg
# keep neoppod extends last
......@@ -595,7 +596,7 @@ eggs = ${neoppod:eggs}
pycountry
xfw
jsonschema
selenium
${selenium:egg}
pytesseract
decorator
networkx
......@@ -813,7 +814,6 @@ uuid = 1.30
validictory = 1.1.0
xfw = 0.10
xupdate-processor = 0.5
selenium = 3.14.1
scikit-image = 0.14.0
PyWavelets = 0.5.2
networkx = 2.1
......
......@@ -137,16 +137,23 @@ zc.buildout = 2.7.1+slapos019
zc.recipe.egg = 2.0.3+slapos003
apache-libcloud = 2.4.0
argon2-cffi = 20.1.0
asn1crypto = 1.3.0
astor = 0.5
async-generator = 1.10
atomicwrites = 1.4.0
atomize = 0.2.0
attrs = 22.1.0
backcall = 0.2.0
backports-abc = 0.5
backports.functools-lru-cache = 1.6.1:whl
backports.lzma = 0.0.14
backports.shutil-get-terminal-size = 1.0.0
bcrypt = 3.1.4
bleach = 5.0.1
CacheControl = 0.12.6:whl
certifi = 2022.6.15
cffi = 1.14.0
cffi = 1.15.0
chardet = 3.0.4
charset-normalizer = 2.1.1
click = 8.1.3
......@@ -158,13 +165,20 @@ configparser = 4.0.2:whl
contextlib2 = 0.6.0.post1
croniter = 0.3.25
cryptography = 3.3.2
dataclasses = 0.8
dateparser = 0.7.6
decorator = 4.3.0
defusedxml = 0.6.0
distro = 1.7.0
dnspython = 1.16.0
entrypoints = 0.3
enum34 = 1.1.10
erp5.util = 0.4.74
feedparser = 5.2.1
et-xmlfile = 1.0.1
# need wheel because there is no setup.py
# (see https://erp5js.nexedi.net/#/bug_module/20221102-1C1B293)
exceptiongroup = 1.0.0:whl
feedparser = 6.0.10
Flask = 1.1.2
funcsigs = 1.0.2
functools32 = 3.2.3.post2
......@@ -173,59 +187,102 @@ geventmp = 0.0.1
gitdb2 = 2.0.5
GitPython = 2.1.11
greenlet = 0.4.17
h5py = 2.7.1
h11 = 0.14.0
idna = 2.9
igmp = 1.0.4
Importing = 1.10
importlib-metadata = 1.7.0:whl
inotify-simple = 1.1.1
ipaddress = 1.0.23
ipykernel = 5.3.4:whl
ipython = 7.16.3
ipython-genutils = 0.1.0
ipywidgets = 6.0.0
itsdangerous = 0.24
jdcal = 1.4
jedi = 0.17.2
Jinja2 = 2.11.3
jsonschema = 3.0.2:whl
jupyter = 1.0.0
jupyter-client = 7.3.1
jupyter-console = 6.4.4
jupyter-core = 4.9.2
jupyterlab = 0.26.3
jupyterlab-launcher = 0.3.1
jupyterlab-pygments = 0.1.2
lock-file = 2.0
lockfile = 0.12.2:whl
lxml = 4.9.1
MarkupSafe = 2.0.1
matplotlib = 2.1.2
meld3 = 1.0.2
mistune = 0.8.4
mock = 3.0.5
more-itertools = 5.0.0
mpmath = 1.0.0
msgpack = 0.6.2
nbclient = 0.5.1
nbconvert = 6.0.7
nbformat = 5.0.8
nest-asyncio = 1.5.6
netaddr = 0.7.19
netifaces = 0.10.7
notebook = 6.1.5
openpyxl = 2.5.2
outcome = 1.2.0
packaging = 16.8
pandocfilters = 1.4.3
paramiko = 2.11.0
parso = 0.7.1
passlib = 1.7.1
pathlib2 = 2.3.5
pbr = 2.0.0
patsy = 0.5.1
pbr = 5.9.0
pexpect = 4.8.0
pickleshare = 0.7.4
pim-dm = 1.4.0nxd001
pkgconfig = 1.5.1
plone.recipe.command = 1.1
pluggy = 0.13.1:whl
ply = 3.11
prettytable = 0.7.2
prometheus-client = 0.9.0
prompt-toolkit = 3.0.19
psutil = 5.8.0
ptyprocess = 0.5.1
py = 1.11.0:whl
py-mld = 1.0.3
pyasn1 = 0.4.5
pycparser = 2.20
pycurl = 7.43.0
Pygments = 2.9.0
PyNaCl = 1.3.0
pyOpenSSL = 19.1.0
pyparsing = 3.0.9:whl
pyroute2 = 0.6.9
pyrsistent = 0.18.1
PyRSS2Gen = 1.1
PySocks = 1.7.1
pytest-runner = 5.2:whl
python-dateutil = 2.8.2:whl
pytz = 2022.2.1
PyYAML = 5.4.1
pyzmq = 22.3.0
qtconsole = 4.3.0
regex = 2020.9.27
requests = 2.28.1
rpdb = 0.1.5
rubygemsrecipe = 0.4.3
scandir = 1.10.0
scikit-learn = 0.20.4
seaborn = 0.7.1
Send2Trash = 1.5.0
setproctitle = 1.1.10
setuptools-dso = 1.7
sgmllib3k = 1.0.0
simplegeneric = 0.8.1
singledispatch = 3.4.0.3
six = 1.16.0
slapos.cookbook = 1.0.297
slapos.core = 1.8.5
......@@ -236,19 +293,32 @@ slapos.recipe.build = 0.56
slapos.recipe.cmmi = 0.19
slapos.recipe.template = 5.0
slapos.toolbox = 0.128
statsmodels = 0.11.1
smmap2 = 2.0.5
sniffio = 1.3.0
sortedcontainers = 2.4.0
stevedore = 1.21.0:whl
subprocess32 = 3.5.4
supervisor = 4.1.0
traitlets = 4.3.3
sympy = 1.1.1
terminado = 0.9.1
testpath = 0.4.4
tornado = 6.1
traitlets = 5.0.5
trio = 0.22.0
trio-websocket = 0.9.2
tzlocal = 1.5.1
unicodecsv = 0.14.1
uritemplate = 3.0.0
urllib3 = 1.26.12
wcwidth = 0.2.5
webencodings = 0.5.1
Werkzeug = 2.0.2
wheel = 0.35.1:whl
widgetsnbextension = 2.0.0
wsproto = 1.2.0
xml-marshaller = 1.0.2
xlrd = 1.1.0
zc.lockfile = 1.4
ZConfig = 3.6.1
zdaemon = 4.2.0
......@@ -264,6 +334,7 @@ certifi = 2020.4.5.1
charset-normalizer = 2.0.12
click = 6.7
distro = 1.6.0
feedparser = 5.2.1
pyparsing = 2.2.0
pyrsistent = 0.16.1
requests = 2.27.1
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment