Commit 0aa55f43 authored by Łukasz Nowak's avatar Łukasz Nowak

Update Release Candidate

parents 37758eee dae07f95
...@@ -64,18 +64,18 @@ md5sum = 096c1c18b44c269808bd815d58c53c8f ...@@ -64,18 +64,18 @@ md5sum = 096c1c18b44c269808bd815d58c53c8f
[debian-amd64-jessie-netinst.iso] [debian-amd64-jessie-netinst.iso]
<= debian-amd64-netinst-base <= debian-amd64-netinst-base
version = 8.10.0 version = 8.11.1
md5sum = 19dcfc381bd3e609c6056216d203f5bc md5sum = df0ce86d0b1d81e232ad08eef58754ed
[debian-amd64-netinst.iso] [debian-amd64-netinst.iso]
# Download the installer of Debian 9 (Stretch) # Download the installer of Debian 9 (Stretch)
<= debian-amd64-netinst-base <= debian-amd64-netinst-base
version = 9.4.0 version = 9.8.0
md5sum = 73bd8aaaeb843745ec939f6ae3906e48 md5sum = e0a43cbb8b991735c1b38e7041019658
[debian-amd64-testing-netinst.iso] [debian-amd64-testing-netinst.iso]
# Download the installer of Debian Buster # Download the installer of Debian Buster
<= debian-amd64-netinst-base <= debian-amd64-netinst-base
release = buster_di_alpha2 release = buster_di_rc1
version = buster-DI-alpha2 version = buster-DI-rc1
md5sum = fbdc192f8857e2bd884e41481ed0fc09 md5sum = cf8f8e3afef91f3ce3a09e7cc5f530f0
...@@ -49,6 +49,12 @@ debconf.debconf = ...@@ -49,6 +49,12 @@ debconf.debconf =
debian-squeeze/preseed.mirror/country = manual debian-squeeze/preseed.mirror/country = manual
debian-squeeze/preseed.mirror/http/hostname = archive.debian.org debian-squeeze/preseed.mirror/http/hostname = archive.debian.org
debian-squeeze/preseed.mirror/http/directory = /debian debian-squeeze/preseed.mirror/http/directory = /debian
debian-wheezy/preseed.mirror/country = manual
debian-wheezy/preseed.mirror/http/hostname = archive.debian.org
debian-wheezy/preseed.mirror/http/directory = /debian
debian-jessie/preseed.mirror/country = manual
debian-jessie/preseed.mirror/http/hostname = archive.debian.org
debian-jessie/preseed.mirror/http/directory = /debian
# minimal size # minimal size
preseed.apt-setup/enable-source-repositories = false preseed.apt-setup/enable-source-repositories = false
preseed.recommends = false preseed.recommends = false
......
...@@ -17,16 +17,20 @@ import collections ...@@ -17,16 +17,20 @@ import collections
def main(): def main():
exit_code = 0
for f in sys.argv[1:]: for f in sys.argv[1:]:
print 'Processing %s' % (f,)
with open(f, 'rb') as infile: with open(f, 'rb') as infile:
try: try:
obj = json.load(infile, object_pairs_hook=collections.OrderedDict) obj = json.load(infile, object_pairs_hook=collections.OrderedDict)
except ValueError as e: except ValueError as e:
raise SystemExit(e) exit_code = 1
print e
with open(f, 'wb') as outfile: else:
json.dump(obj, outfile, sort_keys=False, indent=2, separators=(',', ': ')) with open(f, 'wb') as outfile:
outfile.write('\n') json.dump(obj, outfile, sort_keys=False, indent=2, separators=(',', ': '))
outfile.write('\n')
sys.exit(exit_code)
if __name__ == '__main__': if __name__ == '__main__':
main() main()
...@@ -92,6 +92,27 @@ SSL keys and certificates are directly send to the frontend cluster in order to ...@@ -92,6 +92,27 @@ SSL keys and certificates are directly send to the frontend cluster in order to
*Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate. This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs. *Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate. This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs.
Obtaining CA for KeDiFa
-----------------------
KeDiFa uses caucase and so it is required to obtain caucase CA certificate used to sign KeDiFa SSL certificate, in order to be sure that certificates are sent to valid KeDiFa.
The easiest way to do so is to use caucase.
On some secure and trusted box which will be used to upload certificate to master or slave frontend partition install caucase https://pypi.org/project/caucase/
Master and slave partition will return key ``kedifa-caucase-url``, so then create and start a ``caucase-updater`` service::
caucase-updater \
--ca-url "${kedifa-caucase-url}" \
--cas-ca "${frontend_name}.caucased.ca.crt" \
--ca "${frontend_name}.ca.crt" \
--crl "${frontend_name}.crl"
where ``frontend_name`` is a frontend cluster to which you will upload the certificate (it can be just one slave).
Make sure it is automatically started when trusted machine reboots: you want to have it running so you can forget about it. It will keep KeDiFa's CA certificate up to date when it gets renewed so you know you are still talking to the same service as when you previously uploaded the certificate, up to the original upload.
Master partition Master partition
---------------- ----------------
...@@ -105,12 +126,12 @@ Example sessions is:: ...@@ -105,12 +126,12 @@ Example sessions is::
request(...) request(...)
curl -X GET master-key-generate-auth-url curl -g -X GET --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" master-key-generate-auth-url
> authtoken > authtoken
cat certificate.pem key.pem ca-bundle.pem > master.pem cat certificate.pem key.pem ca-bundle.pem > master.pem
curl -X PUT --data-binary @master.pem master-key-upload-url+authtoken curl -g -X PUT --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" --data-binary @master.pem master-key-upload-url+authtoken
This replaces old request parameters: This replaces old request parameters:
...@@ -133,12 +154,12 @@ Example sessions is:: ...@@ -133,12 +154,12 @@ Example sessions is::
request(...) request(...)
curl -X GET key-generate-auth-url curl -g -X GET --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" key-generate-auth-url
> authtoken > authtoken
cat certificate.pem key.pem ca-bundle.pem > master.pem cat certificate.pem key.pem ca-bundle.pem > master.pem
curl -X PUT --data-binary @master.pem key-upload-url+authtoken curl -g -X PUT --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" --data-binary @master.pem key-upload-url+authtoken
This replaces old request parameters: This replaces old request parameters:
......
...@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b ...@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = bde0f62dfe2eeef8f10b4315535095cb md5sum = 6abe3aae72a83ef90e484d00cc70490d
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
...@@ -30,7 +30,7 @@ md5sum = d62aefe002ec13875924e4c219914795 ...@@ -30,7 +30,7 @@ md5sum = d62aefe002ec13875924e4c219914795
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = 75439cb035393e68c73672b224bead54 md5sum = 57f562311bac6dbf85cd35891eaa6743
[template-slave-configuration] [template-slave-configuration]
filename = templates/custom-virtualhost.conf.in filename = templates/custom-virtualhost.conf.in
...@@ -38,7 +38,7 @@ md5sum = 54ae95597a126ae552c3a913ddf29e5e ...@@ -38,7 +38,7 @@ md5sum = 54ae95597a126ae552c3a913ddf29e5e
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in filename = templates/replicate-publish-slave-information.cfg.in
md5sum = 38e9994be01ea1b8a379f8ff7aa05438 md5sum = eb9ca67763d60843483d95dab2c301b1
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
filename = templates/Caddyfile.in filename = templates/Caddyfile.in
...@@ -110,4 +110,4 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8 ...@@ -110,4 +110,4 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8
[template-kedifa] [template-kedifa]
filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
md5sum = cc6f32656e76f4b79b5e47567b930f74 md5sum = 2eecc01a16f6ae156c3a7889eef42c34
...@@ -24,7 +24,6 @@ parts = ...@@ -24,7 +24,6 @@ parts =
promise-caddy-frontend-v6-http promise-caddy-frontend-v6-http
promise-caddy-frontend-cached promise-caddy-frontend-cached
promise-caddy-frontend-ssl-cached promise-caddy-frontend-ssl-cached
promise-caddy-is-process-older-than-dependency-set
trafficserver-launcher trafficserver-launcher
trafficserver-reload trafficserver-reload
...@@ -61,7 +60,6 @@ log = ${:var}/log ...@@ -61,7 +60,6 @@ log = ${:var}/log
run = ${:var}/run run = ${:var}/run
service = ${:etc}/service service = ${:etc}/service
etc-run = ${:etc}/run etc-run = ${:etc}/run
promise = ${:etc}/promise
plugin = ${:etc}/plugin plugin = ${:etc}/plugin
ca-dir = ${:srv}/ssl ca-dir = ${:srv}/ssl
...@@ -261,7 +259,6 @@ extra-context = ...@@ -261,7 +259,6 @@ extra-context =
section caddy_configuration caddy-configuration section caddy_configuration caddy-configuration
key monitor_base_url monitor-instance-parameter:monitor-base-url key monitor_base_url monitor-instance-parameter:monitor-base-url
key plugin_directory directory:plugin key plugin_directory directory:plugin
key promise_directory directory:promises
key report_directory directory:bin key report_directory directory:bin
key bin_directory :bin_directory key bin_directory :bin_directory
key enable_http2_by_default configuration:enable-http2-by-default key enable_http2_by_default configuration:enable-http2-by-default
...@@ -634,11 +631,6 @@ name = caddy_ssl_cached.py ...@@ -634,11 +631,6 @@ name = caddy_ssl_cached.py
config-hostname = {{ instance_parameter['ipv4-random'] }} config-hostname = {{ instance_parameter['ipv4-random'] }}
config-port = ${caddy-configuration:ssl-cache-through-port} config-port = ${caddy-configuration:ssl-cache-through-port}
[promise-caddy-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['bin_directory'] }}/is-process-older-than-dependency-set ${caddy-configuration:pid-file}
wrapper-path = ${directory:promise}/caddy-frontend-is-running-actual-software-release
####### #######
# Monitoring sections # Monitoring sections
# #
......
...@@ -222,6 +222,7 @@ hash-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -222,6 +222,7 @@ hash-files = ${buildout:directory}/software_release/buildout.cfg
{%- do slave_dict.__setitem__('key-generate-auth-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}/generateauth' % (slave_reference,)) -%} {%- do slave_dict.__setitem__('key-generate-auth-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}/generateauth' % (slave_reference,)) -%}
{%- do slave_dict.__setitem__('key-upload-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}?auth=' % (slave_reference,)) -%} {%- do slave_dict.__setitem__('key-upload-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}?auth=' % (slave_reference,)) -%}
{%- do slave_dict.__setitem__('key-download-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}' % (slave_reference,)) -%} {%- do slave_dict.__setitem__('key-download-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}' % (slave_reference,)) -%}
{%- do slave_dict.__setitem__('kedifa-caucase-url', caucase_url ) -%}
{%- do slave_kedifa_information.__setitem__(slave_reference, slave_dict) %} {%- do slave_kedifa_information.__setitem__(slave_reference, slave_dict) %}
[{{ slave_reference }}-auth-random-generate] [{{ slave_reference }}-auth-random-generate]
recipe = plone.recipe.command recipe = plone.recipe.command
......
...@@ -54,6 +54,10 @@ ...@@ -54,6 +54,10 @@
"description": "Certificate used to serve data on kedifa-csr_id-url.", "description": "Certificate used to serve data on kedifa-csr_id-url.",
"type": "string" "type": "string"
}, },
"kedifa-caucase-url": {
"description": "Url to caucase used by KeDiFa.",
"type": "string"
},
"caddy-frontend-N-csr_id-url": { "caddy-frontend-N-csr_id-url": {
"description": "URL on which frontend node number N publishes its csr_id sent to caucase.", "description": "URL on which frontend node number N publishes its csr_id sent to caucase.",
"type": "string" "type": "string"
...@@ -61,6 +65,14 @@ ...@@ -61,6 +65,14 @@
"caddy-frontend-N-csr_id-certificate": { "caddy-frontend-N-csr_id-certificate": {
"description": "Certificate used to serve data on caddy-frontend-N-csr_id-url.", "description": "Certificate used to serve data on caddy-frontend-N-csr_id-url.",
"type": "string" "type": "string"
},
"warning-slave-dict": {
"description": "Dict of slaves which got warnings. Keys are slave references, values are lists of warnings on slaves.",
"type": "array"
},
"warning-list": {
"description": "List of warning found during the request.",
"type": "array"
} }
}, },
"type": "object" "type": "object"
......
...@@ -96,7 +96,7 @@ ...@@ -96,7 +96,7 @@
], ],
"title": "Prefer gzip Encoding for Backend", "title": "Prefer gzip Encoding for Backend",
"type": "string" "type": "string"
}, }
}, },
"title": "Input Parameters", "title": "Input Parameters",
"type": "object" "type": "object"
......
...@@ -8,11 +8,11 @@ ...@@ -8,11 +8,11 @@
}, },
"key-generate-auth-url": { "key-generate-auth-url": {
"description": "URL to GET once auth for key-upload-url", "description": "URL to GET once auth for key-upload-url",
"type": "array" "type": "string"
}, },
"key-upload-url": { "key-upload-url": {
"description": "URL to PUT PEM bundle of certificate and key", "description": "URL to PUT PEM bundle of certificate and key",
"type": "array" "type": "string"
}, },
"log-access-url": { "log-access-url": {
"description": "List of URLs to access logs", "description": "List of URLs to access logs",
...@@ -41,6 +41,14 @@ ...@@ -41,6 +41,14 @@
"request-error-list": { "request-error-list": {
"description": "In case if slave has been rejected by master or has error in the request, the list contains information about each problem", "description": "In case if slave has been rejected by master or has error in the request, the list contains information about each problem",
"type": "array" "type": "array"
},
"warning-list": {
"description": "List of warning found during the request.",
"type": "array"
},
"kedifa-caucase-url": {
"description": "URL to caucase used by KeDiFa",
"type": "string"
} }
}, },
"type": "object" "type": "object"
......
...@@ -442,6 +442,13 @@ command-line = {{ kedifa_updater }} ...@@ -442,6 +442,13 @@ command-line = {{ kedifa_updater }}
wrapper-path = {{ service_directory }}/kedifa-updater wrapper-path = {{ service_directory }}/kedifa-updater
hash-files = ${buildout:directory}/software_release/buildout.cfg hash-files = ${buildout:directory}/software_release/buildout.cfg
[kedifa-updater-run]
recipe = plone.recipe.command
# unfortunately slapos.cookbook:wrapper does not return generated wrapper path
# so it is needed to access it via service directory globbing
command = {{ service_directory }}/kedifa-updater* --once
update-command = ${:command}
[kedifa-updater-mapping] [kedifa-updater-mapping]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
file = {{ kedifa_updater_mapping_file }} file = {{ kedifa_updater_mapping_file }}
...@@ -466,6 +473,7 @@ extends = ...@@ -466,6 +473,7 @@ extends =
parts += parts +=
kedifa-updater kedifa-updater
kedifa-updater-run
caddy-log-access-header caddy-log-access-header
{% for part in part_list %} {% for part in part_list %}
{{ ' %s' % part }} {{ ' %s' % part }}
......
...@@ -48,6 +48,7 @@ ...@@ -48,6 +48,7 @@
{% endif %} {% endif %}
{% do slave_information_dict[slave_reference].__setitem__('key-generate-auth-url', kedifa_dict['key-generate-auth-url']) %} {% do slave_information_dict[slave_reference].__setitem__('key-generate-auth-url', kedifa_dict['key-generate-auth-url']) %}
{% do slave_information_dict[slave_reference].__setitem__('key-upload-url', kedifa_dict['key-upload-url']) %} {% do slave_information_dict[slave_reference].__setitem__('key-upload-url', kedifa_dict['key-upload-url']) %}
{% do slave_information_dict[slave_reference].__setitem__('kedifa-caucase-url', kedifa_dict['kedifa-caucase-url']) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
......
...@@ -469,6 +469,12 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -469,6 +469,12 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
base + r'\?auth=$' base + r'\?auth=$'
) )
kedifa_caucase_url = parameter_dict.pop('kedifa-caucase-url')
self.assertEqual(
kedifa_caucase_url,
'http://[%s]:%s' % (SLAPOS_TEST_IPV6, CAUCASE_PORT),
)
return generate_auth_url, upload_url return generate_auth_url, upload_url
def assertKeyWithPop(self, key, d): def assertKeyWithPop(self, key, d):
...@@ -546,8 +552,6 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin): ...@@ -546,8 +552,6 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
{ {
'monitor-base-url': None, 'monitor-base-url': None,
'domain': 'None', 'domain': 'None',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'accepted-slave-amount': '0', 'accepted-slave-amount': '0',
'rejected-slave-amount': '0', 'rejected-slave-amount': '0',
'slave-amount': '0', 'slave-amount': '0',
...@@ -580,8 +584,6 @@ class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin): ...@@ -580,8 +584,6 @@ class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin):
{ {
'monitor-base-url': None, 'monitor-base-url': None,
'domain': 'example.com', 'domain': 'example.com',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'accepted-slave-amount': '0', 'accepted-slave-amount': '0',
'rejected-slave-amount': '0', 'rejected-slave-amount': '0',
'slave-amount': '0', 'slave-amount': '0',
...@@ -744,7 +746,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -744,7 +746,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
# run partition for slaves to be setup # run partition for slaves to be setup
cls.runComputerPartitionUntil( cls.runComputerPartitionUntil(
cls.untilSlavePartitionReady) cls.untilSlavePartitionReady)
cls.runKedifaUpdater()
# run once more slapos node instance, as kedifa-updater sets up # run once more slapos node instance, as kedifa-updater sets up
# certificates needed for caddy-frontend, and on this moment it can be # certificates needed for caddy-frontend, and on this moment it can be
# not started yet # not started yet
...@@ -1230,8 +1231,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1230,8 +1231,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'accepted-slave-amount': '48', 'accepted-slave-amount': '48',
'rejected-slave-amount': '4', 'rejected-slave-amount': '4',
'slave-amount': '52', 'slave-amount': '52',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'rejected-slave-dict': { 'rejected-slave-dict': {
"_apache_custom_http_s-rejected": ["slave not authorized"], "_apache_custom_http_s-rejected": ["slave not authorized"],
"_caddy_custom_http_s": ["slave not authorized"], "_caddy_custom_http_s": ["slave not authorized"],
...@@ -3715,8 +3714,6 @@ class TestMalformedBackenUrlSlave(SlaveHttpFrontendTestCase, ...@@ -3715,8 +3714,6 @@ class TestMalformedBackenUrlSlave(SlaveHttpFrontendTestCase,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '1', 'accepted-slave-amount': '1',
'rejected-slave-amount': '2', 'rejected-slave-amount': '2',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'slave-amount': '3', 'slave-amount': '3',
'rejected-slave-dict': { 'rejected-slave-dict': {
'_https-url': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"' '_https-url': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
...@@ -3984,8 +3981,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3984,8 +3981,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
expected_parameter_dict = { expected_parameter_dict = {
'monitor-base-url': None, 'monitor-base-url': None,
'domain': 'example.com', 'domain': 'example.com',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'accepted-slave-amount': '8', 'accepted-slave-amount': '8',
'rejected-slave-amount': '2', 'rejected-slave-amount': '2',
'slave-amount': '10', 'slave-amount': '10',
...@@ -4351,8 +4346,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4351,8 +4346,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
expected_parameter_dict = { expected_parameter_dict = {
'monitor-base-url': None, 'monitor-base-url': None,
'domain': 'example.com', 'domain': 'example.com',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'accepted-slave-amount': '1', 'accepted-slave-amount': '1',
'rejected-slave-amount': '3', 'rejected-slave-amount': '3',
'slave-amount': '4', 'slave-amount': '4',
...@@ -4795,8 +4788,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -4795,8 +4788,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
u"_ssl_key-ssl_crt-unsafe": u"_ssl_key-ssl_crt-unsafe":
[u"slave ssl_key and ssl_crt does not match"] [u"slave ssl_key and ssl_crt does not match"]
}, },
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'warning-list': [ 'warning-list': [
u'apache-certificate is obsolete, please use master-key-upload-url', u'apache-certificate is obsolete, please use master-key-upload-url',
u'apache-key is obsolete, please use master-key-upload-url', u'apache-key is obsolete, please use master-key-upload-url',
...@@ -5480,8 +5471,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate( ...@@ -5480,8 +5471,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
'rejected-slave-amount': '0', 'rejected-slave-amount': '0',
'rejected-slave-dict': {}, 'rejected-slave-dict': {},
'slave-amount': '1', 'slave-amount': '1',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'warning-list': [ 'warning-list': [
u'apache-certificate is obsolete, please use master-key-upload-url', u'apache-certificate is obsolete, please use master-key-upload-url',
u'apache-key is obsolete, please use master-key-upload-url', u'apache-key is obsolete, please use master-key-upload-url',
...@@ -5532,7 +5521,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate( ...@@ -5532,7 +5521,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
}) })
self.runComputerPartition(max_quantity=1) self.runComputerPartition(max_quantity=1)
self.runKedifaUpdater()
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
......
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-3/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-3/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
...@@ -77,7 +77,6 @@ scripts = ...@@ -77,7 +77,6 @@ scripts =
monitor.runpromise monitor.runpromise
monitor.genstatus monitor.genstatus
monitor.configwrite monitor.configwrite
is-process-older-than-dependency-set
check-computer-memory check-computer-memory
[monitor-eggs] [monitor-eggs]
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template-erp5] [template-erp5]
filename = instance-erp5.cfg.in filename = instance-erp5.cfg.in
md5sum = edf81a602137858cd5835c050ac6e08c md5sum = c4941a1c862474b71fd7255feb830299
[template-balancer] [template-balancer]
filename = instance-balancer.cfg.in filename = instance-balancer.cfg.in
......
...@@ -96,7 +96,7 @@ backup-caucased = ${:srv}/backup/caucased ...@@ -96,7 +96,7 @@ backup-caucased = ${:srv}/backup/caucased
{{ request('memcached-volatile', 'kumofs', 'memcached', {'tcpv4-port': 2010, 'ram-storage-size': 64}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }} {{ request('memcached-volatile', 'kumofs', 'memcached', {'tcpv4-port': 2010, 'ram-storage-size': 64}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
{{ request('mariadb', 'mariadb', 'mariadb', {'tcpv4-port': 2099, 'max-slowqueries-threshold': monitor_dict.get('max-slowqueries-threshold', 1000), 'slowest-query-threshold': monitor_dict.get('slowest-query-threshold', ''), 'test-database-amount': test_runner_total_database_count}, {'database-list': True, 'test-database-list': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }} {{ request('mariadb', 'mariadb', 'mariadb', {'tcpv4-port': 2099, 'max-slowqueries-threshold': monitor_dict.get('max-slowqueries-threshold', 1000), 'slowest-query-threshold': monitor_dict.get('slowest-query-threshold', ''), 'test-database-amount': test_runner_total_database_count}, {'database-list': True, 'test-database-list': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
{% if has_posftix -%} {% if has_posftix -%}
{{ request('smtp', 'postfix', 'smtp', {'tcpv4-port': 2025, 'smtpd-sasl-user': 'erp5@nowhere'}, key_config={'smtpd-sasl-password': 'publish-early:smtpd-sasl-password'}) }} {{ request('smtp', 'postfix', 'smtp', {'tcpv4-port': 2025, 'smtpd-sasl-user': 'erp5@nowhere'}, key_config={'smtpd-sasl-password': 'publish-early:smtpd-sasl-password', 'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
{%- else %} {%- else %}
[request-smtp] [request-smtp]
# Placeholder smtp service URL # Placeholder smtp service URL
...@@ -135,7 +135,7 @@ connection-url = smtp://127.0.0.2:0/ ...@@ -135,7 +135,7 @@ connection-url = smtp://127.0.0.2:0/
{% endif -%} {% endif -%}
{% endfor -%} {% endfor -%}
{% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%}
{% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%} {% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%}
{% set zope_address_list_id_dict = {} -%} {% set zope_address_list_id_dict = {} -%}
{% if zope_partition_dict -%} {% if zope_partition_dict -%}
......
...@@ -14,4 +14,4 @@ ...@@ -14,4 +14,4 @@
# not need these here). # not need these here).
[monitor2-template] [monitor2-template]
filename = instance-monitor.cfg.jinja2.in filename = instance-monitor.cfg.jinja2.in
md5sum = 8ba788b85f2649d8e0f8b9905edcf8a0 md5sum = da5fa743dba8709dfdd9c2d474741de8
...@@ -228,11 +228,6 @@ input = inline:#!/bin/sh ...@@ -228,11 +228,6 @@ input = inline:#!/bin/sh
output = ${directory:bin}/xnice output = ${directory:bin}/xnice
mode = 700 mode = 700
[promise-monitor-httpd-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/is-process-older-than-dependency-set ${monitor-httpd-conf-parameter:pid-file}
wrapper-path = ${directory:promises}/promise-monitor-httpd-is-process-older-than-dependency-set
[monitor-globalstate-wrapper] [monitor-globalstate-wrapper]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:rendered}' command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:rendered}'
...@@ -411,7 +406,6 @@ depends = ...@@ -411,7 +406,6 @@ depends =
${monitor-bootstrap-promise:name} ${monitor-bootstrap-promise:name}
${monitor-symlink:recipe} ${monitor-symlink:recipe}
${promise-check-slapgrid:recipe} ${promise-check-slapgrid:recipe}
${promise-monitor-httpd-is-process-older-than-dependency-set:wrapper-path}
${logrotate-entry-monitor-httpd:name} ${logrotate-entry-monitor-httpd:name}
${logrotate-entry-monitor-data:name} ${logrotate-entry-monitor-data:name}
${logrotate-entry-monitor-promise-history:name} ${logrotate-entry-monitor-promise-history:name}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment