Commit 7fd3f5b5 authored by Rafael Monnerat's avatar Rafael Monnerat

Update Release Candidate

parents 45299ea7 b71ce50e
...@@ -15,3 +15,4 @@ slapos.cookbook.egg-info ...@@ -15,3 +15,4 @@ slapos.cookbook.egg-info
*.egg/ *.egg/
TEST_KNOWN_HOSTS TEST_KNOWN_HOSTS
node_modules node_modules
update-release.sh
[buildout] [buildout]
extends = extends =
../../component/golang/buildout.cfg ../../component/golang/buildout.cfg
gowork.cfg
parts = parts =
gowork
caddy caddy
[gowork] [gowork]
# Caddy 1.x+ uses go modules, for which gowork does not work yet
golang = ${golang1.12:location} golang = ${golang1.12:location}
install = install =
github.com/mholt/caddy
[gowork.goinstall]
command = :
depends =
${caddy:recipe}
[caddy] [caddy]
recipe = slapos.recipe.cmmi # revision and repository can be used to control which caddy version is used
path = ${go_github.com_mholt_caddy:location} revision = db2741c6e0a1c06340391c5b9fa282b876a33361
go = ${gowork:golang}/bin/go repository = github.com/mholt/caddy/caddy
configure-command = :
make-targets = recipe = plone.recipe.command
make-binary = cd ${:path}/caddy && ${:go} install -v update-command = ${:command}
environment = stop-on-error = True
PATH=${pkgconfig:location}/bin:${gowork:golang}/bin:${buildout:bin-directory}:%(PATH)s # GO111MODULE=on enables go modules support
GOPATH=${gowork:directory} # the chmod is needed as modules are fetched with u-w
command =
. ${gowork:env.sh} &&
cd ${gowork:directory} &&
export GO111MODULE=on &&
go get ${:repository}@${:revision} &&
chmod -R u+w .
output = ${gowork:bin}/caddy output = ${gowork:bin}/caddy
location = ${:output}
# Code generated by gowork-snapshot; DO NOT EDIT.
# list of go git repositories to fetch
[gowork.goinstall]
depends_gitfetch =
${go_github.com_mholt_caddy:recipe}
[go_github.com_mholt_caddy]
<= go-git-package
go.importpath = github.com/mholt/caddy
repository = https://lab.nexedi.com/nexedi/caddy.git
revision = nxd-v0.11.1-5-gdd393ce3a67e6a773be87185528a00f2e0a9eb26
[buildout]
parts =
lz4
[lz4]
recipe = slapos.recipe.cmmi
url = https://github.com/lz4/lz4/archive/v1.8.3.tar.gz
md5sum = d5ce78f7b1b76002bbfffa6f78a5fc4e
configure-command = true
...@@ -9,11 +9,13 @@ extends = ...@@ -9,11 +9,13 @@ extends =
../jemalloc/buildout.cfg ../jemalloc/buildout.cfg
../libaio/buildout.cfg ../libaio/buildout.cfg
../libxml2/buildout.cfg ../libxml2/buildout.cfg
../lz4/buildout.cfg
../ncurses/buildout.cfg ../ncurses/buildout.cfg
../openssl/buildout.cfg ../openssl/buildout.cfg
../patch/buildout.cfg ../patch/buildout.cfg
../pkgconfig/buildout.cfg ../pkgconfig/buildout.cfg
../readline/buildout.cfg ../readline/buildout.cfg
../snappy/buildout.cfg
../xz-utils/buildout.cfg ../xz-utils/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
../unixodbc/buildout.cfg ../unixodbc/buildout.cfg
...@@ -26,8 +28,8 @@ parts = ...@@ -26,8 +28,8 @@ parts =
[mariadb] [mariadb]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = https://downloads.mariadb.org/f/mariadb-${:version}/source/mariadb-${:version}.tar.gz/from/http%3A//fr.mirror.babylon.network/mariadb/?serve url = https://downloads.mariadb.org/f/mariadb-${:version}/source/mariadb-${:version}.tar.gz/from/http%3A//fr.mirror.babylon.network/mariadb/?serve
version = 10.2.22 version = 10.2.23
md5sum = f390235995b72b4c50948a43eb7e41fe md5sum = 941c9ac6ee7709fd88a4098ecfc0a4b0
patch-options = -p0 patch-options = -p0
patches = patches =
${:_profile_base_location_}/mariadb_10.2.16_create_system_tables__no_test.patch#3fd5f9febabdb42d4b6653969a0194f9 ${:_profile_base_location_}/mariadb_10.2.16_create_system_tables__no_test.patch#3fd5f9febabdb42d4b6653969a0194f9
...@@ -48,10 +50,12 @@ configure-options = ...@@ -48,10 +50,12 @@ configure-options =
-DWITH_EMBEDDED_SERVER=0 -DWITH_EMBEDDED_SERVER=0
-DWITH_JEMALLOC=yes -DWITH_JEMALLOC=yes
-DWITH_INNODB_BZIP2=ON -DWITH_INNODB_BZIP2=ON
-DWITH_INNODB_LZ4=OFF -DWITH_INNODB_LZ4=ON
-DWITH_INNODB_LZMA=ON -DWITH_INNODB_LZMA=ON
-DWITH_INNODB_LZO=OFF -DWITH_INNODB_SNAPPY=ON
-DWITH_INNODB_SNAPPY=OFF -DWITH_ROCKSDB_LZ4=ON
-DWITH_ROCKSDB_snappy=ON
-DWITH_ROCKSDB_ZSTD=ON
-DWITH_SAFEMALLOC=OFF -DWITH_SAFEMALLOC=OFF
-DPLUGIN_DAEMON_EXAMPLE=NO -DPLUGIN_DAEMON_EXAMPLE=NO
-DPLUGIN_EXAMPLE=NO -DPLUGIN_EXAMPLE=NO
...@@ -63,13 +67,13 @@ configure-options = ...@@ -63,13 +67,13 @@ configure-options =
-DCMAKE_LIBRARY_PATH=${unixodbc:location}/lib -DCMAKE_LIBRARY_PATH=${unixodbc:location}/lib
-DCMAKE_C_COMPILER=${gcc:location}/bin/gcc -DCMAKE_C_COMPILER=${gcc:location}/bin/gcc
-DCMAKE_CXX_COMPILER=${gcc:location}/bin/g++ -DCMAKE_CXX_COMPILER=${gcc:location}/bin/g++
CMAKE_CFLAGS = -I${bzip2:location}/include -I${jemalloc:location}/include -I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${xz-utils:location}/include -I${zlib:location}/include -I${unixodbc:location}/include -I${zstd:location}/include CMAKE_CFLAGS = -I${bzip2:location}/include -I${jemalloc:location}/include -I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${readline5:location}/include -I${xz-utils:location}/include -I${zlib:location}/include -I${unixodbc:location}/include -I${lz4:location}/include -I${snappy:location}/include -I${zstd:location}/include
CMAKE_LIBRARY_PATH = ${bzip2:location}/lib:${jemalloc:location}/lib:${libaio:location}/lib:${libxml2:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${xz-utils:location}/lib:${zlib:location}/lib:${unixodbc:location}/lib:${zstd:location}/lib:${gcc:location}/lib:${gcc:location}/lib64 CMAKE_LIBRARY_PATH = ${bzip2:location}/lib:${jemalloc:location}/lib:${libaio:location}/lib:${libxml2:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${readline5:location}/lib:${xz-utils:location}/lib:${zlib:location}/lib:${unixodbc:location}/lib:${lz4:location}/lib:${snappy:location}/lib:${zstd:location}/lib:${gcc:location}/lib:${gcc:location}/lib64
environment = environment =
CMAKE_PROGRAM_PATH=${cmake:location}/bin CMAKE_PROGRAM_PATH=${cmake:location}/bin
CMAKE_INCLUDE_PATH=${bzip2:location}/include:${libaio:location}/include:${libaio:location}/include:${libxml2:location}/include:${ncurses:location}/include:${openssl:location}/include:${readline5:location}/include:${xz-utils:location}/include:${zlib:location}/include:${unixodbc:location}/include:${zstd:location}/include CMAKE_INCLUDE_PATH=${bzip2:location}/include:${libaio:location}/include:${libaio:location}/include:${libxml2:location}/include:${ncurses:location}/include:${openssl:location}/include:${readline5:location}/include:${xz-utils:location}/include:${zlib:location}/include:${unixodbc:location}/include:${lz4:location}/include:${snappy:location}/include:${zstd:location}/include
CMAKE_LIBRARY_PATH=${:CMAKE_LIBRARY_PATH} CMAKE_LIBRARY_PATH=${:CMAKE_LIBRARY_PATH}
LDFLAGS=-L${bzip2:location}/lib -L${jemalloc:location}/lib -L${libaio:location}/lib -L${xz-utils:location}/lib -L${zlib:location}/lib -L${unixodbc:location}/lib LDFLAGS=-L${bzip2:location}/lib -L${jemalloc:location}/lib -L${libaio:location}/lib -L${xz-utils:location}/lib -L${zlib:location}/lib -L${unixodbc:location}/lib -L${lz4:location}/lib -L${snappy:location}/lib -L${zstd:location}/lib
PATH=${patch:location}/bin:%(PATH)s PATH=${patch:location}/bin:%(PATH)s
post-install = post-install =
mkdir -p ${:location}/include/wsrep && mkdir -p ${:location}/include/wsrep &&
......
[buildout]
extends =
../cmake/buildout.cfg
parts =
snappy
[snappy]
recipe = slapos.recipe.cmmi
url = https://github.com/google/snappy/archive/1.1.7.tar.gz
md5sum = ee9086291c9ae8deb4dac5e0b85bf54a
location = ${buildout:parts-directory}/${:_buildout_section_name_}
configure-command = ${cmake:location}/bin/cmake
configure-options =
-DCMAKE_INSTALL_PREFIX=${:location}
-DBUILD_SHARED_LIBS=ON
environment =
CMAKE_PROGRAM_PATH=${cmake:location}/bin
...@@ -90,6 +90,8 @@ About SSL and SlapOS Master Zero Knowledge ...@@ -90,6 +90,8 @@ About SSL and SlapOS Master Zero Knowledge
SSL keys and certificates are directly send to the frontend cluster in order to follow zero knowledge principle of SlapOS Master. SSL keys and certificates are directly send to the frontend cluster in order to follow zero knowledge principle of SlapOS Master.
*Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate. This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs.
Master partition Master partition
---------------- ----------------
...@@ -218,14 +220,10 @@ caddy_custom_https ...@@ -218,14 +220,10 @@ caddy_custom_https
~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above. Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
*Note*: The system will reject slaves which does not pass validation of caddy configuration, despite them being in ``-frontend-authorized-slave-string``, as otherwise this will lead to the whole frontend to fail.
caddy_custom_http caddy_custom_http
~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above
*Note*: The system will reject slaves which does not pass validation of caddy configuration, despite them being in ``-frontend-authorized-slave-string``, as otherwise this will lead to the whole frontend to fail.
url url
~~~ ~~~
Necessary to activate cache. ``url`` of backend to use. Necessary to activate cache. ``url`` of backend to use.
...@@ -343,7 +341,7 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be:: ...@@ -343,7 +341,7 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
"caddy_custom_https":' "caddy_custom_https":'
https://www.example.com:%(https_port)s, https://example.com:%(https_port)s { https://www.example.com:%(https_port)s, https://example.com:%(https_port)s {
bind %(local_ipv4)s bind %(local_ipv4)s
tls %%(certificate)s %%(certificate)s tls %(certificate)s %(certificate)s
log / %(access_log)s {combined} log / %(access_log)s {combined}
errors %(error_log)s errors %(error_log)s
......
Generally things to be done with ``caddy-frontend``: Generally things to be done with ``caddy-frontend``:
* tests: add assertion with results of promises in etc/promise for each partition
* README: cleanup the documentation, explain various specifics * README: cleanup the documentation, explain various specifics
* check the whole frontend slave snippet with ``caddy -validate`` during buildout run, and reject if does not pass validation * check the whole frontend slave snippet with ``caddy -validate`` during buildout run, and reject if does not pass validation
* (new) ``type:websocket`` slave * (new) ``type:websocket`` slave
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 111ff0794c90657b658e3d50525e7fed md5sum = fd2ff61d9270109115ced8f56fb0be17
[template-common] [template-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,15 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b ...@@ -22,15 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = abbbc8f24cdef389b9b2859b0ef8dd0e md5sum = ab5312fb5454d5358b22b000cf6ed124
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = 81ad603fe0a1e29948bd81b457e8d7a4 md5sum = 37edefdb9963daa67b01e5d55d97c17d
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
md5sum = dfbe4378610aa42f2cbc2a55d386324e md5sum = f9efdfe7a7e3a78f0b15f414b5469316
[template-slave-configuration] [template-slave-configuration]
filename = templates/custom-virtualhost.conf.in filename = templates/custom-virtualhost.conf.in
...@@ -42,23 +42,19 @@ md5sum = 38e9994be01ea1b8a379f8ff7aa05438 ...@@ -42,23 +42,19 @@ md5sum = 38e9994be01ea1b8a379f8ff7aa05438
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
filename = templates/Caddyfile.in filename = templates/Caddyfile.in
md5sum = df8c08c9aecb48fdbcdfca40f9cf74a4 md5sum = dfec964a9f194293567b09d0f10e4b3d
[caddy-backend-url-validator] [caddy-backend-url-validator]
filename = templates/caddy-backend-url-validator.in filename = templates/caddy-backend-url-validator.in
md5sum = 0979a03476e86bf038516c9565dadc17 md5sum = 0979a03476e86bf038516c9565dadc17
[caddy-custom-http-validator]
filename = templates/caddy-custom-http-validator.in
md5sum = a264208e960cdcd25ef27ed8cf730240
[template-not-found-html] [template-not-found-html]
filename = templates/notfound.html filename = templates/notfound.html
md5sum = f20d6c3d2d94fb685f8d26dfca1e822b md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 4308b63820d3682511ce54040d1ae60e md5sum = b882c408202cd2dd13f619210321a528
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
...@@ -66,7 +62,7 @@ md5sum = 907372828d1ceb05c41240078196f439 ...@@ -66,7 +62,7 @@ md5sum = 907372828d1ceb05c41240078196f439
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in filename = templates/template-log-access.conf.in
md5sum = 704f37bfdd52fe628ae81d41abba8d7a md5sum = f8068179333ce19e95df561c70073857
[template-empty] [template-empty]
filename = templates/empty.in filename = templates/empty.in
...@@ -90,7 +86,7 @@ md5sum = cd6bb9bd0734f17469b0ca88f8b1a531 ...@@ -90,7 +86,7 @@ md5sum = cd6bb9bd0734f17469b0ca88f8b1a531
[template-nginx-configuration] [template-nginx-configuration]
filename = templates/nginx.cfg.in filename = templates/nginx.cfg.in
md5sum = 30f30ef3539fe6b7ab99162ae8e71a87 md5sum = d4c6c585c8a7da12c16b4b8e5a1cd90a
[template-nginx-eventsource-slave-virtualhost] [template-nginx-eventsource-slave-virtualhost]
filename = templates/nginx-eventsource-slave.conf.in filename = templates/nginx-eventsource-slave.conf.in
...@@ -98,11 +94,11 @@ md5sum = 217a6c801b8330b0b825f7b8b4c77184 ...@@ -98,11 +94,11 @@ md5sum = 217a6c801b8330b0b825f7b8b4c77184
[template-nginx-notebook-slave-virtualhost] [template-nginx-notebook-slave-virtualhost]
filename = templates/nginx-notebook-slave.conf.in filename = templates/nginx-notebook-slave.conf.in
md5sum = ac17212a53be2c08ab84682ec665148d md5sum = 982489258b9c2cafc9b52a94e7a8660f
[template-apache-lazy-script-call] [template-caddy-lazy-script-call]
filename = templates/apache-lazy-script-call.sh.in filename = templates/apache-lazy-script-call.sh.in
md5sum = ebe5d3d19923eb812a40019cb11276d8 md5sum = b9f73f6323f9fceea054c46c854d2862
[template-graceful-script] [template-graceful-script]
filename = templates/graceful-script.sh.in filename = templates/graceful-script.sh.in
...@@ -122,4 +118,4 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8 ...@@ -122,4 +118,4 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8
[template-kedifa] [template-kedifa]
filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
md5sum = 5597b2184b445af69ad6d517d0729ad6 md5sum = cc6f32656e76f4b79b5e47567b930f74
...@@ -35,7 +35,7 @@ parts += ...@@ -35,7 +35,7 @@ parts +=
recipe = slapos.recipe.build:gitclone recipe = slapos.recipe.build:gitclone
repository = https://lab.nexedi.com/nexedi/kedifa.git repository = https://lab.nexedi.com/nexedi/kedifa.git
git-executable = ${git:location}/bin/git git-executable = ${git:location}/bin/git
revision = 67bd60ea1bfb4fc6aafdfe4fa204f725731f20cf revision = 73a14b0e88afe7512f2fefe6ee9e0000fa523d5d
[kedifa-develop] [kedifa-develop]
recipe = zc.recipe.egg:develop recipe = zc.recipe.egg:develop
...@@ -111,7 +111,7 @@ openssl_cnf = ${openssl:location}/etc/ssl/openssl.cnf ...@@ -111,7 +111,7 @@ openssl_cnf = ${openssl:location}/etc/ssl/openssl.cnf
trafficserver = ${trafficserver7:location} trafficserver = ${trafficserver7:location}
sha256sum = ${coreutils:location}/bin/sha256sum sha256sum = ${coreutils:location}/bin/sha256sum
kedifa = ${:bin_directory}/kedifa kedifa = ${:bin_directory}/kedifa
kedifa-getter = ${:bin_directory}/kedifa-getter kedifa-updater = ${:bin_directory}/kedifa-updater
kedifa-csr = ${:bin_directory}/kedifa-csr kedifa-csr = ${:bin_directory}/kedifa-csr
monitor_template = ${monitor-template:output} monitor_template = ${monitor-template:output}
...@@ -152,7 +152,6 @@ context = ...@@ -152,7 +152,6 @@ context =
key template_kedifa template-kedifa:target key template_kedifa template-kedifa:target
key template_replicate_publish_slave_information template-replicate-publish-slave-information:target key template_replicate_publish_slave_information template-replicate-publish-slave-information:target
key caddy_backend_url_validator caddy-backend-url-validator:output key caddy_backend_url_validator caddy-backend-url-validator:output
key caddy_custom_http_validator caddy-custom-http-validator:output
section template_frontend_parameter_dict template-frontend-parameter-section section template_frontend_parameter_dict template-frontend-parameter-section
key caucase_jinja2_library caucase-jinja2-library:target key caucase_jinja2_library caucase-jinja2-library:target
...@@ -169,13 +168,6 @@ filename = caddy-backend-url-validator.in ...@@ -169,13 +168,6 @@ filename = caddy-backend-url-validator.in
output = ${buildout:directory}/caddy-backend-url-validator output = ${buildout:directory}/caddy-backend-url-validator
mode = 0750 mode = 0750
[caddy-custom-http-validator]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/templates/${:filename}
filename = caddy-custom-http-validator.in
output = ${buildout:directory}/caddy-custom-http-validator
mode = 0750
[template-caddy-replicate] [template-caddy-replicate]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
......
...@@ -100,7 +100,6 @@ single-custom-personal = ${dynamic-custom-personal-template-slave-list:rendered} ...@@ -100,7 +100,6 @@ single-custom-personal = ${dynamic-custom-personal-template-slave-list:rendered}
template-log-access = {{ parameter_dict['template_log_access'] }} template-log-access = {{ parameter_dict['template_log_access'] }}
log-access-configuration = ${directory:etc}/log-access.conf log-access-configuration = ${directory:etc}/log-access.conf
ip-access-certificate = ${self-signed-ip-access:certificate} ip-access-certificate = ${self-signed-ip-access:certificate}
ip-access-key = ${self-signed-ip-access:key}
caddy-directory = {{ parameter_dict['caddy_location'] }} caddy-directory = {{ parameter_dict['caddy_location'] }}
caddy-ipv6 = {{ instance_parameter['ipv6-random'] }} caddy-ipv6 = {{ instance_parameter['ipv6-random'] }}
caddy-https-port = ${configuration:port} caddy-https-port = ${configuration:port}
...@@ -111,17 +110,16 @@ recipe = plone.recipe.command ...@@ -111,17 +110,16 @@ recipe = plone.recipe.command
update-command = ${:command} update-command = ${:command}
ipv6 = ${slap-network-information:global-ipv6} ipv6 = ${slap-network-information:global-ipv6}
ipv4 = {{instance_parameter['ipv4-random']}} ipv4 = {{instance_parameter['ipv4-random']}}
key = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.key
certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
stop-on-error = True stop-on-error = True
command = command =
[ -f ${:key} ] && [ -f ${:certificate} ] && exit 0 [ -f ${:certificate} ] && exit 0
rm -f ${:key} ${:certificate} rm -f ${:certificate}
/bin/bash -c ' \ /bin/bash -c ' \
{{ parameter_dict['openssl'] }} req \ {{ parameter_dict['openssl'] }} req \
-new -newkey rsa:2048 -sha256 \ -new -newkey rsa:2048 -sha256 \
-nodes -x509 -days 36500 \ -nodes -x509 -days 36500 \
-keyout ${:key} \ -keyout ${:certificate} \
-subj "/CN=Self Signed IP Access" \ -subj "/CN=Self Signed IP Access" \
-reqexts SAN \ -reqexts SAN \
-extensions SAN \ -extensions SAN \
...@@ -129,6 +127,25 @@ command = ...@@ -129,6 +127,25 @@ command =
<(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \ <(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \
-out ${:certificate}' -out ${:certificate}'
[self-signed-fallback-access]
# Self Signed certificate for HTTPS access to the frontend with fallback certificate
recipe = plone.recipe.command
update-command = ${:command}
ipv6 = ${slap-network-information:global-ipv6}
ipv4 = {{instance_parameter['ipv4-random']}}
certificate = ${caddy-directory:master-autocert-dir}/fallback-access.crt
stop-on-error = True
command =
[ -f ${:certificate} ] && exit 0
rm -f ${:certificate}
/bin/bash -c ' \
{{ parameter_dict['openssl'] }} req \
-new -newkey rsa:2048 -sha256 \
-nodes -x509 -days 36500 \
-keyout ${:certificate} \
-subj "/CN=Fallback certificate/OU={{ instance_parameter['configuration.frontend-name'] }}" \
-out ${:certificate}'
[jinja2-template-base] [jinja2-template-base]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/${:filename} rendered = ${buildout:directory}/${:filename}
...@@ -138,7 +155,6 @@ slapparameter_dict = {{ dumps(instance_parameter['configuration']) }} ...@@ -138,7 +155,6 @@ slapparameter_dict = {{ dumps(instance_parameter['configuration']) }}
slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }} slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }}
context = context =
import json_module json import json_module json
import os_module os
raw common_profile {{ parameter_dict['common_profile'] }} raw common_profile {{ parameter_dict['common_profile'] }}
raw logrotate_base_instance {{ parameter_dict['logrotate_base_instance'] }} raw logrotate_base_instance {{ parameter_dict['logrotate_base_instance'] }}
key slap_software_type :slap_software_type key slap_software_type :slap_software_type
...@@ -212,7 +228,9 @@ bin_directory = {{ parameter_dict['bin_directory'] }} ...@@ -212,7 +228,9 @@ bin_directory = {{ parameter_dict['bin_directory'] }}
caddy_executable = {{ parameter_dict['caddy'] }} caddy_executable = {{ parameter_dict['caddy'] }}
caucase_url = {{ slapparameter_dict['kedifa-caucase-url'] }} caucase_url = {{ slapparameter_dict['kedifa-caucase-url'] }}
sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel
kedifa-getter = {{ parameter_dict['kedifa-getter'] }} kedifa-updater = {{ parameter_dict['kedifa-updater'] }}
kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt
kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json
kedifa-csr = {{ parameter_dict['kedifa-csr'] }} kedifa-csr = {{ parameter_dict['kedifa-csr'] }}
service_directory = ${directory:service} service_directory = ${directory:service}
extra-context = extra-context =
...@@ -222,7 +240,9 @@ extra-context = ...@@ -222,7 +240,9 @@ extra-context =
key nginx_configuration_directory caddy-directory:nginx-slave-configuration key nginx_configuration_directory caddy-directory:nginx-slave-configuration
key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration key caddy_cached_configuration_directory caddy-directory:slave-with-cache-configuration
key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration key slave_with_cache_configuration_directory caddy-directory:slave-with-cache-configuration
key kedifa_getter :kedifa-getter key kedifa_updater :kedifa-updater
key kedifa_updater_mapping_file :kedifa-updater-mapping-file
key kedifa_updater_state_file :kedifa-updater-state-file
key kedifa_csr :kedifa-csr key kedifa_csr :kedifa-csr
key caddy_executable :caddy_executable key caddy_executable :caddy_executable
key caucase_url :caucase_url key caucase_url :caucase_url
...@@ -259,6 +279,8 @@ extra-context = ...@@ -259,6 +279,8 @@ extra-context =
key template_notebook_slave_configuration software-release-path:template-nginx-notebook-slave-virtualhost key template_notebook_slave_configuration software-release-path:template-nginx-notebook-slave-virtualhost
key software_type :software_type key software_type :software_type
key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
key frontend_graceful_reload caddy-configuration:frontend-graceful-command
key nginx_graceful_reload nginx-configuration:nginx-graceful-command
section frontend_configuration frontend-configuration section frontend_configuration frontend-configuration
section caddy_configuration caddy-configuration section caddy_configuration caddy-configuration
section nginx_configuration nginx-configuration section nginx_configuration nginx-configuration
...@@ -277,10 +299,10 @@ extra-context = ...@@ -277,10 +299,10 @@ extra-context =
key service_directory directory:service key service_directory directory:service
key run_directory directory:etc-run key run_directory directory:etc-run
key not_found_file caddy-configuration:not-found-file key not_found_file caddy-configuration:not-found-file
# BBB: SlapOS Master non-zero knowledge BEGIN
key custom_ssl_directory caddy-directory:custom-ssl-directory key custom_ssl_directory caddy-directory:custom-ssl-directory
# BBB: SlapOS Master non-zero knowledge BEGIN
key bbb_ssl_directory directory:bbb-ssl-dir
key apache_certificate apache-certificate:rendered key apache_certificate apache-certificate:rendered
key apache_key apache-key:rendered
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
[dynamic-virtualhost-template-slave] [dynamic-virtualhost-template-slave]
...@@ -323,7 +345,6 @@ extra-context = ...@@ -323,7 +345,6 @@ extra-context =
key password monitor-htpasswd:passwd key password monitor-htpasswd:passwd
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:rendered key apache_certificate apache-certificate:rendered
key apache_key apache-key:rendered
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
[caddy-wrapper] [caddy-wrapper]
...@@ -332,7 +353,8 @@ environment = ...@@ -332,7 +353,8 @@ environment =
CADDYPATH=${directory:frontend_cluster} CADDYPATH=${directory:frontend_cluster}
command-line = {{ parameter_dict['caddy'] }} command-line = {{ parameter_dict['caddy'] }}
-conf ${dynamic-caddy-frontend-template:rendered} -conf ${dynamic-caddy-frontend-template:rendered}
-log stdout -log ${caddy-configuration:error-log}
-log-roll-mb 0
{% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %} {% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %}
-http2=false -http2=false
{% else %} {% else %}
...@@ -343,7 +365,7 @@ command-line = {{ parameter_dict['caddy'] }} ...@@ -343,7 +365,7 @@ command-line = {{ parameter_dict['caddy'] }}
{% endif %} {% endif %}
-grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
-disable-http-challenge -disable-http-challenge
-disable-tls-sni-challenge -disable-tls-alpn-challenge
wrapper-path = ${directory:bin}/caddy-wrapper wrapper-path = ${directory:bin}/caddy-wrapper
[caddy-frontend] [caddy-frontend]
...@@ -369,9 +391,7 @@ slave-log = ${directory:log}/httpd ...@@ -369,9 +391,7 @@ slave-log = ${directory:log}/httpd
nginx-slave-configuration = ${directory:etc}/nginx-slave-conf.d/ nginx-slave-configuration = ${directory:etc}/nginx-slave-conf.d/
autocert = ${directory:srv}/autocert autocert = ${directory:srv}/autocert
master-autocert-dir = ${:autocert}/master-autocert master-autocert-dir = ${:autocert}/master-autocert
# BBB: SlapOS Master non-zero knowledge BEGIN
custom-ssl-directory = ${:slave-configuration}/ssl custom-ssl-directory = ${:slave-configuration}/ssl
# BBB: SlapOS Master non-zero knowledge END
[caddy-configuration] [caddy-configuration]
frontend-configuration = ${directory:etc}/Caddyfile frontend-configuration = ${directory:etc}/Caddyfile
...@@ -393,21 +413,23 @@ command-line = ${frontend-caddy-validate:rendered} ...@@ -393,21 +413,23 @@ command-line = ${frontend-caddy-validate:rendered}
wrapper-path = ${directory:bin}/caddy-configtest wrapper-path = ${directory:bin}/caddy-configtest
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
[apache-key] [get-self-signed-fallback-access]
< = jinja2-template-base recipe = collective.recipe.shelloutput
template = {{ parameter_dict['template_empty'] }} commands =
rendered = ${directory:bbb-ssl-dir}/frontend.key certificate = cat ${self-signed-fallback-access:certificate}
content = ${configuration:apache-key}
extra-context =
key content :content
[apache-certificate] [apache-certificate]
< = jinja2-template-base recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template_empty'] }} template = inline:
{% raw %}
{{ certificate or fallback_certificate }}
{{ key or '' }}
{% endraw %}
context =
key certificate configuration:apache-certificate
key key configuration:apache-key
key fallback_certificate get-self-signed-fallback-access:certificate
rendered = ${directory:bbb-ssl-dir}/frontend.crt rendered = ${directory:bbb-ssl-dir}/frontend.crt
content = ${configuration:apache-certificate}
extra-context =
key content :content
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
[logrotate-entry-caddy] [logrotate-entry-caddy]
...@@ -415,6 +437,11 @@ extra-context = ...@@ -415,6 +437,11 @@ extra-context =
name = caddy name = caddy
log = ${caddy-configuration:error-log} ${caddy-configuration:access-log} log = ${caddy-configuration:error-log} ${caddy-configuration:access-log}
rotate-num = 30 rotate-num = 30
# Note: Slaves do not define their own reload, as this would be repeated,
# because sharedscripts work per entry, and each slave needs its own
# olddir
# Here we trust that there will be something to be rotated with error
# or access log, and that this will trigger postrotate script.
post = ${frontend-caddy-lazy-graceful:rendered} & post = ${frontend-caddy-lazy-graceful:rendered} &
[logrotate-entry-nginx] [logrotate-entry-nginx]
...@@ -557,7 +584,7 @@ template = {{ parameter_dict['template_graceful_script'] }} ...@@ -557,7 +584,7 @@ template = {{ parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/frontend-caddy-safe-graceful rendered = ${directory:etc-run}/frontend-caddy-safe-graceful
mode = 0700 mode = 0700
path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:slave-with-cache-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*/*.pem ${caddy-directory:custom-ssl-directory}/*.key ${caddy-directory:custom-ssl-directory}/*.crt ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.key ${directory:bbb-ssl-dir}/*.crt path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:slave-with-cache-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
sha256sum = {{ parameter_dict['sha256sum'] }} sha256sum = {{ parameter_dict['sha256sum'] }}
signature_file = ${directory:run}/caddy_graceful_signature signature_file = ${directory:run}/caddy_graceful_signature
extra-context = extra-context =
...@@ -571,7 +598,7 @@ extra-context = ...@@ -571,7 +598,7 @@ extra-context =
template = {{ parameter_dict['template_graceful_script'] }} template = {{ parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/frontend-nginx-safe-graceful rendered = ${directory:etc-run}/frontend-nginx-safe-graceful
mode = 0700 mode = 0700
path_list = ${dynamic-nginx-frontend-template:rendered} ${caddy-directory:nginx-slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*/*.pem ${caddy-directory:custom-ssl-directory}/*.key ${caddy-directory:custom-ssl-directory}/*.crt ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.key ${directory:bbb-ssl-dir}/*.crt path_list = ${dynamic-nginx-frontend-template:rendered} ${caddy-directory:nginx-slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
sha256sum = {{ parameter_dict['sha256sum'] }} sha256sum = {{ parameter_dict['sha256sum'] }}
signature_file = ${directory:run}/nginx_graceful_signature signature_file = ${directory:run}/nginx_graceful_signature
extra-context = extra-context =
...@@ -741,7 +768,8 @@ environment = ...@@ -741,7 +768,8 @@ environment =
CADDYPATH=${directory:nginx_cluster} CADDYPATH=${directory:nginx_cluster}
command-line = {{ parameter_dict['caddy'] }} command-line = {{ parameter_dict['caddy'] }}
-conf ${dynamic-nginx-frontend-template:rendered} -conf ${dynamic-nginx-frontend-template:rendered}
-log stdout -log ${nginx-configuration:error_log}
-log-roll-mb 0
{% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %} {% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %}
-http2=false -http2=false
{% else %} {% else %}
...@@ -749,7 +777,7 @@ command-line = {{ parameter_dict['caddy'] }} ...@@ -749,7 +777,7 @@ command-line = {{ parameter_dict['caddy'] }}
{% endif %} {% endif %}
-grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
-disable-http-challenge -disable-http-challenge
-disable-tls-sni-challenge -disable-tls-alpn-challenge
wrapper-path = ${directory:bin}/nginx-wrapper wrapper-path = ${directory:bin}/nginx-wrapper
[nginx-frontend] [nginx-frontend]
...@@ -774,7 +802,6 @@ extra-context = ...@@ -774,7 +802,6 @@ extra-context =
key master_certificate caddy-configuration:master-certificate key master_certificate caddy-configuration:master-certificate
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:rendered key apache_certificate apache-certificate:rendered
key apache_key apache-key:rendered
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
[nginx-configuration] [nginx-configuration]
......
...@@ -75,7 +75,7 @@ context = ...@@ -75,7 +75,7 @@ context =
{% set warning_slave_dict = {} %} {% set warning_slave_dict = {} %}
{% set used_host_list = [] %} {% set used_host_list = [] %}
{% set unauthorized_message = 'slave not authorized' %} {% set unauthorized_message = 'slave not authorized' %}
{% for slave in slave_instance_list %} {% for slave in sorted(slave_instance_list) %}
{% set slave_error_list = [] %} {% set slave_error_list = [] %}
{% set slave_warning_list = [] %} {% set slave_warning_list = [] %}
{% set slave_server_alias_unclashed = [] %} {% set slave_server_alias_unclashed = [] %}
...@@ -114,8 +114,6 @@ context = ...@@ -114,8 +114,6 @@ context =
{% if not unauthorized_message in slave_error_list %} {% if not unauthorized_message in slave_error_list %}
{% do slave_error_list.append(unauthorized_message) %} {% do slave_error_list.append(unauthorized_message) %}
{% endif %} {% endif %}
{% elif subprocess_module.call([caddy_custom_http_validator, '' ~ slave[key]]) == 1 %}
{% do slave_error_list.append('slave %s configuration invalid' % (key,)) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endfor %} {# for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] #} {% endfor %} {# for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] #}
......
...@@ -159,7 +159,7 @@ command-line = {{ parameter_dict['caddy'] }} ...@@ -159,7 +159,7 @@ command-line = {{ parameter_dict['caddy'] }}
-log ${expose-csr_id-configuration:error-log} -log ${expose-csr_id-configuration:error-log}
-http2=true -http2=true
-disable-http-challenge -disable-http-challenge
-disable-tls-sni-challenge -disable-tls-alpn-challenge
-root ${directory:csr_id} -root ${directory:csr_id}
wrapper-path = ${directory:service}/expose-csr_id wrapper-path = ${directory:service}/expose-csr_id
......
...@@ -139,13 +139,6 @@ ...@@ -139,13 +139,6 @@
"title": "Verify Backend Certificates", "title": "Verify Backend Certificates",
"type": "string" "type": "string"
}, },
"ssl_ca_crt": {
"default": "",
"description": "Content of the CA certificate file",
"textarea": true,
"title": "SSL Certificate Authority's Certificate",
"type": "string"
},
"ssl_proxy_ca_crt": { "ssl_proxy_ca_crt": {
"default": "", "default": "",
"description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)", "description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
......
...@@ -97,27 +97,6 @@ ...@@ -97,27 +97,6 @@
"title": "Prefer gzip Encoding for Backend", "title": "Prefer gzip Encoding for Backend",
"type": "string" "type": "string"
}, },
"ssl_ca_crt": {
"default": "",
"description": "Content of the CA certificate file",
"textarea": true,
"title": "SSL Certificate Authority's Certificate",
"type": "string"
},
"ssl_crt": {
"default": "",
"description": "Content of the SSL Certificate file",
"textarea": true,
"title": "SSL Certificate",
"type": "string"
},
"ssl_key": {
"default": "",
"description": "Content of the SSL Key file",
"textarea": true,
"title": "SSL Key",
"type": "string"
}
}, },
"title": "Input Parameters", "title": "Input Parameters",
"type": "object" "type": "object"
......
...@@ -59,7 +59,6 @@ extra-context = ...@@ -59,7 +59,6 @@ extra-context =
import validators validators import validators validators
key cluster_identification instance-parameter:root-instance-title key cluster_identification instance-parameter:root-instance-title
raw caddy_backend_url_validator {{ caddy_backend_url_validator }} raw caddy_backend_url_validator {{ caddy_backend_url_validator }}
raw caddy_custom_http_validator {{ caddy_custom_http_validator }}
raw template_publish_slave_information {{ template_replicate_publish_slave_information }} raw template_publish_slave_information {{ template_replicate_publish_slave_information }}
# Must match the key id in [switch-softwaretype] which uses this section. # Must match the key id in [switch-softwaretype] which uses this section.
raw software_type RootSoftwareInstance-default-custom-personal-replicate raw software_type RootSoftwareInstance-default-custom-personal-replicate
......
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
extends = common.cfg extends = common.cfg
[versions] [versions]
# Modern KeDiFa requires zc.lockfile
zc.lockfile = 1.4
# Versions pinned for kedifa need urllib3 >= 1.18 # Versions pinned for kedifa need urllib3 >= 1.18
urllib3 = 1.24 urllib3 = 1.24
requests = 2.20.0 requests = 2.20.0
......
...@@ -4,45 +4,38 @@ import {{frontend_configuration.get('log-access-configuration')}} ...@@ -4,45 +4,38 @@ import {{frontend_configuration.get('log-access-configuration')}}
import {{ slave_configuration_directory }}/*.conf import {{ slave_configuration_directory }}/*.conf
import {{ slave_with_cache_configuration_directory }}/*.conf import {{ slave_with_cache_configuration_directory }}/*.conf
{%- set ssl = {} -%}
{%- if os_module.path.exists(master_certificate) -%}
{%- do ssl.__setitem__('certificate', master_certificate) -%}
{%- do ssl.__setitem__('key', master_certificate) -%}
{#- BBB: SlapOS Master non-zero knowledge BEGIN -#}
{%- elif os_module.path.getsize(apache_certificate) > 0 and os_module.path.getsize(apache_key) > 0 -%}
{%- do ssl.__setitem__('certificate', apache_certificate) -%}
{%- do ssl.__setitem__('key', apache_key) -%}
{%- endif -%}
{#- BBB: SlapOS Master non-zero knowledge END #}
# Catch-all and 404 for not configured instances
{% if 'key' in ssl %}
:{{ https_port }} { :{{ https_port }} {
tls {{ ssl['certificate'] }} {{ ssl['key'] }} tls {{ master_certificate }} {{ master_certificate }}
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
# Compress the output # Compress the output
gzip gzip
status 404 / status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ error_log }} { errors {{ error_log }} {
rotate_size 0
* {{ not_found_file }} * {{ not_found_file }}
} }
} }
{% endif %}
:{{ http_port }} { :{{ http_port }} {
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
# Compress the output # Compress the output
gzip gzip
status 404 / status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ error_log }} { errors {{ error_log }} {
rotate_size 0
* {{ not_found_file }} * {{ not_found_file }}
} }
} }
# Access to server-status Caddy-style # Access to server-status Caddy-style
https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status { https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-key'] }} tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-certificate'] }}
# Compress the output # Compress the output
gzip gzip
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
...@@ -52,8 +45,11 @@ https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv ...@@ -52,8 +45,11 @@ https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv
} }
expvar expvar
pprof pprof
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ error_log }} { errors {{ error_log }} {
rotate_size 0
* {{ not_found_file }} * {{ not_found_file }}
} }
} }
{% if software_type == slap_software_type %} {% if software_type == slap_software_type %}
{% set kedifa_updater_mapping = [] %}
{% set cached_server_dict = {} %} {% set cached_server_dict = {} %}
{% set part_list = [] %} {% set part_list = [] %}
{% set cache_port = caddy_configuration.get('cache-port') %} {% set cache_port = caddy_configuration.get('cache-port') %}
...@@ -20,7 +21,6 @@ recipe = slapos.recipe.template:jinja2 ...@@ -20,7 +21,6 @@ recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do extensions = jinja2.ext.do
extra-context = extra-context =
context = context =
import os_module os
raw common_profile {{ common_profile }} raw common_profile {{ common_profile }}
${:extra-context} ${:extra-context}
...@@ -32,12 +32,7 @@ notifempty = true ...@@ -32,12 +32,7 @@ notifempty = true
create = true create = true
{% if master_key_download_url %} {% if master_key_download_url %}
{% do part_list.append('master-key-download') %} {% do kedifa_updater_mapping.append((master_key_download_url, master_certificate, apache_certificate)) %}
[master-key-download]
recipe = plone.recipe.command
destination = {{ master_certificate }}
command = {{ kedifa_getter }} --out ${:destination} --server-ca-certificate {{ kedifa_caucase_ca_certificate }} --identity {{ kedifa_login_certificate }} {{ master_key_download_url }}
update-command = ${:command}
{% endif %} {% endif %}
{% if slave_kedifa_information %} {% if slave_kedifa_information %}
...@@ -174,34 +169,11 @@ bytes = 8 ...@@ -174,34 +169,11 @@ bytes = 8
{# ################################################## #} {# ################################################## #}
{# Set Slave Certificates if needed #} {# Set Slave Certificates if needed #}
{% set cert_dirname = slave_reference.replace('-','.') %} {# Set certificate key for custom configuration #}
{% set autocert_dir = '/'.join([autocert, cert_dirname]) %} {% set cert_name = slave_reference.replace('-','.') + '.pem' %}
[{{ slave_reference }}-path] {% set certificate = '%s/%s' % (autocert, cert_name) %}
recipe = slapos.cookbook:mkdirectory
cert = {{ autocert_dir }}
{# Set certificate key for custom configuration #}
{% set certificate = '%s/certificate.pem' % (autocert_dir, ) %}
{% do slave_parameter_dict.__setitem__('certificate', certificate )%} {% do slave_parameter_dict.__setitem__('certificate', certificate )%}
[{{ slave_reference }}-key-download]
recipe = plone.recipe.command
destination = {{ '${' + slave_reference + '-path:cert}/downloaded.pem' }}
used = {{ '${' + slave_reference + '-path:cert}/certificate.pem' }}
source-master = ${master-key-download:destination}
command =
{{ kedifa_getter }} --out ${:destination} --server-ca-certificate {{ kedifa_caucase_ca_certificate }} --identity {{ kedifa_login_certificate }} {{ key_download_url }}
if [ -f ${:destination} ] ; then
# if the slave specific certificate is available, use it
ln -sf ${:destination} ${:used}
elif [ -f ${:source-master} ] ; then
# if the master provided certificate is available, use it
ln -sf ${:source-master} ${:used}
else
rm -f ${:used}
fi
update-command = ${:command}
# BBB: SlapOS Master non-zero knowledge BEGIN
{# Set ssl certificates for each slave #} {# Set ssl certificates for each slave #}
{% for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%} {% for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
{% if cert_name in slave_instance %} {% if cert_name in slave_instance %}
...@@ -217,6 +189,7 @@ template = {{ empty_template }} ...@@ -217,6 +189,7 @@ template = {{ empty_template }}
rendered = {{ cert_file }} rendered = {{ cert_file }}
extra-context = extra-context =
key content {{ cert_title + '-config:value' }} key content {{ cert_title + '-config:value' }}
# BBB: SlapOS Master non-zero knowledge BEGIN
# Store certificate in config # Store certificate in config
[{{ cert_title + '-config' }}] [{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }} value = {{ dumps(slave_instance.get(cert_name)) }}
...@@ -224,42 +197,29 @@ value = {{ dumps(slave_instance.get(cert_name)) }} ...@@ -224,42 +197,29 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
{% endfor %} {% endfor %}
{#- Set Up Certs #} {#- Set Up Certs #}
{% do slave_instance.__setitem__('apache_certificate', apache_certificate) %}
{% do slave_instance.__setitem__('apache_key', apache_key) %}
{% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %} {% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
{% set cert_title = '%s-crt' % (slave_reference) %} {% set cert_title = '%s-crt' % (slave_reference) %}
{% set key_title = '%s-key' % (slave_reference) %} {% set cert_file = '/'.join([bbb_ssl_directory, cert_title.replace('-','.')]) %}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %} {% do kedifa_updater_mapping.append((key_download_url, certificate, cert_file)) %}
{% set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) %}
{% do part_list.append(cert_title) %} {% do part_list.append(cert_title) %}
{% do part_list.append(key_title) %}
{% do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %} {% do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
{% do slave_parameter_dict.__setitem__("ssl_key", key_file) %}
{% do slave_instance.__setitem__('path_to_ssl_crt', cert_file) %}
{% do slave_instance.__setitem__('path_to_ssl_key', key_file) %}
[{{key_title}}]
< = jinja2-template-base
template = {{ empty_template }}
rendered = {{ key_file }}
key-content = {{ dumps(slave_instance.get('ssl_key')) }}
extra-context =
key content :key-content
[{{cert_title}}] [{{cert_title}}]
< = jinja2-template-base < = jinja2-template-base
template = {{ empty_template }} template = {{ empty_template }}
rendered = {{ cert_file }} rendered = {{ cert_file }}
cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '')) }} cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '') + '\n' + slave_instance.get('ssl_key')) }}
extra-context = extra-context =
key content :cert-content key content :cert-content
{% endif %} {% else %}
{% do kedifa_updater_mapping.append((key_download_url, certificate, master_certificate)) %}
{% endif %}
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
{# ########################################## #} {# ########################################## #}
{# Set Slave Configuration #} {# Set Slave Configuration #}
[{{ slave_configuration_section_name }}] [{{ slave_configuration_section_name }}]
certificate = {{ '${' + slave_reference + '-key-download:used}' }} certificate = {{ certificate }}
https_port = {{ dumps('' ~ https_port) }} https_port = {{ dumps('' ~ https_port) }}
http_port = {{ dumps('' ~ http_port) }} http_port = {{ dumps('' ~ http_port) }}
local_ipv4 = {{ dumps('' ~ local_ipv4) }} local_ipv4 = {{ dumps('' ~ local_ipv4) }}
...@@ -466,7 +426,6 @@ global_ipv6 = {{ dumps(global_ipv6) }} ...@@ -466,7 +426,6 @@ global_ipv6 = {{ dumps(global_ipv6) }}
https_port = {{ dumps(https_port) }} https_port = {{ dumps(https_port) }}
http_port = {{ dumps(http_port) }} http_port = {{ dumps(http_port) }}
ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }} ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }}
ip_access_key = {{ frontend_configuration.get('ip-access-key') }}
access_log = {{ dumps(access_log) }} access_log = {{ dumps(access_log) }}
error_log = {{ dumps(error_log) }} error_log = {{ dumps(error_log) }}
not_found_file = {{ dumps(not_found_file) }} not_found_file = {{ dumps(not_found_file) }}
...@@ -493,12 +452,44 @@ monitor-base-url = {{ monitor_base_url }} ...@@ -493,12 +452,44 @@ monitor-base-url = {{ monitor_base_url }}
csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt
csr_id-certificate = ${get-csr_id-certificate:certificate} csr_id-certificate = ${get-csr_id-certificate:certificate}
[kedifa-updater]
recipe = slapos.cookbook:wrapper
command-line = {{ kedifa_updater }}
--server-ca-certificate {{ kedifa_caucase_ca_certificate }}
--identity {{ kedifa_login_certificate }}
--master-certificate {{ master_certificate }}
--on-update "{{ frontend_graceful_reload }} ; {{ nginx_graceful_reload }}"
${kedifa-updater-mapping:file}
{{ kedifa_updater_state_file }}
wrapper-path = {{ service_directory }}/kedifa-updater
hash-files = ${buildout:directory}/software_release/buildout.cfg
[kedifa-updater-mapping]
recipe = slapos.recipe.template:jinja2
file = {{ kedifa_updater_mapping_file }}
template = inline:
{% for mapping in kedifa_updater_mapping %}
{{ mapping[0] }} {{ mapping[1] }} {{ mapping[2] }}
{% endfor %}
rendered = ${:file}
[caddy-log-access-header]
# Caddy refuse to start if an `import`ed file is empty, so we prepend a header
# so that the file is never empty.
< = jinja2-template-base
template = inline: # This file contain directives to serve directories with log files
rendered = {{frontend_configuration.get('log-access-configuration')}}
[buildout] [buildout]
extends = extends =
{{ common_profile }} {{ common_profile }}
{{ logrotate_base_instance }} {{ logrotate_base_instance }}
parts += parts +=
kedifa-updater
caddy-log-access-header
{% for part in part_list %} {% for part in part_list %}
{{ ' %s' % part }} {{ ' %s' % part }}
{% endfor %} {% endfor %}
...@@ -570,7 +561,7 @@ command-line = {{ caddy_executable }} ...@@ -570,7 +561,7 @@ command-line = {{ caddy_executable }}
-log ${expose-csr_id-configuration:error-log} -log ${expose-csr_id-configuration:error-log}
-http2=true -http2=true
-disable-http-challenge -disable-http-challenge
-disable-tls-sni-challenge -disable-tls-alpn-challenge
-root {{ directory_csr_id }} -root {{ directory_csr_id }}
wrapper-path = {{ service_directory }}/expose-csr_id wrapper-path = {{ service_directory }}/expose-csr_id
......
...@@ -9,6 +9,7 @@ if [ ! -f $PIDFILE ]; then ...@@ -9,6 +9,7 @@ if [ ! -f $PIDFILE ]; then
echo $PID > $PIDFILE echo $PID > $PIDFILE
sleep {{ wait_time }} sleep {{ wait_time }}
{{ lazy_command }} {{ lazy_command }}
rm -f $PIDFILE
else else
ps --pid `cat $PIDFILE` &>/dev/null ps --pid `cat $PIDFILE` &>/dev/null
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
...@@ -17,6 +18,7 @@ else ...@@ -17,6 +18,7 @@ else
echo $PID > $PIDFILE echo $PID > $PIDFILE
sleep {{ wait_time }} sleep {{ wait_time }}
{{ lazy_command }} {{ lazy_command }}
rm -f $PIDFILE
fi fi
fi fi
#!${dash:location}/bin/dash
config="$1"
echo -e $config | ${caddy:output} -conf stdin -validate > /dev/null 2>&1
...@@ -26,25 +26,11 @@ ...@@ -26,25 +26,11 @@
{%- set default_path = slave_parameter.get('default-path', '').strip('/') | urlencode %} {%- set default_path = slave_parameter.get('default-path', '').strip('/') | urlencode %}
# SSL enabled hosts # SSL enabled hosts
{% set ssl = {} %}
{% if os_module.path.exists(slave_parameter['certificate']) %}
{% do ssl.__setitem__('certificate', slave_parameter['certificate']) %}
{% do ssl.__setitem__('key', slave_parameter['certificate']) %}
{#- BBB: SlapOS Master non-zero knowledge BEGIN -#}
{% elif 'path_to_ssl_crt' in slave_parameter and 'path_to_ssl_key' in slave_parameter %}
{% do ssl.__setitem__('certificate', slave_parameter['path_to_ssl_crt']) %}
{% do ssl.__setitem__('key', slave_parameter['path_to_ssl_key']) %}
{% elif os_module.path.getsize(slave_parameter['apache_certificate']) > 0 and os_module.path.getsize(slave_parameter['apache_key']) > 0 %}
{% do ssl.__setitem__('certificate', slave_parameter['apache_certificate']) %}
{% do ssl.__setitem__('key', slave_parameter['apache_key']) %}
{% endif %}
{#- BBB: SlapOS Master non-zero knowledge END -#}
{% if 'key' in ssl %}
{{ https_host_list|join(', ') }} { {{ https_host_list|join(', ') }} {
bind {{ slave_parameter['local_ipv4'] }} bind {{ slave_parameter['local_ipv4'] }}
# Compress the output # Compress the output
gzip gzip
tls {{ ssl['certificate'] }} {{ ssl['key'] }} { tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
{%- if enable_h2 %} {%- if enable_h2 %}
# Allow HTTP2 # Allow HTTP2
alpn h2 http/1.1 alpn h2 http/1.1
...@@ -53,8 +39,13 @@ ...@@ -53,8 +39,13 @@
alpn http/1.1 alpn http/1.1
{%- endif %} {#- if enable_h2 #} {%- endif %} {#- if enable_h2 #}
} {# tls #} } {# tls #}
log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
errors {{ slave_parameter.get('error_log') }} rotate_size 0
}
errors {{ slave_parameter.get('error_log') }} {
rotate_size 0
}
{%- if not (slave_type == 'zope' and backend_url) %} {%- if not (slave_type == 'zope' and backend_url) %}
{% if prefer_gzip %} {% if prefer_gzip %}
...@@ -189,7 +180,6 @@ ...@@ -189,7 +180,6 @@
{%- endif %} {#- if backend_url #} {%- endif %} {#- if backend_url #}
{%- endif %} {#- if slave_type == 'zope' and backend_url #} {%- endif %} {#- if slave_type == 'zope' and backend_url #}
} {# https_host_list|join(', ') #} } {# https_host_list|join(', ') #}
{% endif %}
# SSL-disabled hosts # SSL-disabled hosts
{{ http_host_list|join(', ') }} { {{ http_host_list|join(', ') }} {
...@@ -197,8 +187,12 @@ ...@@ -197,8 +187,12 @@
# Compress the output # Compress the output
gzip gzip
log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
errors {{ slave_parameter.get('error_log') }} rotate_size 0
}
errors {{ slave_parameter.get('error_log') }} {
rotate_size 0
}
{%- if not (slave_type == 'zope' and backend_url) %} {%- if not (slave_type == 'zope' and backend_url) %}
{%- if prefer_gzip %} {%- if prefer_gzip %}
......
...@@ -5,28 +5,18 @@ ...@@ -5,28 +5,18 @@
{%- set https_upstream = https_url.split("/")[2] %} {%- set https_upstream = https_url.split("/")[2] %}
# SSL-enabled # SSL-enabled
{% set ssl = {} %}
{% if os_module.path.exists(slave_parameter['certificate']) %}
{% do ssl.__setitem__('certificate', slave_parameter['certificate']) %}
{% do ssl.__setitem__('key', slave_parameter['certificate']) %}
{#- BBB: SlapOS Master non-zero knowledge BEGIN -#}
{% elif 'path_to_ssl_crt' in slave_parameter and 'path_to_ssl_key' in slave_parameter %}
{% do ssl.__setitem__('certificate', slave_parameter['path_to_ssl_crt']) %}
{% do ssl.__setitem__('key', slave_parameter['path_to_ssl_key']) %}
{% elif os_module.path.getsize(slave_parameter['apache_certificate']) > 0 and os_module.path.getsize(slave_parameter['apache_key']) > 0 %}
{% do ssl.__setitem__('certificate', slave_parameter['apache_certificate']) %}
{% do ssl.__setitem__('key', slave_parameter['apache_key']) %}
{% endif %}
{#- BBB: SlapOS Master non-zero knowledge END -#}
{% if 'key' in ssl %}
https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_https_port'] }} { https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_https_port'] }} {
bind {{ slave_parameter['local_ipv4'] }} bind {{ slave_parameter['local_ipv4'] }}
# Compress the output # Compress the output
gzip gzip
log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
errors {{ slave_parameter.get('error_log') }} rotate_size 0
}
errors {{ slave_parameter.get('error_log') }} {
rotate_size 0
}
tls {{ ssl['certificate'] }} {{ ssl['key'] }} { tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
alpn http/1.1 alpn http/1.1
} }
...@@ -50,15 +40,18 @@ https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_htt ...@@ -50,15 +40,18 @@ https://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_htt
insecure_skip_verify insecure_skip_verify
} }
} }
{% endif %}
# SSL-disabled # SSL-disabled
http://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_http_port'] }} { http://{{ slave_parameter.get('custom_domain') }}:{{ slave_parameter['nginx_http_port'] }} {
bind {{ slave_parameter['local_ipv4'] }} bind {{ slave_parameter['local_ipv4'] }}
# Compress the output # Compress the output
gzip gzip
log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
errors {{ slave_parameter.get('error_log') }} rotate_size 0
}
errors {{ slave_parameter.get('error_log') }} {
rotate_size 0
}
proxy / {{ upstream }} { proxy / {{ upstream }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s try_duration {{ slave_parameter['proxy_try_duration'] }}s
......
...@@ -58,38 +58,31 @@ ...@@ -58,38 +58,31 @@
import {{ slave_configuration_directory }}/*.conf import {{ slave_configuration_directory }}/*.conf
# Catch-all and 404 for not configured instances # Catch-all and 404 for not configured instances
{%- set ssl = {} -%}
{%- if os_module.path.exists(master_certificate) -%}
{%- do ssl.__setitem__('certificate', master_certificate) -%}
{%- do ssl.__setitem__('key', master_certificate) -%}
{#- BBB: SlapOS Master non-zero knowledge BEGIN -#}
{%- elif os_module.path.getsize(apache_certificate) > 0 and os_module.path.getsize(apache_key) > 0 -%}
{%- do ssl.__setitem__('certificate', apache_certificate) -%}
{%- do ssl.__setitem__('key', apache_key) -%}
{%- endif -%}
{#- BBB: SlapOS Master non-zero knowledge END -#}
# Catch-all and 404 for not configured instances
{% if 'key' in ssl %}
:{{ port }} { :{{ port }} {
tls {{ ssl['certificate'] }} {{ ssl['key'] }} tls {{ master_certificate }} {{ master_certificate }}
bind {{ local_ip }} bind {{ local_ip }}
# Serve an error 204 (No Content) for favicon.ico # Serve an error 204 (No Content) for favicon.ico
status 204 /favicon.ico status 204 /favicon.ico
status 404 / status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ error_log }} { errors {{ error_log }} {
rotate_size 0
* {{ not_found_file }} * {{ not_found_file }}
} }
} }
{% endif %}
:{{ plain_port }} { :{{ plain_port }} {
bind {{ local_ip }} bind {{ local_ip }}
# Serve an error 204 (No Content) for favicon.ico # Serve an error 204 (No Content) for favicon.ico
status 204 /favicon.ico status 204 /favicon.ico
status 404 / status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ error_log }} { errors {{ error_log }} {
rotate_size 0
* {{ not_found_file }} * {{ not_found_file }}
} }
} }
...@@ -4,13 +4,16 @@ https://[{{ parameter_dict['global_ipv6'] }}]:{{ parameter_dict['https_port'] }} ...@@ -4,13 +4,16 @@ https://[{{ parameter_dict['global_ipv6'] }}]:{{ parameter_dict['https_port'] }}
bind {{ parameter_dict['local_ipv4'] }} bind {{ parameter_dict['local_ipv4'] }}
root {{ directory }}/ root {{ directory }}/
browse browse
tls {{ parameter_dict['ip_access_certificate'] }} {{ parameter_dict['ip_access_key'] }} tls {{ parameter_dict['ip_access_certificate'] }} {{ parameter_dict['ip_access_certificate'] }}
basicauth "{{ slave }}" {{ slave_password[slave] | trim }} { basicauth "{{ slave }}" {{ slave_password[slave] | trim }} {
"Log Access {{ slave }}" "Log Access {{ slave }}"
/ /
} }
log / {{ parameter_dict['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ parameter_dict['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ parameter_dict['error_log'] }} { errors {{ parameter_dict['error_log'] }} {
rotate_size 0
* {{ parameter_dict['not_found_file'] }} * {{ parameter_dict['not_found_file'] }}
} }
} }
......
...@@ -359,6 +359,8 @@ class TestDataMixin(object): ...@@ -359,6 +359,8 @@ class TestDataMixin(object):
ignored_plugin_list = [ ignored_plugin_list = [
'__init__.py', # that's not a plugin '__init__.py', # that's not a plugin
'monitor-http-frontend.py', # can't check w/o functioning frontend 'monitor-http-frontend.py', # can't check w/o functioning frontend
# ATS cache fillup can't be really controlled during test run
'trafficserver-cache-availability.py',
] ]
runpromise_bin = os.path.join( runpromise_bin = os.path.join(
self.software_path, 'bin', 'monitor.runpromise') self.software_path, 'bin', 'monitor.runpromise')
...@@ -690,6 +692,31 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -690,6 +692,31 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
verify=cls.ca_certificate_file) verify=cls.ca_certificate_file)
assert upload.status_code == httplib.CREATED assert upload.status_code == httplib.CREATED
@classmethod
def runKedifaUpdater(cls):
kedifa_updater = None
for kedifa_updater in sorted(glob.glob(
os.path.join(
cls.instance_path, '*', 'etc', 'service', 'kedifa-updater*'))):
# fetch first kedifa-updater, as by default most of the tests are using
# only one running partition; in case if test does not need
# kedifa-updater this method can be overridden
break
if kedifa_updater is not None:
# try few times kedifa_updater
for i in range(10):
return_code, output = subprocess_status_output(
[kedifa_updater, '--once'])
if return_code == 0:
break
# wait for the other updater to work
time.sleep(2)
# assert that in the worst case last run was correct
assert return_code == 0, output
# give caddy a moment to refresh its config, as sending signal does not
# block until caddy is refreshed
time.sleep(2)
@classmethod @classmethod
def untilSlavePartitionReady(cls): def untilSlavePartitionReady(cls):
for slave_reference, partition_parameter_kw in cls\ for slave_reference, partition_parameter_kw in cls\
...@@ -724,6 +751,11 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -724,6 +751,11 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
# run partition for slaves to be setup # run partition for slaves to be setup
cls.runComputerPartitionUntil( cls.runComputerPartitionUntil(
cls.untilSlavePartitionReady) cls.untilSlavePartitionReady)
cls.runKedifaUpdater()
# run once more slapos node instance, as kedifa-updater sets up
# certificates needed for caddy-frontend, and on this moment it can be
# not started yet
cls.runComputerPartition(max_quantity=1)
for slave_reference, partition_parameter_kw in cls\ for slave_reference, partition_parameter_kw in cls\
.getSlaveParameterDictDict().items(): .getSlaveParameterDictDict().items():
slave_instance = request( slave_instance = request(
...@@ -1205,25 +1237,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1205,25 +1237,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
partition_path = self.getMasterPartitionPath() partition_path = self.getMasterPartitionPath()
self.assertEqual(
set([
'promise-monitor-httpd-is-process-older-than-dependency-set',
]),
set(os.listdir(os.path.join(partition_path, 'etc', 'promise'))))
self.assertEqual(
set([
'monitor-bootstrap-status.py',
'check-free-disk-space.py',
'monitor-http-frontend.py',
'monitor-httpd-listening-on-tcp.py',
'buildout-T-0-status.py',
'__init__.py',
]),
set([
q for q in os.listdir(os.path.join(partition_path, 'etc', 'plugin'))
if not q.endswith('.pyc')]))
# check that monitor cors domains are correctly setup by file presence, as # check that monitor cors domains are correctly setup by file presence, as
# we trust monitor stack being tested in proper place and it is too hard # we trust monitor stack being tested in proper place and it is too hard
# to have working monitor with local proxy # to have working monitor with local proxy
...@@ -1616,9 +1629,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1616,9 +1629,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
data=data, data=data,
verify=self.ca_certificate_file) verify=self.ca_certificate_file)
self.assertEqual(httplib.CREATED, upload.status_code) self.assertEqual(httplib.CREATED, upload.status_code)
self.runKedifaUpdater()
# after partitions being processed the key will be used for this slave
self.runComputerPartition(max_quantity=1)
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
...@@ -1631,7 +1642,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1631,7 +1642,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
certificate_file_list = glob.glob(os.path.join( certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'srv', 'autocert', self.instance_path, '*', 'srv', 'autocert',
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt', 'certificate.pem')) '_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.pem'))
self.assertEqual(1, len(certificate_file_list)) self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0] certificate_file = certificate_file_list[0]
with open(certificate_file) as out: with open(certificate_file) as out:
...@@ -1700,9 +1711,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1700,9 +1711,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
verify=self.ca_certificate_file) verify=self.ca_certificate_file)
self.assertEqual(httplib.CREATED, upload.status_code) self.assertEqual(httplib.CREATED, upload.status_code)
self.runKedifaUpdater()
# after partitions being processed the key will be used for this slave
self.runComputerPartition(max_quantity=1)
with self.assertRaises(requests.exceptions.SSLError): with self.assertRaises(requests.exceptions.SSLError):
self.fakeHTTPSResult( self.fakeHTTPSResult(
...@@ -1710,7 +1719,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1710,7 +1719,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
certificate_file_list = glob.glob(os.path.join( certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'srv', 'autocert', self.instance_path, '*', 'srv', 'autocert',
'_ssl_ca_crt_garbage', 'certificate.pem')) '_ssl_ca_crt_garbage.pem'))
self.assertEqual(1, len(certificate_file_list)) self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0] certificate_file = certificate_file_list[0]
with open(certificate_file) as out: with open(certificate_file) as out:
...@@ -1746,9 +1755,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1746,9 +1755,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
verify=self.ca_certificate_file) verify=self.ca_certificate_file)
self.assertEqual(httplib.CREATED, upload.status_code) self.assertEqual(httplib.CREATED, upload.status_code)
self.runKedifaUpdater()
# after partitions being processed the key will be used for this slave
self.runComputerPartition(max_quantity=1)
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
...@@ -1761,7 +1768,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1761,7 +1768,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
certificate_file_list = glob.glob(os.path.join( certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'srv', 'autocert', self.instance_path, '*', 'srv', 'autocert',
'_ssl_ca_crt_does_not_match', 'certificate.pem')) '_ssl_ca_crt_does_not_match.pem'))
self.assertEqual(1, len(certificate_file_list)) self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0] certificate_file = certificate_file_list[0]
with open(certificate_file) as out: with open(certificate_file) as out:
...@@ -1863,9 +1870,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1863,9 +1870,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
data=data, data=data,
verify=self.ca_certificate_file) verify=self.ca_certificate_file)
self.assertEqual(httplib.CREATED, upload.status_code) self.assertEqual(httplib.CREATED, upload.status_code)
self.runKedifaUpdater()
# after partitions being processed the key will be used for this slave
self.runComputerPartition(max_quantity=1)
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
...@@ -3593,6 +3598,10 @@ class TestDefaultMonitorHttpdPort(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3593,6 +3598,10 @@ class TestDefaultMonitorHttpdPort(SlaveHttpFrontendTestCase, TestDataMixin):
'caucase_port': CAUCASE_PORT, 'caucase_port': CAUCASE_PORT,
} }
@classmethod
def runKedifaUpdater(cls):
return
@classmethod @classmethod
def getSlaveParameterDictDict(cls): def getSlaveParameterDictDict(cls):
return { return {
...@@ -3633,8 +3642,6 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3633,8 +3642,6 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': SLAPOS_TEST_IPV4, 'public-ipv4': SLAPOS_TEST_IPV4,
'enable-quic': 'true', 'enable-quic': 'true',
'-frontend-authorized-slave-string':
'_apache_custom_http_s-accepted _caddy_custom_http_s-accepted',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'nginx_port': NGINX_HTTPS_PORT, 'nginx_port': NGINX_HTTPS_PORT,
...@@ -3654,20 +3661,6 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3654,20 +3661,6 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
}, },
} }
def getMasterPartitionPath(self):
# partition w/o etc/trafficserver, but with buildout.cfg
return [
q for q in glob.glob(os.path.join(self.instance_path, '*',))
if not os.path.exists(
os.path.join(q, 'etc', 'trafficserver')) and os.path.exists(
os.path.join(q, 'buildout.cfg'))][0]
def getSlavePartitionPath(self):
# partition w/ etc/trafficserver
return [
q for q in glob.glob(os.path.join(self.instance_path, '*',))
if os.path.exists(os.path.join(q, 'etc', 'trafficserver'))][0]
# It is known problem that QUIC does not work after sending reload signal, # It is known problem that QUIC does not work after sending reload signal,
# SIGUSR1, see https://github.com/mholt/caddy/issues/2394 # SIGUSR1, see https://github.com/mholt/caddy/issues/2394
@expectedFailure @expectedFailure
...@@ -3746,7 +3739,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3746,7 +3739,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
'domain': 'example.com', 'domain': 'example.com',
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': SLAPOS_TEST_IPV4, 'public-ipv4': SLAPOS_TEST_IPV4,
'-frontend-authorized-slave-string': '_caddy_custom_http_s-reject',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'nginx_port': NGINX_HTTPS_PORT, 'nginx_port': NGINX_HTTPS_PORT,
...@@ -3761,16 +3753,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3761,16 +3753,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod @classmethod
def getSlaveParameterDictDict(cls): def getSlaveParameterDictDict(cls):
return { return {
'caddy_custom_http_s-reject': {
'caddy_custom_https': """DestroyCaddyHttps
For sure
This shall not be valid
https://www.google.com {}""",
'caddy_custom_http': """DestroyCaddyHttp
For sure
This shall not be valid
https://www.google.com {}""",
},
're6st-optimal-test-nocomma': { 're6st-optimal-test-nocomma': {
're6st-optimal-test': 'nocomma', 're6st-optimal-test': 'nocomma',
}, },
...@@ -3822,12 +3804,9 @@ https://www.google.com {}""", ...@@ -3822,12 +3804,9 @@ https://www.google.com {}""",
'kedifa-caucase-url': 'http://[%s]:%s' % ( 'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT), SLAPOS_TEST_IPV6, CAUCASE_PORT),
'accepted-slave-amount': '8', 'accepted-slave-amount': '8',
'rejected-slave-amount': '3', 'rejected-slave-amount': '2',
'slave-amount': '11', 'slave-amount': '10',
'rejected-slave-dict': { 'rejected-slave-dict': {
'_caddy_custom_http_s-reject': [
'slave caddy_custom_http configuration invalid',
'slave caddy_custom_https configuration invalid'],
'_custom_domain-unsafe': [ '_custom_domain-unsafe': [
"custom_domain '${section:option} afterspace\\nafternewline' invalid" "custom_domain '${section:option} afterspace\\nafternewline' invalid"
], ],
...@@ -4147,18 +4126,6 @@ https://www.google.com {}""", ...@@ -4147,18 +4126,6 @@ https://www.google.com {}""",
} }
) )
def test_caddy_custom_http_s_reject(self):
parameter_dict = self.parseSlaveParameterDict('caddy_custom_http_s-reject')
self.assertEqual(
{
'request-error-list': [
"slave caddy_custom_http configuration invalid",
"slave caddy_custom_https configuration invalid"
]
},
parameter_dict
)
class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin): class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod @classmethod
...@@ -4167,7 +4134,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4167,7 +4134,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
'domain': 'example.com', 'domain': 'example.com',
'nginx-domain': 'nginx.example.com', 'nginx-domain': 'nginx.example.com',
'public-ipv4': SLAPOS_TEST_IPV4, 'public-ipv4': SLAPOS_TEST_IPV4,
'-frontend-authorized-slave-string': '_caddy_custom_http_s-reject',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'nginx_port': NGINX_HTTPS_PORT, 'nginx_port': NGINX_HTTPS_PORT,
...@@ -4211,7 +4177,7 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4211,7 +4177,7 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
'rejected-slave-amount': '3', 'rejected-slave-amount': '3',
'slave-amount': '4', 'slave-amount': '4',
'rejected-slave-dict': { 'rejected-slave-dict': {
'_site_1': ["custom_domain 'duplicate.example.com' clashes"], '_site_2': ["custom_domain 'duplicate.example.com' clashes"],
'_site_3': ["server-alias 'duplicate.example.com' clashes"], '_site_3': ["server-alias 'duplicate.example.com' clashes"],
'_site_4': ["custom_domain 'duplicate.example.com' clashes"] '_site_4': ["custom_domain 'duplicate.example.com' clashes"]
} }
...@@ -4224,15 +4190,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4224,15 +4190,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
def test_site_1(self): def test_site_1(self):
parameter_dict = self.parseSlaveParameterDict('site_1') parameter_dict = self.parseSlaveParameterDict('site_1')
self.assertEqual(
{
'request-error-list': ["custom_domain 'duplicate.example.com' clashes"]
},
parameter_dict
)
def test_site_2(self):
parameter_dict = self.parseSlaveParameterDict('site_2')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict) self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual( self.assertEqual(
...@@ -4247,6 +4204,15 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4247,6 +4204,15 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict parameter_dict
) )
def test_site_2(self):
parameter_dict = self.parseSlaveParameterDict('site_2')
self.assertEqual(
{
'request-error-list': ["custom_domain 'duplicate.example.com' clashes"]
},
parameter_dict
)
def test_site_3(self): def test_site_3(self):
parameter_dict = self.parseSlaveParameterDict('site_3') parameter_dict = self.parseSlaveParameterDict('site_3')
self.assertEqual( self.assertEqual(
...@@ -4487,9 +4453,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster( ...@@ -4487,9 +4453,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
master_parameter_dict['master-key-upload-url'] + auth.text, master_parameter_dict['master-key-upload-url'] + auth.text,
data=key_pem + certificate_pem, data=key_pem + certificate_pem,
verify=self.ca_certificate_file) verify=self.ca_certificate_file)
self.runKedifaUpdater()
# after partitions being processed the key will be used for this slave
self.runComputerPartition(max_quantity=1)
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
...@@ -4780,9 +4744,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -4780,9 +4744,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
data=data, data=data,
verify=self.ca_certificate_file) verify=self.ca_certificate_file)
self.assertEqual(httplib.CREATED, upload.status_code) self.assertEqual(httplib.CREATED, upload.status_code)
self.runKedifaUpdater()
# after partitions being processed the key will be used for this slave
self.runComputerPartition(max_quantity=1)
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
...@@ -4874,8 +4836,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -4874,8 +4836,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
verify=self.ca_certificate_file) verify=self.ca_certificate_file)
self.assertEqual(httplib.CREATED, upload.status_code) self.assertEqual(httplib.CREATED, upload.status_code)
# after partitions being processed the key will be used for this slave self.runKedifaUpdater()
self.runComputerPartition(max_quantity=1)
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
...@@ -4959,8 +4920,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -4959,8 +4920,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
verify=self.ca_certificate_file) verify=self.ca_certificate_file)
self.assertEqual(httplib.CREATED, upload.status_code) self.assertEqual(httplib.CREATED, upload.status_code)
# after partitions being processed the key will be used for this slave self.runKedifaUpdater()
self.runComputerPartition(max_quantity=1)
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
...@@ -5053,8 +5013,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5053,8 +5013,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
verify=self.ca_certificate_file) verify=self.ca_certificate_file)
self.assertEqual(httplib.CREATED, upload.status_code) self.assertEqual(httplib.CREATED, upload.status_code)
# after partitions being processed the key will be used for this slave self.runKedifaUpdater()
self.runComputerPartition(max_quantity=1)
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path', parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
...@@ -5143,23 +5102,15 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5143,23 +5102,15 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
certificate_file_list = glob.glob(os.path.join( certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d', 'ssl', self.instance_path, '*', 'srv', 'bbb-ssl',
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.crt')) '_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.crt'))
self.assertEqual(1, len(certificate_file_list)) self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0] certificate_file = certificate_file_list[0]
with open(certificate_file) as out: with open(certificate_file) as out:
expected = self.customdomain_ca_certificate_pem + '\n' + \
self.ca.certificate_pem + '\n' + self.customdomain_ca_key_pem
self.assertEqual( self.assertEqual(
self.customdomain_ca_certificate_pem + '\n' + self.ca.certificate_pem, expected,
out.read()
)
key_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d', 'ssl',
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.key'))
self.assertEqual(1, len(key_file_list))
key_file = key_file_list[0]
with open(key_file) as out:
self.assertEqual(
self.customdomain_ca_key_pem,
out.read() out.read()
) )
...@@ -5186,6 +5137,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5186,6 +5137,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
) )
self.runComputerPartition(max_quantity=1) self.runComputerPartition(max_quantity=1)
self.runKedifaUpdater()
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
...@@ -5196,23 +5148,15 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5196,23 +5148,15 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
certificate_file_list = glob.glob(os.path.join( certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d', 'ssl', self.instance_path, '*', 'srv', 'bbb-ssl',
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.crt')) '_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.crt'))
self.assertEqual(1, len(certificate_file_list)) self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0] certificate_file = certificate_file_list[0]
with open(certificate_file) as out: with open(certificate_file) as out:
expected = customdomain_ca_certificate_pem + '\n' + ca.certificate_pem \
+ '\n' + customdomain_ca_key_pem
self.assertEqual( self.assertEqual(
customdomain_ca_certificate_pem + '\n' + ca.certificate_pem, expected,
out.read()
)
key_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d', 'ssl',
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.key'))
self.assertEqual(1, len(key_file_list))
key_file = key_file_list[0]
with open(key_file) as out:
self.assertEqual(
customdomain_ca_key_pem,
out.read() out.read()
) )
...@@ -5271,23 +5215,15 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5271,23 +5215,15 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
der2pem(result.peercert)) der2pem(result.peercert))
certificate_file_list = glob.glob(os.path.join( certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d', 'ssl', self.instance_path, '*', 'srv', 'bbb-ssl',
'_ssl_ca_crt_does_not_match.crt')) '_ssl_ca_crt_does_not_match.crt'))
self.assertEqual(1, len(certificate_file_list)) self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0] certificate_file = certificate_file_list[0]
with open(certificate_file) as out: with open(certificate_file) as out:
expected = self.certificate_pem + '\n' + self.ca.certificate_pem + \
'\n' + self.key_pem
self.assertEqual( self.assertEqual(
self.certificate_pem + '\n' + self.ca.certificate_pem, expected,
out.read()
)
key_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d', 'ssl',
'_ssl_ca_crt_does_not_match.key'))
self.assertEqual(1, len(key_file_list))
key_file = key_file_list[0]
with open(key_file) as out:
self.assertEqual(
self.key_pem,
out.read() out.read()
) )
...@@ -5417,6 +5353,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate( ...@@ -5417,6 +5353,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
}) })
self.runComputerPartition(max_quantity=1) self.runComputerPartition(max_quantity=1)
self.runKedifaUpdater()
result = self.fakeHTTPSResult( result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
......
...@@ -12,14 +12,13 @@ T-2/etc/plugin/caddy_ssl_cached.py: OK ...@@ -12,14 +12,13 @@ T-2/etc/plugin/caddy_ssl_cached.py: OK
T-2/etc/plugin/check-_test-error-log-last-day.py: OK T-2/etc/plugin/check-_test-error-log-last-day.py: OK
T-2/etc/plugin/check-_test-error-log-last-hour.py: OK T-2/etc/plugin/check-_test-error-log-last-hour.py: OK
T-2/etc/plugin/check-free-disk-space.py: OK T-2/etc/plugin/check-free-disk-space.py: OK
T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK T-2/etc/plugin/frontend-caddy-configuration-promise.py: ERROR
T-2/etc/plugin/monitor-bootstrap-status.py: OK T-2/etc/plugin/monitor-bootstrap-status.py: OK
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/nginx-configuration-promise.py: OK T-2/etc/plugin/nginx-configuration-promise.py: ERROR
T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful STOPPED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful STOPPED
T-2:frontend_caddy-{hash}-on-watch STOPPED T-2:frontend_caddy-{hash}-on-watch STOPPED
T-2:frontend_nginx-{hash}-on-watch STOPPED T-2:frontend_nginx-{hash}-on-watch STOPPED
T-2:kedifa-login-certificate-caucase-updater-on-watch STOPPED T-2:kedifa-login-certificate-caucase-updater-on-watch STOPPED
T-2:kedifa-updater-{hash}-on-watch STOPPED
T-2:monitor-httpd-{hash}-on-watch STOPPED T-2:monitor-httpd-{hash}-on-watch STOPPED
T-2:monitor-httpd-graceful STOPPED T-2:monitor-httpd-graceful STOPPED
T-2:trafficserver-{hash}-on-watch STOPPED T-2:trafficserver-{hash}-on-watch STOPPED
......
...@@ -4,8 +4,8 @@ T-1/var/log/expose-csr_id.log ...@@ -4,8 +4,8 @@ T-1/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_site_2_access_log T-2/var/log/httpd/_site_1_access_log
T-2/var/log/httpd/_site_2_error_log T-2/var/log/httpd/_site_1_error_log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/nginx-access.log T-2/var/log/nginx-access.log
T-2/var/log/nginx-error.log T-2/var/log/nginx-error.log
......
...@@ -9,8 +9,8 @@ T-2/etc/plugin/caddy_frontend_ipv4_https.py: OK ...@@ -9,8 +9,8 @@ T-2/etc/plugin/caddy_frontend_ipv4_https.py: OK
T-2/etc/plugin/caddy_frontend_ipv6_http.py: OK T-2/etc/plugin/caddy_frontend_ipv6_http.py: OK
T-2/etc/plugin/caddy_frontend_ipv6_https.py: OK T-2/etc/plugin/caddy_frontend_ipv6_https.py: OK
T-2/etc/plugin/caddy_ssl_cached.py: ERROR T-2/etc/plugin/caddy_ssl_cached.py: ERROR
T-2/etc/plugin/check-_site_2-error-log-last-day.py: OK T-2/etc/plugin/check-_site_1-error-log-last-day.py: OK
T-2/etc/plugin/check-_site_2-error-log-last-hour.py: OK T-2/etc/plugin/check-_site_1-error-log-last-hour.py: OK
T-2/etc/plugin/check-free-disk-space.py: OK T-2/etc/plugin/check-free-disk-space.py: OK
T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
T-2/etc/plugin/monitor-bootstrap-status.py: OK T-2/etc/plugin/monitor-bootstrap-status.py: OK
...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -25,5 +25,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -25,5 +25,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -25,5 +25,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -25,5 +25,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -25,5 +25,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -25,5 +25,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -25,5 +25,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -25,5 +25,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
T-0/var/log/monitor-httpd-error.log T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log T-1/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/nginx-access.log T-2/var/log/nginx-access.log
T-2/var/log/nginx-error.log T-2/var/log/nginx-error.log
......
...@@ -4,6 +4,7 @@ T-1/var/run/kedifa.pid ...@@ -4,6 +4,7 @@ T-1/var/run/kedifa.pid
T-2/var/run/caddy_graceful_signature T-2/var/run/caddy_graceful_signature
T-2/var/run/caddy_validate_signature T-2/var/run/caddy_validate_signature
T-2/var/run/caddy_validate_signature.status T-2/var/run/caddy_validate_signature.status
T-2/var/run/httpd.pid
T-2/var/run/monitor/monitor-bootstrap.pid T-2/var/run/monitor/monitor-bootstrap.pid
T-2/var/run/nginx.pid T-2/var/run/nginx.pid
T-2/var/run/nginx_graceful_signature T-2/var/run/nginx_graceful_signature
......
...@@ -4,20 +4,19 @@ T-0/etc/plugin/monitor-bootstrap-status.py: OK ...@@ -4,20 +4,19 @@ T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/buildout-T-2-status.py: OK T-2/etc/plugin/buildout-T-2-status.py: OK
T-2/etc/plugin/caddy_cached.py: ERROR T-2/etc/plugin/caddy_cached.py: ERROR
T-2/etc/plugin/caddy_frontend_ipv4_http.py: ERROR T-2/etc/plugin/caddy_frontend_ipv4_http.py: OK
T-2/etc/plugin/caddy_frontend_ipv4_https.py: ERROR T-2/etc/plugin/caddy_frontend_ipv4_https.py: OK
T-2/etc/plugin/caddy_frontend_ipv6_http.py: OK T-2/etc/plugin/caddy_frontend_ipv6_http.py: OK
T-2/etc/plugin/caddy_frontend_ipv6_https.py: OK T-2/etc/plugin/caddy_frontend_ipv6_https.py: OK
T-2/etc/plugin/caddy_ssl_cached.py: ERROR T-2/etc/plugin/caddy_ssl_cached.py: ERROR
T-2/etc/plugin/check-free-disk-space.py: OK T-2/etc/plugin/check-free-disk-space.py: OK
T-2/etc/plugin/frontend-caddy-configuration-promise.py: ERROR T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
T-2/etc/plugin/monitor-bootstrap-status.py: OK T-2/etc/plugin/monitor-bootstrap-status.py: OK
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/nginx-configuration-promise.py: OK T-2/etc/plugin/nginx-configuration-promise.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_https.py: ERROR T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -20,9 +20,10 @@ T-2:crond-{hash}-on-watch RUNNING ...@@ -20,9 +20,10 @@ T-2:crond-{hash}-on-watch RUNNING
T-2:expose-csr_id-{hash}-on-watch RUNNING T-2:expose-csr_id-{hash}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend-nginx-safe-graceful EXITED T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch EXITED T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch EXITED T-2:monitor-httpd-{hash}-on-watch EXITED
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
T-0/var/log/monitor-httpd-error.log T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log T-1/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/nginx-access.log T-2/var/log/nginx-access.log
T-2/var/log/nginx-error.log T-2/var/log/nginx-error.log
......
...@@ -4,6 +4,7 @@ T-1/var/run/kedifa.pid ...@@ -4,6 +4,7 @@ T-1/var/run/kedifa.pid
T-2/var/run/caddy_graceful_signature T-2/var/run/caddy_graceful_signature
T-2/var/run/caddy_validate_signature T-2/var/run/caddy_validate_signature
T-2/var/run/caddy_validate_signature.status T-2/var/run/caddy_validate_signature.status
T-2/var/run/httpd.pid
T-2/var/run/monitor/monitor-bootstrap.pid T-2/var/run/monitor/monitor-bootstrap.pid
T-2/var/run/nginx.pid T-2/var/run/nginx.pid
T-2/var/run/nginx_graceful_signature T-2/var/run/nginx_graceful_signature
......
...@@ -4,20 +4,19 @@ T-0/etc/plugin/monitor-bootstrap-status.py: OK ...@@ -4,20 +4,19 @@ T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/buildout-T-2-status.py: OK T-2/etc/plugin/buildout-T-2-status.py: OK
T-2/etc/plugin/caddy_cached.py: ERROR T-2/etc/plugin/caddy_cached.py: ERROR
T-2/etc/plugin/caddy_frontend_ipv4_http.py: ERROR T-2/etc/plugin/caddy_frontend_ipv4_http.py: OK
T-2/etc/plugin/caddy_frontend_ipv4_https.py: ERROR T-2/etc/plugin/caddy_frontend_ipv4_https.py: OK
T-2/etc/plugin/caddy_frontend_ipv6_http.py: OK T-2/etc/plugin/caddy_frontend_ipv6_http.py: OK
T-2/etc/plugin/caddy_frontend_ipv6_https.py: OK T-2/etc/plugin/caddy_frontend_ipv6_https.py: OK
T-2/etc/plugin/caddy_ssl_cached.py: ERROR T-2/etc/plugin/caddy_ssl_cached.py: ERROR
T-2/etc/plugin/check-free-disk-space.py: OK T-2/etc/plugin/check-free-disk-space.py: OK
T-2/etc/plugin/frontend-caddy-configuration-promise.py: ERROR T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
T-2/etc/plugin/monitor-bootstrap-status.py: OK T-2/etc/plugin/monitor-bootstrap-status.py: OK
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK T-2/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-2/etc/plugin/nginx-configuration-promise.py: OK T-2/etc/plugin/nginx-configuration-promise.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK T-2/etc/plugin/nginx_frontend_ipv4_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv4_https.py: ERROR T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -20,9 +20,10 @@ T-2:crond-{hash}-on-watch RUNNING ...@@ -20,9 +20,10 @@ T-2:crond-{hash}-on-watch RUNNING
T-2:expose-csr_id-{hash}-on-watch RUNNING T-2:expose-csr_id-{hash}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend-nginx-safe-graceful EXITED T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch EXITED T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch EXITED T-2:monitor-httpd-{hash}-on-watch EXITED
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: ERROR T-2/etc/plugin/re6st-connectivity.py: ERROR
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -21,7 +21,6 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -21,7 +21,6 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
T-3/etc/plugin/buildout-T-3-status.py: OK T-3/etc/plugin/buildout-T-3-status.py: OK
T-3/etc/plugin/caddy_cached.py: OK T-3/etc/plugin/caddy_cached.py: OK
...@@ -33,14 +32,13 @@ T-3/etc/plugin/caddy_ssl_cached.py: OK ...@@ -33,14 +32,13 @@ T-3/etc/plugin/caddy_ssl_cached.py: OK
T-3/etc/plugin/check-_replicate-error-log-last-day.py: OK T-3/etc/plugin/check-_replicate-error-log-last-day.py: OK
T-3/etc/plugin/check-_replicate-error-log-last-hour.py: OK T-3/etc/plugin/check-_replicate-error-log-last-hour.py: OK
T-3/etc/plugin/check-free-disk-space.py: OK T-3/etc/plugin/check-free-disk-space.py: OK
T-3/etc/plugin/frontend-caddy-configuration-promise.py: OK T-3/etc/plugin/frontend-caddy-configuration-promise.py: ERROR
T-3/etc/plugin/monitor-bootstrap-status.py: OK T-3/etc/plugin/monitor-bootstrap-status.py: OK
T-3/etc/plugin/monitor-httpd-listening-on-tcp.py: OK T-3/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-3/etc/plugin/nginx-configuration-promise.py: OK T-3/etc/plugin/nginx-configuration-promise.py: ERROR
T-3/etc/plugin/nginx_frontend_ipv4_http.py: OK T-3/etc/plugin/nginx_frontend_ipv4_http.py: OK
T-3/etc/plugin/nginx_frontend_ipv4_https.py: OK T-3/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-3/etc/plugin/nginx_frontend_ipv6_http.py: OK T-3/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-3/etc/plugin/nginx_frontend_ipv6_https.py: OK T-3/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-3/etc/plugin/re6st-connectivity.py: OK T-3/etc/plugin/re6st-connectivity.py: OK
T-3/etc/plugin/trafficserver-cache-availability.py: ERROR
T-3/etc/plugin/trafficserver-port-listening.py: OK T-3/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
...@@ -42,6 +43,7 @@ T-3:frontend-nginx-safe-graceful STOPPED ...@@ -42,6 +43,7 @@ T-3:frontend-nginx-safe-graceful STOPPED
T-3:frontend_caddy-{hash}-on-watch STOPPED T-3:frontend_caddy-{hash}-on-watch STOPPED
T-3:frontend_nginx-{hash}-on-watch STOPPED T-3:frontend_nginx-{hash}-on-watch STOPPED
T-3:kedifa-login-certificate-caucase-updater-on-watch STOPPED T-3:kedifa-login-certificate-caucase-updater-on-watch STOPPED
T-3:kedifa-updater-{hash}-on-watch STOPPED
T-3:monitor-httpd-{hash}-on-watch STOPPED T-3:monitor-httpd-{hash}-on-watch STOPPED
T-3:monitor-httpd-graceful STOPPED T-3:monitor-httpd-graceful STOPPED
T-3:trafficserver-{hash}-on-watch STOPPED T-3:trafficserver-{hash}-on-watch STOPPED
......
...@@ -112,5 +112,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -112,5 +112,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -38,5 +38,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -38,5 +38,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -112,5 +112,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -112,5 +112,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -43,5 +43,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -43,5 +43,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK ...@@ -21,5 +21,4 @@ T-2/etc/plugin/nginx_frontend_ipv4_https.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK T-2/etc/plugin/nginx_frontend_ipv6_http.py: OK
T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK T-2/etc/plugin/nginx_frontend_ipv6_https.py: OK
T-2/etc/plugin/re6st-connectivity.py: OK T-2/etc/plugin/re6st-connectivity.py: OK
T-2/etc/plugin/trafficserver-cache-availability.py: OK
T-2/etc/plugin/trafficserver-port-listening.py: OK T-2/etc/plugin/trafficserver-port-listening.py: OK
\ No newline at end of file
...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED ...@@ -23,6 +23,7 @@ T-2:frontend-nginx-safe-graceful EXITED
T-2:frontend_caddy-{hash}-on-watch RUNNING T-2:frontend_caddy-{hash}-on-watch RUNNING
T-2:frontend_nginx-{hash}-on-watch RUNNING T-2:frontend_nginx-{hash}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash}-on-watch RUNNING
T-2:monitor-httpd-{hash}-on-watch RUNNING T-2:monitor-httpd-{hash}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash}-on-watch RUNNING T-2:trafficserver-{hash}-on-watch RUNNING
......
...@@ -19,4 +19,4 @@ md5sum = c4ac5de141ae6a64848309af03e51d88 ...@@ -19,4 +19,4 @@ md5sum = c4ac5de141ae6a64848309af03e51d88
[template-selenium] [template-selenium]
filename = instance-selenium.cfg.in filename = instance-selenium.cfg.in
md5sum = fe248a36cd1908fb04b2cbb334c878ff md5sum = 4179c998a71bd87b0f0bd624d545071b
...@@ -114,10 +114,8 @@ bytes = 12 ...@@ -114,10 +114,8 @@ bytes = 12
[selenium-server-frontend-config] [selenium-server-frontend-config]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
rendered = $${directory:etc}/$${:_buildout_section_name_} rendered = $${directory:etc}/$${:_buildout_section_name_}
# Catch-all simple frontend, as it can serve on different interface then accessed one, by
# using "*" as hostname
template = inline: template = inline:
https://*:$${:port} { https://[$${:ip}]:$${:port} {
bind $${:ip} bind $${:ip}
tls self_signed # TODO tls self_signed # TODO
proxy / $${selenium-server-hub-instance:base-url} { proxy / $${selenium-server-hub-instance:base-url} {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment