- 20 Jul, 2020 1 commit
-
-
Jérome Perrin authored
there was a mistake in 2de4c80f, we should sleep for the min duration of these two
-
- 17 Jul, 2020 14 commits
-
-
Łukasz Nowak authored
This reverts commit 1bd4fc32
-
Łukasz Nowak authored
Frontend can now do SSL client authentication to the backend. This is turned off by default, but easy to enable by proper switch. In order to achieve this result haproxy has been introduced as middleman just before the backend. Also it came with rsyslogd, as haproxy can't log by itself. Documentation has been updated, also changelog has been introduced. A lot of additional tests has been added due to adding additional component (haproxy) which required a bit different ways to approach to the request input data. See merge request nexedi/slapos!771
-
Łukasz Nowak authored
-
Łukasz Nowak authored
-
Łukasz Nowak authored
-
Łukasz Nowak authored
-
Łukasz Nowak authored
-
Łukasz Nowak authored
-
Łukasz Nowak authored
Despite the new system does not support promise failing scenarios, use a simple way to have such configurations in late way and massively test various important cases for rejection, error reporting and similar.
-
Łukasz Nowak authored
-
Łukasz Nowak authored
By default do not offer authentication certificate, the switch authenticate-to-backend can be used on cluster or slave level to control this feature.
-
Łukasz Nowak authored
rsyslogd is used, as haproxy does not support writing log files by its own.
-
Łukasz Nowak authored
This is needed in order to provide future support for client certificates to the backend. Also it means that haproxy is used in all cases, with or without cache, and as a result the "cached" version of caddy is dropped. Let haproxy setup maxconn by itself, as it's wise enough. Also trust that it'll detect and use proper limits, instead enforcing them in the shell with ulimit trick (ulimit -n $(ulimit -Hn)). As empty server alias can impact the configuration, add proper test for checking it.
-
Łukasz Nowak authored
It's required to fetch all dependencies in all cases, as tarball preparation can happen on machine, on which gcc would be used from OS, but in the end package building can happen on machines without proper gcc.
-
- 16 Jul, 2020 3 commits
-
-
Łukasz Nowak authored
In some environments it is required to have gcc provided by SlapOS, and simply forcing seems better than setting bugs min_version.
-
Łukasz Nowak authored
-
Thomas Gambier authored
the name of constructed records should be unique so use the slave reference instead of the "origin" parameter to be sure it is unique. Before this change, if 2 slaves have the same origin parameter "foo.com", we have the following in zone-files.yml: [...] sa.continent.foo.com: - cname: cname.of.slave1.for.sa [...] sa.continent.foo.com: - cname: cname.of.slave2.for.sa So only the cname for slave2 will be used.
-
- 15 Jul, 2020 1 commit
-
-
Jérome Perrin authored
-
- 14 Jul, 2020 9 commits
-
-
Łukasz Nowak authored
Instead of passing various kedifa information to the profile generating configuration use section kedifa-configuration and access later such grouped values.
-
Łukasz Nowak authored
In context of frontend node reuse passed directory section to slave configuration to improve readability and simplify future enhancements.
-
Łukasz Nowak authored
-
Łukasz Nowak authored
This reverts commit 92fd6909, which incorrectly added test assertion files with 'test.test'.
-
Łukasz Nowak authored
Caddy's proxy stanza for defined path with spaces sometimes is working when it's done like this: proxy /path with_spaces ip:port It happens, that few first requests after starting Caddy it's working, but then it fails with error message like: dial tcp: lookup with_spaces on ip: no such host So to stabilise situation now paths are generated like: proxy "/path with_spaces" ip:port
-
Łukasz Nowak authored
ssl_proxy_ca_crt can be just empty value, and that's not acceptable.
-
Łukasz Nowak authored
-
Łukasz Nowak authored
Use @@LOCATION@@ template to provide proper prefix path.
-
Łukasz Nowak authored
-
- 10 Jul, 2020 1 commit
-
-
Jérome Perrin authored
These changes allow to build SlapOS on Debian Buster ppc64el. The PowerPC 64-bits little endian platform appeared more recently into autoconf and therefore needed updated `config.sub` and `config.guess` files. Somehow these only needed to be patched on autoconf itself which is quite dated (2012), and libyaml that does not ship it's own `config.sub` and `config.guess` files. Other components built fine out of the box. `config.sub` and `config.guess` files were taken from Debian Buster itself. More information at: https://wiki.debian.org/AutoTools/autoconf **This merge request would have to be backported to previous releases in the case components reference older releases of SlapOS, which, if I understand correctly, is the case some times.** See merge request !780
-
- 09 Jul, 2020 2 commits
-
-
Leo Le Bouter authored
autoconf and libyaml needed updated config.sub and config.guess files on ppc64le. gnu-config component was created to centralize updated config.sub and config.guess files. autoconf and libyaml now extend gnu-config and overwrite their bundled config.guess and config.sub with gnu-config's. in the future, any component can extend gnu-config to update it's own config.sub and config.guess files if necessary.
-
Jérome Perrin authored
monitor app shows: ![monoring app showing /log url](/uploads/dbb22484f79ed1538a308c640d74c3dc/image.png) but this URL can not be accessed: ![/log URL unauthorized](/uploads/cf74f2d8bb867123c39264d8f7d9de74/image.png) The correct URL looks to be this: ![/share/private/log is OK](/uploads/4775d5d3841d8ffa68d67f2cf2b87b22/image.png) See merge request !785
-
- 08 Jul, 2020 7 commits
-
-
Thomas Gambier authored
This MR includes the following steps: 1. Target Python 3 2. Upgrade powerdns from version 3.3.1 to version 4.2.1 --- which also means... 3. Rework the configuration to support the [new GeoIP backend config format](https://doc.powerdns.com/authoritative/backends/geoip.html) See the commit messages for more detail. Note: EDNS Client Subnet extension is enabled. See merge request !764
-
Bryton Lacquement authored
-
Bryton Lacquement authored
With the recent powerdns upgrade, the GeoIP backend uses a new config format, see zones-file.yml.jinja2. zz.countries.nexedi.dk.rbldnsd (which maps IPs to countries) is replaced by GeoLite2-Country.mmdb(1) (which maps IPs to countries & continents). Note: zz.countries.nexedi.dk.rbldnsd is not deleted (yet?); it is parsed to keep information about China and its IP ranges grouped by ISP. cdn.conf.in (which maps RR(s) to countries) is dropped; it is replaced by an equivalent mapping done inside zones-file.yml.jinja2. Also, EDNS Client Subnet extension is enabled. --- (1): Added in previous commit.
-
Bryton Lacquement authored
-
Bryton Lacquement authored
Note: Only boost>=1.35 and openssl are required to build powerdns from source; ragel, bison and flex are also required if building from git. See https://doc.powerdns.com/authoritative/appendices/compiling.html#dependencies
-
Bryton Lacquement authored
-
Bryton Lacquement authored
-
- 07 Jul, 2020 1 commit
-
-
Jérome Perrin authored
-
- 06 Jul, 2020 1 commit
-
-
Thomas Gambier authored
See merge request nexedi/slapos!781
-