caddy-frontend: Use jinja2 to generate caddy-wrapper

As infromation passed to caddy-wrapper comes also from the network it has to be templated using jinja2 in order to dump variables correctly.

caddy-frontend: Use jinja2 to generate caddy-wrapper
As infromation passed to caddy-wrapper comes also from the network it has to be templated using jinja2 in order to dump variables correctly.
66742874 · Łukasz Nowak · 1730555b · 66742874 · 66742874 · 66742874
Commit 66742874 authored May 30, 2018 by Łukasz Nowak
4 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e

 [template-apache-frontend]
 filename = instance-apache-frontend.cfg
-md5sum = 0f9d764e1c4c5e345cdb90390c9d90b6
+md5sum = 6a2a0ada0bf281a725712b9c29a12b34

 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -73,6 +73,10 @@ md5sum = c2314c3a9c3412a38d14b312d3df83c1
 filename = templates/wrapper.in
 md5sum = 8cde04bfd0c0e9bd56744b988275cfd8

+[template-caddy-wrapper]
+filename = templates/caddy-wrapper.in
+md5sum = 30921eb4be1dc867f9f6749688e6098a
+
 [template-trafficserver-records-config]
 filename = templates/trafficserver/records.config.jinja2
 md5sum = 84baef0a49c9a65e8f2d2ffdb8c1d39c

--- a/software/caddy-frontend/common.cfg
+++ b/software/caddy-frontend/common.cfg
@@ -100,6 +100,12 @@ filename = template-log-access.conf.in
 <=download-template
 filename = empty.in

+[template-caddy-wrapper]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/templates/caddy-wrapper.in
+output = ${buildout:directory}/template-caddy-wrapper.cfg
+mode = 0644
+
 [template-wrapper]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/templates/wrapper.in

--- a/software/caddy-frontend/instance-apache-frontend.cfg
+++ b/software/caddy-frontend/instance-apache-frontend.cfg
@@ -250,24 +250,26 @@ extra-context =
    section frontend_configuration frontend-configuration

 [caddy-wrapper]
-recipe = slapos.cookbook:wrapper
-command-line = ${caddy:output}
-  -conf $${dynamic-apache-frontend-template:rendered}
-  -root $${caddy-directory:document-root}
-  -host $${instance-parameter:configuration.domain}
-  -http-port $${instance-parameter:configuration.plain_http_port}
-  -https-port $${instance-parameter:configuration.port}
-  -log $${apache-configuration:error-log}
-  -http2=$${instance-parameter:configuration.enable-http2-by-default}
-  -grace $${instance-parameter:configuration.mpm-graceful-shutdown-timeout}s
-  -pidfile $${apache-configuration:pid-file}
-  -disable-http-challenge
-  -disable-tls-sni-challenge
-wrapper-path = $${directory:bin}/caddy-wrapper
+< = jinja2-template-base
+template = ${template-caddy-wrapper:output}
+rendered = $${directory:bin}/caddy-wrapper
+mode = 0700
+extra-context =
+    raw caddy ${caddy:output}
+    key conf dynamic-apache-frontend-template:rendered
+    key root caddy-directory:document-root
+    key host instance-parameter:configuration.domain
+    key http_port instance-parameter:configuration.plain_http_port
+    key https_port instance-parameter:configuration.port
+    key content apache-configuration:frontend-graceful-command
+    key log apache-configuration:error-log
+    key http2 instance-parameter:configuration.enable-http2-by-default
+    key grace instance-parameter:configuration.mpm-graceful-shutdown-timeout
+    key pidfile apache-configuration:pid-file

 [apache-frontend]
 recipe = slapos.cookbook:wrapper
-command-line = $${caddy-wrapper:wrapper-path}
+command-line = $${caddy-wrapper:rendered}
 wrapper-path = $${directory:service}/frontend_caddy
 wait-for-files =
 	       $${ca-frontend:cert-file}
@@ -297,7 +299,7 @@ error-log = $${directory:log}/frontend-apache-error.log
 pid-file = $${directory:run}/httpd.pid
 protected-path = /
 access-control-string = none
-frontend-configuration-verification = $${caddy-wrapper:wrapper-path} -validate > /dev/null
+frontend-configuration-verification = $${caddy-wrapper:rendered} -validate > /dev/null
 frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi

 # Comunication with ats
@@ -308,7 +310,7 @@ ssl-cache-through-port = 26012
 # Create wrapper for "apachectl conftest" in bin
 [configtest]
 recipe = slapos.cookbook:wrapper
-command-line = $${caddy-wrapper:wrapper-path} -validate
+command-line = $${caddy-wrapper:rendered} -validate
 wrapper-path = $${directory:bin}/caddy-configtest

 [certificate-authority]
@@ -697,19 +699,21 @@ curl_path = ${curl:location}/bin/curl
 # Nginx
 #
 [nginx-frontend]
-recipe = slapos.cookbook:wrapper
-command-line = ${caddy:output}
-  -conf $${nginx-configuration:output}
-  -host $${instance-parameter:configuration.domain}
-  -root $${caddy-directory:document-root}
-  -http-port $${nginx-configuration:plain_port}
-  -https-port $${nginx-configuration:port}
-  -log $${nginx-configuration:error_log}
-  -http2=$${instance-parameter:configuration.enable-http2-by-default}
-  -pidfile $${nginx-configuration:pid-file}
-  -disable-http-challenge
-  -disable-tls-sni-challenge
-wrapper-path = $${directory:service}/frontend_nginx
+< = jinja2-template-base
+template = ${template-caddy-wrapper:output}
+rendered = $${directory:service}/frontend_nginx
+mode = 0700
+extra-context =
+    raw caddy ${caddy:output}
+    key conf nginx-configuration:output
+    key root caddy-directory:document-root
+    key host instance-parameter:configuration.domain
+    key http_port nginx-configuration:plain_port
+    key https_port nginx-configuration:port
+    key log nginx-configuration:error_log
+    key http2 instance-parameter:configuration.enable-http2-by-default
+    key grace instance-parameter:configuration.mpm-graceful-shutdown-timeout
+    key pidfile nginx-configuration:pid-file

 [nginx-configuration]
 recipe = slapos.recipe.template
@@ -727,7 +731,7 @@ worker_connections = 1024
 slave-configuration-directory = $${caddy-directory:nginx-slave-configuration}
 pid-file = $${directory:run}/nginx.pid 
 nginx-graceful-command = $${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -HUP $(cat $${:pid-file}); fi
-nginx-configuration-verification = $${nginx-frontend:wrapper-path} -validate
+nginx-configuration-verification = $${nginx-frontend:rendered} -validate
 ssl_certificate = $${ca-frontend:cert-file}
 ssl_key = $${ca-frontend:key-file}


--- a/software/caddy-frontend/templates/caddy-wrapper.in
+++ b/software/caddy-frontend/templates/caddy-wrapper.in
+#!${dash-output:dash}
+
+exec {{ caddy }} \
+  -conf {{ conf }} \
+  -root {{ root }} \
+  -host {{ host }} \
+  -http-port {{ http_port }} \
+  -https-port {{ https_port }} \
+  -log {{ log }} \
+  -http2={{ http2 }} \
+  -grace {{ grace }}s \
+  -pidfile {{ pidfile }} \
+  -disable-http-challenge \
+  -disable-tls-sni-challenge \
+  "$@"