Commit cb5c5b83 authored by Łukasz Nowak's avatar Łukasz Nowak

Caddy: switch to switch-softwaretype

See merge request nexedi/slapos!1013
parents 7d1a32fc 4016bd1e
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 04015a7a552285984d091293ef573fb9 md5sum = 1dfbd20c77fb3c1f01005a8a920d2ed9
[profile-common] [profile-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend] [profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 8507a2ace2f789b92c522cc62ca5aace md5sum = 51087ac7615bd7cc01e60eb23701f625
[profile-caddy-replicate] [profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = 1d70899e5bf5309325b18e87f59ecb57 md5sum = b6fc5a004a1235ffad3af0b4cb0e661f
[profile-slave-list] [profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = 613f777a08373088cbaf7f51fd18ea70 md5sum = 9bb51f663f69d66b5b3708bf892dd3e6
[profile-replicate-publish-slave-information] [profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
......
{%- if instance_parameter_dict['slap-software-type'] == software_type -%}
{% import "caucase" as caucase with context %} {% import "caucase" as caucase with context %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
[buildout] [buildout]
...@@ -11,6 +10,7 @@ parts = ...@@ -11,6 +10,7 @@ parts =
directory directory
logrotate-entry-caddy logrotate-entry-caddy
caddy-frontend caddy-frontend
caddyprofiledeps
switch-caddy-softwaretype switch-caddy-softwaretype
caucase-updater caucase-updater
caucase-updater-promise caucase-updater-promise
...@@ -97,9 +97,11 @@ expose-csr_id-var = ${:var}/expose-csr_id ...@@ -97,9 +97,11 @@ expose-csr_id-var = ${:var}/expose-csr_id
slave-introspection-var = ${:var}/slave-introspection slave-introspection-var = ${:var}/slave-introspection
[switch-caddy-softwaretype] [switch-caddy-softwaretype]
recipe = slapos.cookbook:softwaretype recipe = slapos.cookbook:switch-softwaretype
single-default = ${dynamic-custom-personal-profile-slave-list:rendered} default = dynamic-custom-personal-profile-slave-list:rendered
single-custom-personal = ${dynamic-custom-personal-profile-slave-list:rendered} RootSoftwareInstance = ${:default}
single-default = dynamic-custom-personal-profile-slave-list:rendered
single-custom-personal = dynamic-custom-personal-profile-slave-list:rendered
[frontend-configuration] [frontend-configuration]
ip-access-certificate = ${self-signed-ip-access:certificate} ip-access-certificate = ${self-signed-ip-access:certificate}
...@@ -114,7 +116,7 @@ slave-introspection-domain = ${slave-introspection-frontend:connection-domain} ...@@ -114,7 +116,7 @@ slave-introspection-domain = ${slave-introspection-frontend:connection-domain}
# Self Signed certificate for HTTPS IP accesses to the frontend # Self Signed certificate for HTTPS IP accesses to the frontend
recipe = plone.recipe.command recipe = plone.recipe.command
update-command = ${:command} update-command = ${:command}
ipv6 = ${slap-network-information:global-ipv6} ipv6 = ${slap-configuration:ipv6-random}
ipv4 = {{instance_parameter_dict['ipv4-random']}} ipv4 = {{instance_parameter_dict['ipv4-random']}}
certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
{#- Can be stopped on error, as does not rely on self provided service #} {#- Can be stopped on error, as does not rely on self provided service #}
...@@ -138,7 +140,7 @@ command = ...@@ -138,7 +140,7 @@ command =
# Self Signed certificate for HTTPS access to the frontend with fallback certificate # Self Signed certificate for HTTPS access to the frontend with fallback certificate
recipe = plone.recipe.command recipe = plone.recipe.command
update-command = ${:command} update-command = ${:command}
ipv6 = ${slap-network-information:global-ipv6} ipv6 = ${slap-configuration:ipv6-random}
ipv4 = {{instance_parameter_dict['ipv4-random']}} ipv4 = {{instance_parameter_dict['ipv4-random']}}
certificate = ${caddy-directory:master-autocert-dir}/fallback-access.crt certificate = ${caddy-directory:master-autocert-dir}/fallback-access.crt
{#- Can be stopped on error, as does not rely on self provided service #} {#- Can be stopped on error, as does not rely on self provided service #}
...@@ -282,6 +284,7 @@ software_type = single-custom-personal ...@@ -282,6 +284,7 @@ software_type = single-custom-personal
organization = {{ slapparameter_dict['cluster-identification'] }} organization = {{ slapparameter_dict['cluster-identification'] }}
organizational-unit = {{ instance_parameter_dict['configuration.frontend-name'] }} organizational-unit = {{ instance_parameter_dict['configuration.frontend-name'] }}
backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] }} backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] }}
partition_ipv6 = ${slap-configuration:ipv6-random}
extra-context = extra-context =
key caddy_configuration_directory caddy-directory:slave-configuration key caddy_configuration_directory caddy-directory:slave-configuration
key backend_client_caucase_url :backend-client-caucase-url key backend_client_caucase_url :backend-client-caucase-url
...@@ -293,7 +296,7 @@ extra-context = ...@@ -293,7 +296,7 @@ extra-context =
key caddy_log_directory caddy-directory:slave-log key caddy_log_directory caddy-directory:slave-log
key expose_csr_id_organization :organization key expose_csr_id_organization :organization
key expose_csr_id_organizational_unit :organizational-unit key expose_csr_id_organizational_unit :organizational-unit
key global_ipv6 slap-network-information:global-ipv6 key global_ipv6 slap-configuration:ipv6-random
key empty_template software-release-path:template-empty key empty_template software-release-path:template-empty
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key software_type :software_type key software_type :software_type
...@@ -328,8 +331,8 @@ extra-context = ...@@ -328,8 +331,8 @@ extra-context =
section frontend_configuration frontend-configuration section frontend_configuration frontend-configuration
key http_port configuration:plain_http_port key http_port configuration:plain_http_port
key https_port configuration:port key https_port configuration:port
key global_ipv6 slap-configuration:ipv6-random
key local_ipv4 :local_ipv4 key local_ipv4 :local_ipv4
key global_ipv6 slap-network-information:global-ipv6
key error_log caddy-configuration:error-log key error_log caddy-configuration:error-log
key not_found_file caddy-configuration:not-found-file key not_found_file caddy-configuration:not-found-file
key username monitor-instance-parameter:username key username monitor-instance-parameter:username
...@@ -904,7 +907,7 @@ recipe = slapos.cookbook:requestoptional ...@@ -904,7 +907,7 @@ recipe = slapos.cookbook:requestoptional
name = Slave Introspection Frontend {{ instance_parameter_dict['configuration.frontend-name'] }} name = Slave Introspection Frontend {{ instance_parameter_dict['configuration.frontend-name'] }}
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true slave = true
config-url = https://[${slap-network-information:global-ipv6}]:{{ instance_parameter_dict['configuration.slave-introspection-https-port'] }}/ config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration.slave-introspection-https-port'] }}/
config-https-only = true config-https-only = true
return = domain secure_access return = domain secure_access
...@@ -914,7 +917,7 @@ recipe = slapos.cookbook:requestoptional ...@@ -914,7 +917,7 @@ recipe = slapos.cookbook:requestoptional
name = Backend Haproxy Statistic Frontend {{ instance_parameter_dict['configuration.frontend-name'] }} name = Backend Haproxy Statistic Frontend {{ instance_parameter_dict['configuration.frontend-name'] }}
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true slave = true
config-url = https://[${slap-network-information:global-ipv6}]:{{ instance_parameter_dict['configuration.backend-haproxy-statistic-port'] }}/ config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration.backend-haproxy-statistic-port'] }}/
config-https-only = true config-https-only = true
return = domain secure_access return = domain secure_access
...@@ -1022,5 +1025,3 @@ config-command = ...@@ -1022,5 +1025,3 @@ config-command =
{%- for key, value in software_parameter_dict.iteritems() %} {%- for key, value in software_parameter_dict.iteritems() %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{%- endfor %} {%- endfor %}
{%- endif -%} {# if instance_parameter_dict['slap-software-type'] == software_type #}
{% if instance_parameter_dict['slap-software-type'] in software_type %}
{% set aibcc_enabled = True %} {% set aibcc_enabled = True %}
{% import "caucase" as caucase with context %} {% import "caucase" as caucase with context %}
{#- SERVER_POLLUTED_KEY_LIST is a list of keys which comes from various SlapOS Master implementations, which mix request and publish keys on each slave information -#} {#- SERVER_POLLUTED_KEY_LIST is a list of keys which comes from various SlapOS Master implementations, which mix request and publish keys on each slave information -#}
...@@ -44,13 +43,7 @@ context = ...@@ -44,13 +43,7 @@ context =
{% set popen = functools_module.partial(subprocess_module.Popen, stdout=subprocess_module.PIPE, stderr=subprocess_module.STDOUT, stdin=subprocess_module.PIPE) %} {% set popen = functools_module.partial(subprocess_module.Popen, stdout=subprocess_module.PIPE, stderr=subprocess_module.STDOUT, stdin=subprocess_module.PIPE) %}
{% set part_list = [] %} {% set part_list = [] %}
{% set single_type_key = 'single-' %} {% set single_type_key = 'single-' %}
{% if instance_parameter_dict['slap-software-type'] == "replicate" %}
{% set frontend_type = slapparameter_dict.pop('-frontend-type', 'single-default') %}
{% elif instance_parameter_dict['slap-software-type'] in ['default', 'RootSoftwareInstance'] %}
{% set frontend_type = "%s%s" % (single_type_key, 'custom-personal') %} {% set frontend_type = "%s%s" % (single_type_key, 'custom-personal') %}
{% else %}
{% set frontend_type = "%s%s" % (single_type_key, instance_parameter_dict['slap-software-type']) %}
{% endif %}
{% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '1') | int %} {% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '1') | int %}
{% set slave_list_name = 'extra_slave_instance_list' %} {% set slave_list_name = 'extra_slave_instance_list' %}
{% set frontend_list = [] %} {% set frontend_list = [] %}
...@@ -390,12 +383,12 @@ config-url = ...@@ -390,12 +383,12 @@ config-url =
#-- #--
#-- Publish slave information #-- Publish slave information
[publish-slave-information] [publish-slave-information]
recipe = slapos.cookbook:softwaretype recipe = slapos.cookbook:switch-softwaretype
default = ${dynamic-publish-slave-information:rendered} default = dynamic-publish-slave-information:rendered
RootSoftwareInstance = ${dynamic-publish-slave-information:rendered} RootSoftwareInstance = ${:default}
replicate = ${dynamic-publish-slave-information:rendered} replicate = dynamic-publish-slave-information:rendered
custom-personal = ${dynamic-publish-slave-information:rendered} custom-personal = dynamic-publish-slave-information:rendered
custom-group = ${dynamic-publish-slave-information:rendered} custom-group = dynamic-publish-slave-information:rendered
[request-kedifa] [request-kedifa]
<= slap-connection <= slap-connection
...@@ -908,5 +901,3 @@ parts = ...@@ -908,5 +901,3 @@ parts =
{% for part in part_list %} {% for part in part_list %}
{{ ' %s' % part }} {{ ' %s' % part }}
{% endfor %} {% endfor %}
\ No newline at end of file
# publish-information
{% endif %}
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
extends = {{ software_parameter_dict['profile_common'] }} extends = {{ software_parameter_dict['profile_common'] }}
parts = parts =
caddyprofiledeps
switch-softwaretype switch-softwaretype
[caddyprofiledeps] [caddyprofiledeps]
...@@ -14,8 +15,8 @@ extensions = jinja2.ext.do ...@@ -14,8 +15,8 @@ extensions = jinja2.ext.do
extra-context = extra-context =
context = context =
import json_module json import json_module json
key slapparameter_dict instance-parameter:configuration key slapparameter_dict slap-configuration:configuration
section instance_parameter_dict instance-parameter section instance_parameter_dict slap-configuration
section software_parameter_dict software-parameter-section section software_parameter_dict software-parameter-section
${:extra-context} ${:extra-context}
caucase-jinja2-library = {{ software_parameter_dict['caucase_jinja2_library'] }} caucase-jinja2-library = {{ software_parameter_dict['caucase_jinja2_library'] }}
...@@ -23,14 +24,14 @@ import-list = ...@@ -23,14 +24,14 @@ import-list =
file caucase :caucase-jinja2-library file caucase :caucase-jinja2-library
[switch-softwaretype] [switch-softwaretype]
recipe = slapos.cookbook:softwaretype recipe = slapos.cookbook:switch-softwaretype
default = ${dynamic-profile-caddy-replicate:rendered} default = dynamic-profile-caddy-replicate:rendered
RootSoftwareInstance = ${dynamic-profile-caddy-replicate:rendered} RootSoftwareInstance = ${:default}
custom-personal = ${dynamic-profile-caddy-replicate:rendered} custom-personal = dynamic-profile-caddy-replicate:rendered
single-default = ${dynamic-profile-caddy-frontend:rendered} single-default = dynamic-profile-caddy-frontend:rendered
single-custom-personal = ${dynamic-profile-caddy-frontend:rendered} single-custom-personal = dynamic-profile-caddy-frontend:rendered
replicate = ${dynamic-profile-caddy-replicate:rendered} replicate = dynamic-profile-caddy-replicate:rendered
kedifa = ${dynamic-profile-kedifa:rendered} kedifa = dynamic-profile-kedifa:rendered
[software-parameter-section] [software-parameter-section]
{% for key,value in software_parameter_dict.iteritems() %} {% for key,value in software_parameter_dict.iteritems() %}
...@@ -64,7 +65,7 @@ filename = instance-kedifa.cfg ...@@ -64,7 +65,7 @@ filename = instance-kedifa.cfg
extra-context = extra-context =
raw software_type kedifa raw software_type kedifa
[instance-parameter] [slap-configuration]
# Fetches parameters defined in SlapOS Master for this instance. # Fetches parameters defined in SlapOS Master for this instance.
# Always the same. # Always the same.
recipe = slapos.cookbook:slapconfiguration.serialised recipe = slapos.cookbook:slapconfiguration.serialised
......
{%- if software_type == slap_software_type %}
{%- set kedifa_updater_mapping = [] %} {%- set kedifa_updater_mapping = [] %}
{%- set cached_server_dict = {} %} {%- set cached_server_dict = {} %}
{%- set backend_slave_list = [] %} {%- set backend_slave_list = [] %}
...@@ -187,7 +186,7 @@ context = ...@@ -187,7 +186,7 @@ context =
{%- set furled = furl_module.furl(frontend_configuration['slave-introspection-secure_access']) %} {%- set furled = furl_module.furl(frontend_configuration['slave-introspection-secure_access']) %}
{%- do furled.set(username = slave_reference.lower()) %} {%- do furled.set(username = slave_reference.lower()) %}
{%- do furled.set(password = '${'+ slave_password_section +':passwd}') %} {%- do furled.set(password = '${'+ slave_password_section +':passwd}') %}
{%- do furled.set(path = slave_reference.lower() + '/') %} {%- do furled.set(path = slave_reference + '/') %}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #} {#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %} {%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %}
{%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %} {%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
...@@ -237,7 +236,7 @@ context = ...@@ -237,7 +236,7 @@ context =
{#- Set slave logrotate entry #} {#- Set slave logrotate entry #}
[{{slave_log_directory_section}}] [{{slave_log_directory_section}}]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
log-directory = {{ '${slave-log-directory-dict:' + slave_reference.lower() + '}' }} log-directory = {{ '${slave-log-directory-dict:' + slave_reference + '}' }}
[{{slave_logrotate_section}}] [{{slave_logrotate_section}}]
<= logrotate-entry-base <= logrotate-entry-base
...@@ -399,8 +398,8 @@ recipe = slapos.cookbook:publish ...@@ -399,8 +398,8 @@ recipe = slapos.cookbook:publish
{#- Define IPv6 to IPV4 tunneling #} {#- Define IPv6 to IPV4 tunneling #}
[tunnel-6to4-base] [tunnel-6to4-base]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
ipv4 = ${slap-network-information:local-ipv4} ipv4 = ${slap-configuration:ipv4-random}
ipv6 = ${slap-network-information:global-ipv6} ipv6 = ${slap-configuration:ipv6-random}
wrapper-path = {{ directory['service'] }}/6tunnel-${:ipv6-port} wrapper-path = {{ directory['service'] }}/6tunnel-${:ipv6-port}
command-line = {{ software_parameter_dict['sixtunnel'] }}/bin/6tunnel -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port} command-line = {{ software_parameter_dict['sixtunnel'] }}/bin/6tunnel -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
...@@ -509,7 +508,7 @@ extra-context = ...@@ -509,7 +508,7 @@ extra-context =
{{ key }} = {{ value }} {{ key }} = {{ value }}
{%- endfor %} {%- endfor %}
local-ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }} local-ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
global-ipv6 = ${slap-network-information:global-ipv6} global-ipv6 = ${slap-configuration:ipv6-random}
request-timeout = {{ dumps('' ~ configuration['request-timeout']) }} request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }} backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
backend-connect-retries = {{ dumps('' ~ configuration['backend-connect-retries']) }} backend-connect-retries = {{ dumps('' ~ configuration['backend-connect-retries']) }}
...@@ -583,12 +582,12 @@ update-command = ${:command} ...@@ -583,12 +582,12 @@ update-command = ${:command}
command = command =
if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then
openssl req -new -newkey rsa:2048 -sha256 -subj \ openssl req -new -newkey rsa:2048 -sha256 -subj \
"/O={{ expose_csr_id_organization }}/OU={{ expose_csr_id_organizational_unit }}/CN=${slap-network-information:global-ipv6}" \ "/O={{ expose_csr_id_organization }}/OU={{ expose_csr_id_organizational_unit }}/CN=${slap-configuration:ipv6-random}" \
-days 5 -nodes -x509 -keyout ${:key} -out ${:certificate} -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
fi fi
[expose-csr_id-configuration] [expose-csr_id-configuration]
ip = ${slap-network-information:global-ipv6} ip = ${slap-configuration:ipv6-random}
port = 17001 port = 17001
key = ${certificate-csr_id:key} key = ${certificate-csr_id:key}
certificate = ${certificate-csr_id:certificate} certificate = ${certificate-csr_id:certificate}
...@@ -660,4 +659,3 @@ module = check_command_execute ...@@ -660,4 +659,3 @@ module = check_command_execute
name = ${:_buildout_section_name_}.py name = ${:_buildout_section_name_}.py
config-command = config-command =
${logrotate:wrapper-path} -d ${logrotate:wrapper-path} -d
\ No newline at end of file
{%- endif %} {# if software_type == slap_software_type #}
...@@ -1813,7 +1813,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1813,7 +1813,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
def test_server_polluted_keys_removed(self): def test_server_polluted_keys_removed(self):
buildout_file = os.path.join( buildout_file = os.path.join(
self.getMasterPartitionPath(), 'buildout-switch-softwaretype.cfg') self.getMasterPartitionPath(), 'instance-caddy-replicate.cfg')
for line in [ for line in [
q for q in open(buildout_file).readlines() q for q in open(buildout_file).readlines()
if q.startswith('config-slave-list') or q.startswith( if q.startswith('config-slave-list') or q.startswith(
...@@ -4590,7 +4590,7 @@ class TestReplicateSlaveOtherDestroyed(SlaveHttpFrontendTestCase): ...@@ -4590,7 +4590,7 @@ class TestReplicateSlaveOtherDestroyed(SlaveHttpFrontendTestCase):
self.slap.waitForInstance(self.instance_max_retry) self.slap.waitForInstance(self.instance_max_retry)
buildout_file = os.path.join( buildout_file = os.path.join(
self.getMasterPartitionPath(), 'buildout-switch-softwaretype.cfg') self.getMasterPartitionPath(), 'instance-caddy-replicate.cfg')
with open(buildout_file) as fh: with open(buildout_file) as fh:
buildout_file_content = fh.read() buildout_file_content = fh.read()
node_1_present = re.search( node_1_present = re.search(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment