Skip to content

S
slapos
Commit 9cf2c244 authored by Kirill Smelkov's avatar Kirill Smelkov
Browse files
Options

.

parent 06441439
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 4326 additions and 3455 deletions
component/binutils/buildout.cfg
View file @ 9cf2c244
......@@ -57,3 +57,4 @@ configure-options =
environment =
LDFLAGS=-L${gettext:location}/lib -lintl -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${zlib:location}/lib
PATH=${texinfo7:location}/bin:${bison:location}/bin:${m4:location}/bin:%(PATH)s
BISON_PKGDATADIR=${bison:location}/share/bison
component/ca-certificates/buildout.cfg
View file @ 9cf2c244
......@@ -12,12 +12,13 @@ parts =
[ca-certificates]
recipe = slapos.recipe.cmmi
shared = true
url = http://deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20210119.tar.xz
md5sum = c02582bf9ae338e558617291897615eb
url = https://deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20230311.tar.xz
md5sum = fc1c3ec0067385f0be8ac7f6e670a0f8
patch-binary = ${patch:location}/bin/patch
patches =
${:_profile_base_location_}/ca-certificates-any-python.patch#c13b44dfc3157dda13a9a2ff97a9d501
${:_profile_base_location_}/ca-certificates-sbin-dir.patch#0b4e7d82ce768823c01954ee41ef177b
${:_profile_base_location_}/ca-certificates-mkdir-p.patch#02ed8a6d60c39c4b088657888af345ef
${:_profile_base_location_}/ca-certificates-no-cryptography.patch#14ad1308623b0d15420906ae3d9b4867
patch-options = -p0
configure-command = true
make-targets = install DESTDIR=@@LOCATION@@ CERTSDIR=certs SBINDIR=sbin
......
component/ca-certificates/ca-certificates-sbin-dir.patch component/ca-certificates/ca-certificates-mkdir-p.patch
View file @ 9cf2c244
......@@ -9,19 +9,3 @@
$(MAKE) -C $$dir install CERTSDIR=$(DESTDIR)/$(CERTSDIR)/$$dir; \
done
for dir in sbin; do \
--- sbin/Makefile.orig 2011-12-11 20:54:02.000000000 +0100
+++ sbin/Makefile 2012-01-09 17:31:45.207387898 +0100
@@ -3,9 +3,12 @@
#
#
+SBINDIR=/usr/sbin
+
all:
clean:
install:
- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
+ mkdir -p $(DESTDIR)/$(SBINDIR)
+ install -m755 update-ca-certificates $(DESTDIR)/$(SBINDIR)
component/ca-certificates/ca-certificates-no-cryptography.patch 0 → 100644
View file @ 9cf2c244
Don't depend on cryptography
Revert https://salsa.debian.org/debian/ca-certificates/-/commit/8033d52259172b4bddc0f8bbcb6f6566b348db72
we don't need this here.
--- mozilla/certdata2pem.py 2023-01-14 22:58:27.000000000 +0900
+++ mozilla/certdata2pem.py 2023-10-02 22:13:31.355540545 +0900
@@ -21,15 +21,12 @@
# USA.
import base64
-import datetime
import os.path
import re
import sys
import textwrap
import io
-from cryptography import x509
-
objects = []
@@ -122,12 +119,6 @@
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
- if cert.not_valid_after < datetime.datetime.utcnow():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)
-
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\
component/egg-patch/Zope/0001-WSGIPublisher-set-REMOTE_USER-even-in-case-of-error-.patch 0 → 100644
View file @ 9cf2c244
From 1f0be881320f440cec05eb838fa42c5ddf56a57c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Tue, 19 Sep 2023 15:19:51 +0900
Subject: [PATCH] WSGIPublisher: set REMOTE_USER even in case of error (#1156)
This fixes a problem that user name was empty in access log for error pages.
Fixes #1155
---------
Co-authored-by: Michael Howitz <icemac@gmx.net>
---
src/ZPublisher/WSGIPublisher.py | 13 +++++++------
src/ZPublisher/tests/test_WSGIPublisher.py | 9 +++++++++
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/src/ZPublisher/WSGIPublisher.py b/src/ZPublisher/WSGIPublisher.py
index bd0ae1d17..09b2c44c9 100644
--- a/src/ZPublisher/WSGIPublisher.py
+++ b/src/ZPublisher/WSGIPublisher.py
@@ -382,12 +382,13 @@ def publish_module(environ, start_response,
try:
with load_app(module_info) as new_mod_info:
with transaction_pubevents(request, response):
- response = _publish(request, new_mod_info)
-
- user = getSecurityManager().getUser()
- if user is not None and \
- user.getUserName() != 'Anonymous User':
- environ['REMOTE_USER'] = user.getUserName()
+ try:
+ response = _publish(request, new_mod_info)
+ finally:
+ user = getSecurityManager().getUser()
+ if user is not None and \
+ user.getUserName() != 'Anonymous User':
+ environ['REMOTE_USER'] = user.getUserName()
break
except TransientError:
if request.supports_retry():
diff --git a/src/ZPublisher/tests/test_WSGIPublisher.py b/src/ZPublisher/tests/test_WSGIPublisher.py
index 989970f24..38e402ab3 100644
--- a/src/ZPublisher/tests/test_WSGIPublisher.py
+++ b/src/ZPublisher/tests/test_WSGIPublisher.py
@@ -822,6 +822,15 @@ class TestPublishModule(ZopeTestCase):
self._callFUT(environ, start_response, _publish)
self.assertFalse('REMOTE_USER' in environ)
+ def test_set_REMOTE_USER_environ_error(self):
+ environ = self._makeEnviron()
+ start_response = DummyCallable()
+ _publish = DummyCallable()
+ _publish._raise = ValueError()
+ with self.assertRaises(ValueError):
+ self._callFUT(environ, start_response, _publish)
+ self.assertEqual(environ['REMOTE_USER'], user_name)
+
def test_webdav_source_port(self):
from ZPublisher import WSGIPublisher
old_webdav_source_port = WSGIPublisher._WEBDAV_SOURCE_PORT
--
2.39.2
component/file/buildout.cfg
View file @ 9cf2c244
......@@ -11,8 +11,8 @@ extends =
[file]
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.astron.com/pub/file/file-5.44.tar.gz
md5sum = a60d586d49d015d842b9294864a89c7a
url = http://ftp.astron.com/pub/file/file-5.45.tar.gz
md5sum = 26b2a96d4e3a8938827a1e572afd527a
configure-options =
--disable-static
--disable-libseccomp
......
component/firewalld/buildout.cfg
View file @ 9cf2c244
......@@ -76,7 +76,7 @@ environment =
CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi -L${zlib:location}/lib/ -Wl,-rpath=${zlib:location}/lib/
GLIB_CFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include
GLIB_LIBS=-L${glib:location}/lib -lglib-2.0 -lintl -lgobject-2.0
GLIB_LIBS=-L${glib:location}/lib -lglib-2.0 -lgobject-2.0
FFI_CFLAGS=-I${libffi:location}/include
FFI_LIBS=-L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi
GIR_DIR=${buildout:parts-directory}/${:_buildout_section_name_}/share/gir-1.0
......
component/freetype/buildout.cfg
View file @ 9cf2c244
......@@ -14,12 +14,15 @@ parts =
[freetype]
recipe = slapos.recipe.cmmi
shared = true
url = http://download.savannah.gnu.org/releases/freetype/freetype-2.7.1.tar.bz2
md5sum = b3230110e0cab777e0df7631837ac36e
url = https://download.savannah.gnu.org/releases/freetype/freetype-2.13.2.tar.xz
md5sum = 1f625f0a913c449551b1e3790a1817d7
pkg_config_depends = ${zlib:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig
location = @@LOCATION@@
configure-options =
--disable-static
--enable-freetype-config
--without-brotli
--without-librsvg
environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
......
component/gdal/buildout.cfg
View file @ 9cf2c244
......@@ -9,7 +9,6 @@ extends =
../pcre/buildout.cfg
../proj4/buildout.cfg
../sqlite3/buildout.cfg
../webp/buildout.cfg
../xz-utils/buildout.cfg
parts =
......@@ -32,12 +31,12 @@ configure-options =
--with-png=${libpng:location}
--with-static-proj4=${proj4:location}
--with-sqlite3=${sqlite3:location}
--with-webp=${webp:location}
--with-xml2=${libxml2:location}/bin/xml2-config
--without-webp
environment =
PATH=${xz-utils:location}/bin:%(PATH)s
CPPFLAGS=-I${pcre:location}/include
LDFLAGS=-L${pcre:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib -Wl,-rpath=${curl:location}/lib -Wl,-rpath=${geos:location}/lib -Wl,-rpath=${giflib:location}/lib -Wl,-rpath=${jasper:location}/lib -Wl,-rpath=${jbigkit:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${libjpeg:location}/lib -Wl,-rpath=${libpng:location}/lib -Wl,-rpath=${libtiff:location}/lib -Wl,-rpath=${libxml2:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${webp:location}/lib -Wl,-rpath=${zlib:location}/lib
LDFLAGS=-L${pcre:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib -Wl,-rpath=${curl:location}/lib -Wl,-rpath=${geos:location}/lib -Wl,-rpath=${giflib:location}/lib -Wl,-rpath=${jasper:location}/lib -Wl,-rpath=${jbigkit:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${libjpeg:location}/lib -Wl,-rpath=${libpng:location}/lib -Wl,-rpath=${libtiff:location}/lib -Wl,-rpath=${libxml2:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib
[gdal-python]
recipe = zc.recipe.egg:custom
......
component/ghostscript/buildout.cfg
View file @ 9cf2c244
......@@ -14,8 +14,8 @@ parts = ghostscript
[ghostscript]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9550/ghostscript-9.55.0.tar.xz
md5sum = 92aa46e75c4f32eb11d9c975053d876c
url = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10020/ghostscript-10.02.0.tar.xz
md5sum = 80c1cdfada72f2eb5987dc0d590ea5b2
pkg_config_depends = ${libtiff:location}/lib/pkgconfig:${libjpeg:location}/lib/pkgconfig:${fontconfig:location}/lib/pkgconfig:${fontconfig:pkg_config_depends}
# XXX --with-tessdata work arounds a slaprunner bug of having softwares installed in a path containing //
configure-options =
......@@ -23,6 +23,7 @@ configure-options =
--disable-threadsafe
--with-system-libtiff
--without-libidn
--without-so
--without-x
--with-drivers=FILES
--with-tessdata=$(python -c 'print("""${:tessdata-location}""".replace("//", "/"))')
......
component/git/buildout.cfg
View file @ 9cf2c244
......@@ -18,8 +18,8 @@ parts =
[git]
recipe = slapos.recipe.cmmi
shared = true
url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.40.1.tar.xz
md5sum = 125d13c374a9ec9253f42c483bacec31
url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.42.0.tar.xz
md5sum = e61c187f6863d5e977e60cdedf213ec0
configure-options =
--with-curl=${curl:location}
--with-openssl=${openssl:location}
......
component/glib/buildout.cfg
View file @ 9cf2c244
......@@ -7,6 +7,7 @@ extends =
../patch/buildout.cfg
../pcre2/buildout.cfg
../perl/buildout.cfg
../python3/buildout.cfg
../pkgconfig/buildout.cfg
../xz-utils/buildout.cfg
../zlib/buildout.cfg
......@@ -14,6 +15,9 @@ extends =
parts =
glib
[gcc]
min_version = 8
[glib]
recipe = slapos.recipe.cmmi
shared = true
......@@ -24,7 +28,7 @@ make-binary = ninja -C builddir
pkg_config_depends = ${pcre2:location}/lib/pkgconfig:${libffi:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
environment =
PKG_CONFIG_PATH=${:pkg_config_depends}
PATH=${ninja:location}/bin:${pkgconfig:location}/bin:${patch:location}/bin:${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${python3:location}/bin:${ninja:location}/bin:${pkgconfig:location}/bin:${patch:location}/bin:${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
CFLAGS=-I${gettext:location}/include
LDFLAGS=-L${gettext:location}/lib -lintl -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=@@LOCATION@@/lib -Wl,-rpath=${pcre2:location}/lib
post-install = rm %(location)s/bin/gtester-report
component/imagemagick/buildout.cfg
View file @ 9cf2c244
......@@ -19,23 +19,27 @@ extends =
../jbigkit/buildout.cfg
../patch/buildout.cfg
../pkgconfig/buildout.cfg
../webp/buildout.cfg
../xz-utils/buildout.cfg
../zlib/buildout.cfg
[imagemagick]
recipe = slapos.recipe.cmmi
shared = true
version = 7.0.2-10
version = 7.1.1-20
url = https://www.imagemagick.org/download/releases/ImageMagick-${:version}.tar.xz
md5sum = e1cb23d9c10a8eff228ef30ee281711a
pkg_config_depends = ${fontconfig:location}/lib/pkgconfig:${fontconfig:pkg_config_depends}:${lcms2:location}/lib/pkgconfig:${xz-utils:location}/lib/pkgconfig
md5sum = 4ce5c6854c1f8ab6ce5571a9377b1f2f
pkg_config_depends = ${fontconfig:location}/lib/pkgconfig:${fontconfig:pkg_config_depends}:${lcms2:location}/lib/pkgconfig:${libtiff:location}/lib/pkgconfig:${xz-utils:location}/lib/pkgconfig
# Change export-filename to export-png for inkscape < 1.0
pre-configure =
sed -i -e 's,--export-filename=,--export-png=,' config/delegates.xml.in
configure-options =
--disable-static
--without-x
--with-frozenpaths
--with-magick-plus-plus
--disable-openmp
--disable-opencl
--without-dmr
--without-dps
--without-djvu
--without-fftw
......@@ -44,6 +48,8 @@ configure-options =
--with-fontconfig
--without-gslib
--without-gvc
--without-heic
--without-jxl
--with-lcms
--without-openjp2
--without-lqr
......@@ -51,17 +57,21 @@ configure-options =
--without-openexr
--without-pango
--without-raqm
--without-raw
--without-rsvg
--without-webp
--without-wmf
--without-zip
--without-zstd
--with-bzlib=${bzip2:location}
--with-zlib=${zlib:location}
--with-frozenpaths
patch-options = -p1
patches =
${:_profile_base_location_}/imagemagick-7.0.2-10-no-gsx-gsc-probe.patch#64898455d5175efedd1a7bef9f1f18b5
${:_profile_base_location_}/safe_policy.patch#383c0392de7257c9dff7270973342914
${:_profile_base_location_}/imagemagick-7.1.1-20-no-gsx-gsc-probe.patch#98762d1977e5bce2e12954818a671eb9
${:_profile_base_location_}/safe_policy.patch#0226c51e276f397b5900815c17dcf117
environment =
PATH=${freetype:location}/bin:${ghostscript:location}/bin:${inkscape:location}/bin:${libxml2:location}/bin:${patch:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include -I${jbigkit:location}/include -I${libjpeg:location}/include -I${libtiff:location}/include -I${libtool:location}/include -I${libpng:location}/include -I${jasper:location}/include -I${freetype:location}/include -I${webp:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${libtool:location}/lib -Wl,-rpath=${libtool:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib -L${jasper:location}/lib -Wl,-rpath=${jasper:location}/lib -L${freetype:location}/lib -Wl,-rpath=${freetype:location}/lib -L${webp:location}/lib -Wl,-rpath=${webp:location}/lib
CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include -I${jbigkit:location}/include -I${libjpeg:location}/include -I${libtool:location}/include -I${libpng:location}/include -I${jasper:location}/include -I${freetype:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtool:location}/lib -Wl,-rpath=${libtool:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib -L${jasper:location}/lib -Wl,-rpath=${jasper:location}/lib -L${freetype:location}/lib -Wl,-rpath=${freetype:location}/lib
component/imagemagick/imagemagick-7.0.2-10-no-gsx-gsc-probe.patch deleted 100644 → 0
View file @ 06441439
--- ImageMagick-7.0.2-10/configure.ac.orig 2016-08-30 11:33:39.160279386 +0200
+++ ImageMagick-7.0.2-10/configure.ac 2016-08-30 11:35:34.753290590 +0200
@@ -3110,7 +3110,7 @@
AC_PATH_PROG(MrSIDDecodeDelegate, "$MrSIDDecodeDelegateDefault", "$MrSIDDecodeDelegateDefault")
AC_PATH_PROG(MVDelegate, "$MVDelegateDefault", "$MVDelegateDefault")
AC_PATH_PROG(PCLDelegate, "$PCLDelegateDefault", "$PCLDelegateDefault")
-AC_PATH_PROGS(PSDelegate, gsx gsc "$PSDelegateDefault", "$PSDelegateDefault")
+AC_PATH_PROGS(PSDelegate, "$PSDelegateDefault", "$PSDelegateDefault")
AC_PATH_PROG(RMDelegate, "$RMDelegateDefault", "$RMDelegateDefault")
AC_PATH_PROG(RSVGDecodeDelegate, "$RSVGDecodeDelegateDefault", "$RSVGDecodeDelegateDefault")
AC_PATH_PROG(SVGDecodeDelegate, "$SVGDecodeDelegateDefault", "$SVGDecodeDelegateDefault")
component/imagemagick/imagemagick-7.1.1-20-no-gsx-gsc-probe.patch 0 → 100644
View file @ 9cf2c244
--- ImageMagick-7.1.1-20/configure.ac.orig 2023-10-08 23:05:13.000000000 +0200
+++ ImageMagick-7.1.1-20/configure.ac 2023-10-10 09:22:13.287693848 +0200
@@ -3317,7 +3317,7 @@
AC_PATH_PROG([MrSIDDecodeDelegate],["$MrSIDDecodeDelegateDefault"],["$MrSIDDecodeDelegateDefault"])
AC_PATH_PROG([MVDelegate],["$MVDelegateDefault"],["$MVDelegateDefault"])
AC_PATH_PROG([PCLDelegate],["$PCLDelegateDefault"],["$PCLDelegateDefault"])
-AC_PATH_PROGS([PSDelegate],[gsx gsc "$PSDelegateDefault"],["$PSDelegateDefault"])
+AC_PATH_PROGS([PSDelegate],["$PSDelegateDefault"],["$PSDelegateDefault"])
AC_PATH_PROG([RMDelegate],["$RMDelegateDefault"],["$RMDelegateDefault"])
AC_PATH_PROG([RSVGDecodeDelegate],["$RSVGDecodeDelegateDefault"],["$RSVGDecodeDelegateDefault"])
AC_PATH_PROG([SVGDecodeDelegate],["$SVGDecodeDelegateDefault"],["$SVGDecodeDelegateDefault"])
component/imagemagick/safe_policy.patch
View file @ 9cf2c244
--- ImageMagick-7.0.2-10/config/policy.xml.orig 2016-08-30 11:37:29.110253211 +0200
+++ ImageMagick-7.0.2-10/config/policy.xml 2016-08-30 11:40:09.719555899 +0200
@@ -50,19 +50,28 @@
-->
--- ImageMagick-7.1.1-20.orig/config/policy-open.xml 2023-10-08 23:05:13.000000000 +0200
+++ ImageMagick-7.1.1-20/config/policy-open.xml 2023-10-10 18:29:06.846344247 +0200
@@ -84,41 +84,41 @@
<policymap>
<!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
- <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
- <!-- <policy domain="resource" name="map" value="4GiB"/> -->
- <!-- <policy domain="resource" name="width" value="10MP"/> -->
- <!-- <policy domain="resource" name="height" value="10MP"/> -->
- <!-- <policy domain="resource" name="area" value="1GB"/> -->
- <!-- <policy domain="resource" name="disk" value="16EB"/> -->
<policy domain="Undefined" rights="none"/>
<!-- Set maximum parallel threads. -->
- <!-- <policy domain="resource" name="thread" value="2"/> -->
+ <policy domain="resource" name="thread" value="2"/>
<!-- Set maximum time in seconds. When this limit is exceeded, an exception
is thrown and processing stops. -->
- <!-- <policy domain="resource" name="time" value="120"/> -->
+ <policy domain="resource" name="time" value="120"/>
<!-- Set maximum number of open pixel cache files. When this limit is
exceeded, any subsequent pixels cached to disk are closed and reopened
on demand. -->
- <!-- <policy domain="resource" name="file" value="768"/> -->
- <!-- <policy domain="resource" name="thread" value="4"/> -->
- <!-- <policy domain="resource" name="throttle" value="0"/> -->
- <!-- <policy domain="resource" name="time" value="3600"/> -->
- <!-- <policy domain="system" name="precision" value="6"/> -->
- <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
- <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
- <!-- <policy domain="path" rights="none" pattern="@*" /> -->
+ <policy domain="resource" name="memory" value="2GiB"/>
+ <policy domain="resource" name="map" value="4GiB"/>
+ <policy domain="resource" name="width" value="10MP"/>
+ <policy domain="resource" name="height" value="10MP"/>
+ <policy domain="resource" name="area" value="1GB"/>
+ <policy domain="resource" name="disk" value="16EB"/>
+ <policy domain="resource" name="file" value="768"/>
+ <policy domain="resource" name="thread" value="4"/>
+ <policy domain="resource" name="throttle" value="0"/>
+ <policy domain="resource" name="time" value="3600"/>
+ <policy domain="system" name="precision" value="6"/>
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="delegate" rights="none" pattern="HTTPS" />
+ <policy domain="path" rights="none" pattern="@*" />
<policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MSL" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="PLT" />
+ <policy domain="coder" rights="none" pattern="SHOW" />
+ <policy domain="coder" rights="none" pattern="TEXT" />
+ <policy domain="coder" rights="none" pattern="URL" />
+ <policy domain="coder" rights="none" pattern="WIN" />
<!-- Set maximum amount of memory in bytes to allocate for the pixel cache
from the heap. When this limit is exceeded, the image pixels are cached
to memory-mapped disk. -->
- <!-- <policy domain="resource" name="memory" value="256MiB"/> -->
+ <policy domain="resource" name="memory" value="256MiB"/>
<!-- Set maximum amount of memory map in bytes to allocate for the pixel
cache. When this limit is exceeded, the image pixels are cached to
disk. -->
- <!-- <policy domain="resource" name="map" value="512MiB"/> -->
+ <policy domain="resource" name="map" value="512MiB"/>
<!-- Set the maximum width * height of an image that can reside in the pixel
cache memory. Images that exceed the area limit are cached to disk. -->
- <!-- <policy domain="resource" name="area" value="16KP"/> -->
+ <policy domain="resource" name="area" value="16KP"/>
<!-- Set maximum amount of disk space in bytes permitted for use by the pixel
cache. When this limit is exceeded, the pixel cache is not be created
and an exception is thrown. -->
- <!-- <policy domain="resource" name="disk" value="1GiB"/> -->
+ <policy domain="resource" name="disk" value="1GiB"/>
<!-- Set the maximum length of an image sequence. When this limit is
exceeded, an exception is thrown. -->
- <!-- <policy domain="resource" name="list-length" value="32"/> -->
+ <policy domain="resource" name="list-length" value="32"/>
<!-- Set the maximum width of an image. When this limit is exceeded, an
exception is thrown. -->
- <!-- <policy domain="resource" name="width" value="8KP"/> -->
+ <policy domain="resource" name="width" value="8KP"/>
<!-- Set the maximum height of an image. When this limit is exceeded, an
exception is thrown. -->
- <!-- <policy domain="resource" name="height" value="8KP"/> -->
+ <policy domain="resource" name="height" value="8KP"/>
<!-- Periodically yield the CPU for at least the time specified in
milliseconds. -->
- <!-- <policy domain="resource" name="throttle" value="2"/> -->
+ <policy domain="resource" name="throttle" value="2"/>
<!-- Do not create temporary files in the default shared directories, instead
specify a private area to store only ImageMagick temporary files. -->
<!-- <policy domain="resource" name="temporary-path" value="/magick/tmp/"/> -->
@@ -138,7 +138,7 @@
<!-- don't read sensitive paths. -->
<!-- <policy domain="path" rights="none" pattern="/etc/*"/> -->
<!-- Indirect reads are not permitted. -->
- <!-- <policy domain="path" rights="none" pattern="@*"/> -->
+ <policy domain="path" rights="none" pattern="@*"/>
<!-- These image types are security risks on read, but write is fine -->
<!-- <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/> -->
<!-- This policy sets the number of times to replace content of certain
@@ -150,4 +150,5 @@
<!-- Set the maximum amount of memory in bytes that are permitted for
allocation requests. -->
<!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
+ <policy domain="coder" rights="none" pattern="{EPHEMERAL,HTTPS,MSL,MVG,PLT,SHOW,TEXT,URL,WIN}" />
</policymap>
component/leptonica/buildout.cfg
View file @ 9cf2c244
......@@ -5,7 +5,6 @@ extends =
../libjpeg/buildout.cfg
../libpng/buildout.cfg
../libtiff/buildout.cfg
../webp/buildout.cfg
../giflib/buildout.cfg
[leptonica]
......@@ -15,6 +14,9 @@ url = http://www.leptonica.org/source/leptonica-1.80.0.tar.gz
md5sum = d640d684234442a84c9e8902f0b3ff36
configure-options =
--disable-static
--without-libwebp
--without-libwebpmux
--without-libopenjpeg
environment =
CPPFLAGS=-I${zlib:location}/include -I${libjpeg:location}/include -I${libpng:location}/include -I${libtiff:location}/include -I${webp:location}/include -I${giflib:location}/include
LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${webp:location}/lib -Wl,-rpath=${webp:location}/lib -L${giflib:location}/lib -Wl,-rpath=${giflib:location}/lib
CPPFLAGS=-I${zlib:location}/include -I${libjpeg:location}/include -I${libpng:location}/include -I${libtiff:location}/include -I${giflib:location}/include
LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${giflib:location}/lib -Wl,-rpath=${giflib:location}/lib
component/libtiff/buildout.cfg
View file @ 9cf2c244
......@@ -22,7 +22,7 @@ configure-options =
--disable-webp
patch-options = -p1
patches =
${:_profile_base_location_}/debian_4.2.0-1+deb11u3.patch#d4396255ca214694501f4a44e8e685c6
${:_profile_base_location_}/debian_4.2.0-1+deb11u4.patch#88940ccaedc6337b8ee1577fbffb9e2e
environment =
CPPFLAGS=-I${libjpeg:location}/include -I${jbigkit:location}/include -I${zlib:location}/include
LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
......
component/nodejs/buildout.cfg
View file @ 9cf2c244
......@@ -12,13 +12,25 @@ extends =
parts =
nodejs
[nodejs]
<= nodejs-16.19.0
# nodejs 16 needs gcc > 8.3
# nodejs >= 16 needs gcc >= 8.3
[gcc]
min_version = 8.3
[nodejs]
<= nodejs-18.18.0
[nodejs-headers]
<= nodejs-headers-18.18.0
[node-gyp-environment]
# environment section to build with node-gyp.
# node-gyp downloads a tarball containing nodejs headers by default
# this uses a locally downloaded tarball, for reproductibility.
npm_config_tarball = ${nodejs-headers:target}
[nodejs-16.19.0]
<= nodejs-base
openssl_location = ${openssl:location}
......@@ -38,6 +50,18 @@ post-install =
version = v16.19.0
md5sum = e7bfbf135ae54d1dcca63bf17be84818
[nodejs-18.18.0]
<= nodejs-base
openssl_location = ${openssl:location}
version = v18.18.0
md5sum = a1ce8df7e6b9df9f4ba3ff1d4e2173d2
[nodejs-headers-18.18.0]
<= nodejs-headers-base
version = v18.18.0
md5sum = c5ab3e98977dfd639d830625d79eff52
[nodejs-14.16.0]
<= nodejs-base
openssl_location = ${openssl:location}
......@@ -57,11 +81,6 @@ version = v8.9.4
md5sum = 4ddc1daff327d7e6f63da57fdfc24f55
PATH = ${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
[nodejs-8.6.0]
<= nodejs-base
version = v8.6.0
md5sum = 0c95e08220667d8a18b97ecec8218ac6
PATH = ${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
[nodejs-8.12.0]
<= nodejs-base
......
component/openssl/buildout.cfg
View file @ 9cf2c244
......@@ -17,8 +17,8 @@ parts =
[openssl]
recipe = slapos.recipe.cmmi
shared = true
url = https://www.openssl.org/source/openssl-1.1.1v.tar.gz
md5sum = 9edcfdd9b96523df82b312c404f4b169
url = https://www.openssl.org/source/openssl-1.1.1w.tar.gz
md5sum = 3f76825f195e52d4b10c70040681a275
location = @@LOCATION@@
# 'prefix' option to override --openssldir/--prefix (which is useful
# when combined with DESTDIR). Used by slapos.package.git/obs
......@@ -48,8 +48,10 @@ environment =
[openssl-quictls]
<= openssl
url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1v-quic1.tar.gz
md5sum = 4b0e4a81590644a027b78a54c26a75e2
# XXX tag missing for 1.1.1w
# url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1w-quic1.tar.gz
url = https://github.com/quictls/openssl/archive/612d8e44d687e4b71c4724319d7aa27a733bcbca.tar.gz
md5sum =4a06f8b195e817c8a0d94ebdbc7c7bb7
[openssl-output]
# Shared binary location to ease migration
......
component/pillow/buildout.cfg
View file @ 9cf2c244
......@@ -5,7 +5,6 @@ extends =
../lcms/buildout.cfg
../libjpeg/buildout.cfg
../libtiff/buildout.cfg
../webp/buildout.cfg
../zlib/buildout.cfg
parts =
......@@ -20,7 +19,6 @@ include-dirs =
${lcms2:location}/include
${libjpeg:location}/include
${libtiff:location}/include
${webp:location}/include
${zlib:location}/include
library-dirs =
${freetype:location}/lib
......@@ -28,7 +26,6 @@ library-dirs =
${lcms2:location}/lib
${libjpeg:location}/lib
${libtiff:location}/lib
${webp:location}/lib
${zlib:location}/lib
rpath =
${freetype:location}/lib
......@@ -36,5 +33,4 @@ rpath =
${lcms2:location}/lib
${libjpeg:location}/lib
${libtiff:location}/lib
${webp:location}/lib
${zlib:location}/lib
component/theia/buildout.cfg
View file @ 9cf2c244
......@@ -39,6 +39,7 @@ environment =
PATH=${nodejs:location}/bin:${pkgconfig:location}/bin:${python3:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${libsecret:location}/lib/pkgconfig:${libsecret:pkg_config_depends}
LDFLAGS=-Wl,-rpath=${libsecret:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib
npm_config_tarball=${node-gyp-environment:npm_config_tarball}
NODE_OPTIONS=--max_old_space_size=4096
pre-configure =
mkdir -p $TMPDIR
......@@ -71,6 +72,7 @@ post-install =
# and anyway not used once the software is installed
rm -f %(location)s/node_modules/@msgpackr-extract/*/*.node
rm -rf $HOME/.cache/yarn/
rm -rf $HOME/.cache/puppeteer/
# remove "which" command added in $PATH that does not correctly
# handle executables thanks to a secondary group of the user.
# https://www.npmjs.com/package/which https://www.npmjs.com/package/isexe
......@@ -179,6 +181,7 @@ content =
"@theia/mini-browser": "latest",
"@theia/monaco": "latest",
"@theia/navigator": "latest",
"@theia/notebook": "latest",
"@theia/outline-view": "latest",
"@theia/output": "latest",
"@theia/plugin-dev": "latest",
......@@ -191,9 +194,11 @@ content =
"@theia/scm": "latest",
"@theia/scm-extra": "latest",
"@theia/search-in-workspace": "latest",
"@theia/secondary-window": "latest",
"@theia/task": "latest",
"@theia/terminal": "latest",
"@theia/timeline": "latest",
"@theia/toolbar": "latest",
"@theia/typehierarchy": "latest",
"@theia/userstorage": "latest",
"@theia/variable-resolver": "latest",
......
component/theia/buildout.hash.cfg
View file @ 9cf2c244
......@@ -15,11 +15,11 @@
[preloadTemplate.html]
_update_hash_filename_ = preloadTemplate.html
md5sum = 6343592161a349bb40e0de16ce67aa51
md5sum = a27e2cb34e4efe2ed0d4698f505554f0
[yarn.lock]
_update_hash_filename_ = yarn.lock
md5sum = 6435aaf48cbbfe7911505c2c45cc53ea
md5sum = bb7444ebfeea21fed1960700aa6becf9
[ms-python-disable-jedi-buildout.patch]
_update_hash_filename_ = ms-python-disable-jedi-buildout.patch
......
component/theia/download-plugins.cfg
View file @ 9cf2c244
This diff is collapsed.
component/theia/generate_download_plugins_cfg.py
View file @ 9cf2c244
......@@ -49,9 +49,7 @@ for plugin_and_version in '''\
vscode/lua/latest
vscode/make/latest
vscode/markdown/latest
# Activating extension 'Markdown Language Features (built-in)' failed:
# i.workspace.onWillDropOnTextEditor is not a function
vscode/markdown-language-features/1.64.2
vscode/markdown-language-features/latest
vscode/merge-conflict/latest
vscode/npm/latest
ms-vscode/node-debug/latest
......
component/theia/preloadTemplate.html
View file @ 9cf2c244
......@@ -7,6 +7,7 @@
link = document.createElement('link');
link.rel = "manifest";
link.href = "/theia.webmanifest";
link.crossOrigin = "use-credentials";
document.head.appendChild(link);
if ('serviceWorker' in navigator) {
......
component/theia/yarn.lock
View file @ 9cf2c244
This diff is collapsed.
component/trafficserver/buildout.cfg
View file @ 9cf2c244
......@@ -24,8 +24,8 @@ min_version = 8
[trafficserver]
recipe = slapos.recipe.cmmi
url = https://dlcdn.apache.org/trafficserver/trafficserver-9.2.0.tar.bz2
md5sum = 3188d53f0a2eb618fb9399e098161691
url = https://dlcdn.apache.org/trafficserver/trafficserver-9.2.2.tar.bz2
md5sum = 994247ed0f50e6dfcfb8d7200dcad6ea
shared = true
patch-options = -p1
configure-options =
......
component/webp/buildout.cfg
View file @ 9cf2c244
......@@ -13,11 +13,12 @@ extends =
[webp]
recipe = slapos.recipe.cmmi
shared = true
url = http://downloads.webmproject.org/releases/webp/libwebp-0.4.1.tar.gz
md5sum = 42bc79613ec5ee5b0e68ba97839c981e
url = http://downloads.webmproject.org/releases/webp/libwebp-1.3.2.tar.gz
md5sum = 34869086761c0e2da6361035f7b64771
configure-options =
--disable-static
--disable-gl
--disable-sdl
--disable-wic
--enable-everything
--with-jpegincludedir=${libjpeg:location}/include
......
component/xorg/buildout.cfg
View file @ 9cf2c244
......@@ -165,8 +165,8 @@ environment =
[libX11]
recipe = slapos.recipe.cmmi
shared = true
url = https://www.x.org/releases/individual/lib/libX11-1.8.6.tar.gz
md5sum = 9767ee0c5819e35142835da61b923421
url = https://www.x.org/releases/individual/lib/libX11-1.8.7.tar.gz
md5sum = feb9664ce36111923c0be0b292f6e15b
pkg_config_depends = ${inputproto:location}/lib/pkgconfig:${xorgproto:location}/share/pkgconfig:${libXau:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${xorg-util-macros:location}/share/pkgconfig:${xtrans:location}/share/pkgconfig
configure-options =
--disable-static
......
software/erp5/test/test/test_balancer.py
View file @ 9cf2c244
......@@ -805,7 +805,7 @@ class TestFrontendXForwardedFor(BalancerTestCase):
).json()
self.assertEqual(result['Incoming Headers'].get('x-forwarded-for', '').split(', ')[0], '1.2.3.4')
def test_x_forwarded_for_stripped_when_not_verified_connection(self):
def test_x_forwarded_for_stripped_when_no_certificate(self):
# type: () -> None
balancer_url = json.loads(self.computer_partition.getConnectionParameterDict()['_'])['default']
result = requests.get(
......@@ -813,7 +813,7 @@ class TestFrontendXForwardedFor(BalancerTestCase):
headers={'X-Forwarded-For': '1.2.3.4'},
verify=False,
).json()
self.assertNotEqual(result['Incoming Headers'].get('x-forwarded-for', '').split(', ')[0], '1.2.3.4')
self.assertNotIn('x-fowarded-for', [k.lower() for k in result['Incoming Headers'].keys()])
balancer_url = json.loads(self.computer_partition.getConnectionParameterDict()['_'])['default-auth']
with self.assertRaisesRegex(Exception, "certificate required"):
requests.get(
......@@ -822,6 +822,32 @@ class TestFrontendXForwardedFor(BalancerTestCase):
verify=False,
)
def test_x_forwarded_for_stripped_when_not_verified_certificate(self):
# type: () -> None
balancer_url = json.loads(self.computer_partition.getConnectionParameterDict()['_'])['default']
# certificate from an unknown CA
another_unrelated_caucase = self.getManagedResource('another_unrelated_caucase', CaucaseService)
unknown_client_certificate = self.getManagedResource('unknown_client_certificate', CaucaseCertificate)
unknown_client_certificate.request('unknown client certificate', another_unrelated_caucase)
result = requests.get(
balancer_url,
headers={'X-Forwarded-For': '1.2.3.4'},
cert=(unknown_client_certificate.cert_file, unknown_client_certificate.key_file),
verify=False,
).json()
self.assertNotIn('x-fowarded-for', [k.lower() for k in result['Incoming Headers'].keys()])
balancer_url = json.loads(self.computer_partition.getConnectionParameterDict()['_'])['default-auth']
with self.assertRaisesRegex(Exception, "unknown ca"):
requests.get(
balancer_url,
headers={'X-Forwarded-For': '1.2.3.4'},
cert=(unknown_client_certificate.cert_file, unknown_client_certificate.key_file),
verify=False,
)
class TestServerTLSProvidedCertificate(BalancerTestCase):
"""Check that certificate and key can be provided as instance parameters.
......
software/kvm/instance-kvm-cluster-input-schema.json
View file @ 9cf2c244
......@@ -279,7 +279,6 @@
"default": "virtio",
"enum": [
"ide",
"scsi",
"sd",
"mtd",
"floppy",
......
software/kvm/instance-kvm-input-schema.json
View file @ 9cf2c244
......@@ -53,7 +53,6 @@
"default": "virtio",
"enum": [
"ide",
"scsi",
"sd",
"mtd",
"floppy",
......
software/mail-server/buildout.hash.cfg
View file @ 9cf2c244
......@@ -19,7 +19,7 @@ md5sum = 7ab3b606972e1b338d28fc1374617835
[template-default]
_update_hash_filename_ = instance-default.cfg.in
md5sum = 698104b7c3694a69575c965c21629f87
md5sum = 89a7224c3dd9356bf262100816b67f73
[dovecot.jinja2.conf]
_update_hash_filename_ = dovecot.jinja2.conf
......
software/mail-server/instance-default.cfg.in
View file @ 9cf2c244
......@@ -147,6 +147,10 @@ recipe = slapos.recipe.template
output = ${directory:bin}/${:_buildout_section_name_}
inline =
#!/bin/sh
# If master.pid contains PID of any running process
# dovecot will refuse to run. Only the pidfile provided
# by wrapper recipe should be used
rm -f var/run/dovecot/master.pid
{{ dovecot_binary }} -F -c ${dovecot-conf:output}
[dovecot-service]
......@@ -170,6 +174,7 @@ recipe = slapos.recipe.template
output = ${directory:bin}/${:_buildout_section_name_}
inline =
#!/bin/sh
rm -f var/spool/postfix/pid/master.pid
${directory:usr-postfix}/libexec/postfix/master -c ${directory:etc-postfix}
[postfix-service]
......
software/monitor/test/test.py
View file @ 9cf2c244
......@@ -30,11 +30,13 @@ import glob
import hashlib
import json
import os
import psutil
import re
import requests
import shutil
import subprocess
import tempfile
import time
import xml.etree.ElementTree as ET
from cryptography import x509
from cryptography.hazmat.backends import default_backend
......@@ -75,6 +77,141 @@ class ServicesTestCase(SlapOSInstanceTestCase):
self.assertIn(expected_process_name, process_names)
def test_monitor_httpd_normal_reboot(self):
# Start the monitor-httpd service
with self.slap.instance_supervisor_rpc as supervisor:
info, = [i for i in
supervisor.getAllProcessInfo() if ('monitor-httpd' in i['name']) and ('on-watch' in i['name'])]
partition = info['group']
if info['statename'] != "RUNNING":
monitor_httpd_process_name = f"{info['group']}:{info['name']}"
supervisor.startProcess(monitor_httpd_process_name)
for _retries in range(20):
time.sleep(1)
info, = [i for i in
supervisor.getAllProcessInfo() if ('monitor-httpd' in i['name']) and ('on-watch' in i['name'])]
if info['statename'] == "RUNNING":
break
else:
self.fail(f"the supervisord service '{monitor_httpd_process_name}' is not running")
# Get the partition path
partition_path_list = glob.glob(os.path.join(self.slap.instance_directory, '*'))
for partition_path in partition_path_list:
if os.path.exists(os.path.join(partition_path, 'etc', 'monitor-httpd.conf')):
self.partition_path = partition_path
break
# Make sure we are focusing the same httpd service
self.assertIn(partition, self.partition_path)
# Get the monitor-httpd-service
monitor_httpd_service_path = glob.glob(os.path.join(
self.partition_path, 'etc', 'service', 'monitor-httpd*'
))[0]
try:
output = subprocess.check_output([monitor_httpd_service_path], timeout=10, stderr=subprocess.STDOUT, text=True)
# If the httpd-monitor service is running
# and the monitor-httpd.pid contains the identical PID as the servicse
# run the monitor-httpd service can cause the "already running" error correctly
self.assertIn("already running", output)
except subprocess.CalledProcessError as e:
self.logger.debug("Unexpected error when running the monitor-httpd service:", e)
self.fail("Unexpected error when running the monitor-httpd service")
except subprocess.TimeoutExpired as e:
# Timeout means we run the httpd service corrrectly
# This is not the expected behaviour
self.logger.debug("Unexpected behaviour: We are not suppose to be able to run the httpd service in the test:", e)
# Kill the process that we started manually
# Get the pid of the monitor_httpd from the PID file
monitor_httpd_pid_file = os.path.join(self.partition_path, 'var', 'run', 'monitor-httpd.pid')
monitor_httpd_pid = ""
if os.path.exists(monitor_httpd_pid_file):
with open(monitor_httpd_pid_file, "r") as pid_file:
monitor_httpd_pid = pid_file.read()
try:
pid_to_kill = monitor_httpd_pid.strip('\n')
subprocess.run(["kill", "-9", str(pid_to_kill)], check=True)
self.logger.debug(f"Process with PID {pid_to_kill} killed.")
except subprocess.CalledProcessError as e:
self.logger.debug(f"Error killing process with PID {pid_to_kill}: {e}")
self.fail("Unexpected behaviour: We are not suppose to be able to run the httpd service in the test")
with self.slap.instance_supervisor_rpc as supervisor:
info, = [i for i in
supervisor.getAllProcessInfo() if ('monitor-httpd' in i['name']) and ('on-watch' in i['name'])]
partition = info['group']
if info['statename'] == "RUNNING":
monitor_httpd_process_name = f"{info['group']}:{info['name']}"
supervisor.stopProcess(monitor_httpd_process_name)
def test_monitor_httpd_crash_reboot(self):
# Get the partition path
partition_path_list = glob.glob(os.path.join(self.slap.instance_directory, '*'))
for partition_path in partition_path_list:
if os.path.exists(os.path.join(partition_path, 'etc', 'monitor-httpd.conf')):
self.partition_path = partition_path
break
# Get the pid file
monitor_httpd_pid_file = os.path.join(self.partition_path, 'var', 'run', 'monitor-httpd.pid')
with self.slap.instance_supervisor_rpc as supervisor:
info, = [i for i in
supervisor.getAllProcessInfo() if ('monitor-httpd' in i['name']) and ('on-watch' in i['name'])]
if info['statename'] == "RUNNING":
monitor_httpd_process_name = f"{info['group']}:{info['name']}"
supervisor.stopProcess(monitor_httpd_process_name)
# Write the PID of the infinite process to the pid file.
with open(monitor_httpd_pid_file, "w") as file:
file.write(str(os.getpid()))
# Get the monitor-httpd-service
monitor_httpd_service_path = glob.glob(os.path.join(
self.partition_path, 'etc', 'service', 'monitor-httpd*'
))[0]
monitor_httpd_service_is_running = False
# Create the subprocess
self.logger.debug("Ready to run the process in crash reboot")
try:
process = subprocess.Popen(monitor_httpd_service_path, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
stdout, stderr = '', ''
try:
# Wait for the process to finish, but with a timeout
stdout, stderr = process.communicate(timeout=3)
self.logger.debug("Communicated!")
except subprocess.TimeoutExpired:
monitor_httpd_service_is_running = True # We didn't get any output within 3 seconds, this means everything is fine.
# If the process times out, terminate it
try:
main_process = psutil.Process(process.pid)
child_processes = main_process.children(recursive=True)
for process in child_processes + [main_process]:
process.terminate()
psutil.wait_procs(child_processes + [main_process])
self.logger.debug(f"Processes with PID {process.pid} and its subprocesses terminated.")
except psutil.NoSuchProcess as e:
# This print will generate ResourceWarningm but it is normal in Python 3
# See https://github.com/giampaolo/psutil/blob/master/psutil/tests/test_process.py#L1526
self.logger.debug("No process found with PID: %s" % process.pid)
# "httpd (pid 21934) already running" means we start httpd failed
if "already running" in stdout:
self.fail("Unexepected output from the monitor-httpd process: %s" % stdout)
raise Exception("Unexepected output from the monitor-httpd process: %s" % stdout)
except subprocess.CalledProcessError as e:
self.logger.debug("Unexpected error when running the monitor-httpd service:", e)
self.fail("Unexpected error when running the monitor-httpd service")
self.assertTrue(monitor_httpd_service_is_running)
class MonitorTestMixin:
monitor_setup_url_key = 'monitor-setup-url'
......
software/osie-coupler/buildout.hash.cfg
View file @ 9cf2c244
[instance-profile]
filename = instance.cfg.in
md5sum = f622d8b6e8ce96c75316a856b26caf96
md5sum = 6610ce91964dda42edbcb5b7837777c2
software/osie-coupler/instance.cfg.in
View file @ 9cf2c244
......@@ -55,5 +55,4 @@ log = ${:var}/log
[publish-connection-parameter]
recipe = slapos.cookbook:publish
opc_ua_port = ${instance-parameter:configuration.opc_ua_port}
interface = ${instance-parameter:configuration.interface}
url-ipv6 = opc.tcp://[${instance-parameter:ipv6-random}]:${instance-parameter:configuration.opc_ua_port}
software/peertube/software.cfg
View file @ 9cf2c244
......@@ -43,8 +43,6 @@ parts =
gcc
unzip
curl
nodejs
yarn
openssl
python3
nginx
......@@ -57,6 +55,8 @@ parts =
peertube-build
instance-profile
[nodejs]
<= nodejs-16.19.0
[peertube]
recipe = slapos.recipe.build:download-unpacked
......
software/rapid-cdn/buildout.hash.cfg
View file @ 9cf2c244
......@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend]
filename = instance-frontend.cfg.in
md5sum = 5c2f79d0773bd8594ccf1c34a7d27d53
md5sum = 9a33900d735ef074b5887d61bca54243
[profile-master]
filename = instance-master.cfg.in
......@@ -30,7 +30,7 @@ md5sum = 3006197ddce87bd92866b76b5ce8ce08
[profile-slave-list]
filename = instance-slave-list.cfg.in
md5sum = 8289620cb32dbdfcca6ba112c7ec7b2b
md5sum = b75e42233c1b7bdd5f21971ed8907efc
[profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in
......@@ -38,11 +38,11 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = eef9712c6fe4d62b570b9059157c67ea
md5sum = fc68a825c656bde0ae69a936936b0478
[template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in
md5sum = 238760d48d2875f087ad2d784e2a8fcd
md5sum = 2f3f75773eb879b97d1ff5e04486591c
[template-not-found-html]
_update_hash_filename_ = templates/notfound.html
......@@ -50,7 +50,7 @@ md5sum = d56e2cfab274cbbbe5b387f2f6e417df
[template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = b4b55d931249f11e4e1256afeb74b503
md5sum = 6457064905f818f21e3733eb4278a580
[template-empty]
_update_hash_filename_ = templates/empty.in
......@@ -102,7 +102,7 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
[profile-kedifa]
filename = instance-kedifa.cfg.in
md5sum = a9854d48e750b3599043715c95138d5d
md5sum = 669da915003122e48646dc75fec239a5
[template-frontend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
......
software/rapid-cdn/instance-frontend.cfg.in
View file @ 9cf2c244
......@@ -1105,12 +1105,16 @@ delaycompress =
url = {{ software_parameter_dict['template_wrapper'] }}
output = ${directory:scripts}/logrotate-setup-validate
command =
if ${logrotate:wrapper-path} -d > ${:state-file} 2>&1 ; then
if ${logrotate:wrapper-path} -d > ${:state-file-tmp} 2>&1 ; then
cat /dev/null > ${:state-file}
rm -f ${:state-file-tmp}
else
mv ${:state-file-tmp} ${:state-file}
fi
extra-context =
key content :command
state-file = ${directory:run}/logrotate-setup.state
state-file-tmp = ${:state-file}.tmp
[promise-logrotate-setup]
<= monitor-promise-base
......
software/rapid-cdn/instance-kedifa.cfg.in
View file @ 9cf2c244
......@@ -329,12 +329,16 @@ monitor-base-url = ${monitor-instance-parameter:monitor-base-url}
url = {{ software_parameter_dict['template_wrapper'] }}
output = ${directory:scripts}/logrotate-setup-validate
command =
if ${logrotate:wrapper-path} -d > ${:state-file} 2>&1 ; then
if ${logrotate:wrapper-path} -d > ${:state-file-tmp} 2>&1 ; then
cat /dev/null > ${:state-file}
rm -f ${:state-file-tmp}
else
mv ${:state-file-tmp} ${:state-file}
fi
extra-context =
key content :command
state-file = ${directory:run}/logrotate-setup.state
state-file-tmp = ${:state-file}.tmp
[promise-logrotate-setup]
<= monitor-promise-base
......
software/rapid-cdn/instance-slave-list.cfg.in
View file @ 9cf2c244
{%- set kedifa_updater_mapping = [] %}
{%- set cached_server_dict = {} %}
{%- set backend_slave_list = [] %}
{%- set frontend_slave_list = [] %}
{%- set backend_slave_dict = {} %}
{%- set frontend_slave_dict = {} %}
{%- set part_list = [] %}
{%- set cache_port = frontend_haproxy_configuration.get('cache-port') %}
{%- set cache_access = "http://%s:%s/HTTP" % (instance_parameter_dict['ipv4-random'], cache_port) %}
......@@ -228,7 +228,8 @@ context =
{%- do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{%- do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{%- do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{%- set host_list = slave_instance.get('server-alias', '').split() %}
{%- do slave_instance.__setitem__('server-alias', slave_instance.get('server-alias', '').split()) %}
{%- set host_list = slave_instance['server-alias'] %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
......@@ -385,9 +386,9 @@ local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
{#- ############################### #}
{#- Prepare Slave Information #}
{%- do slave_instance_information_list.append(slave_publish_dict) %}
{%- do frontend_slave_list.append(slave_instance) %}
{%- do frontend_slave_dict.__setitem__(slave_instance['slave_reference'], slave_instance) %}
{%- if slave_type != 'redirect' %}
{%- do backend_slave_list.append(slave_instance) %}
{%- do backend_slave_dict.__setitem__(slave_instance['slave_reference'], slave_instance) %}
{%- endif %}
{%- endfor %} {# Slave iteration ends for slave_instance in slave_instance_list #}
......@@ -477,14 +478,30 @@ output = ${:file}
##<Frontend haproxy>
[frontend-haproxy-slave-list]
list = {{ dumps(sorted(frontend_slave_list, key=operator_module.itemgetter('slave_reference'))) }}
dict = {{ dumps(frontend_slave_dict) }}
{%- set slave_instance_hostname_frontend_order = [] %}
{%- for slave_instance in frontend_slave_dict.values() %}
{%- for hostname in slave_instance['host_list'] %}
{%- if '*' in hostname %}
{%- set order_value = hostname.count('.') %}
{%- else %}
{%- set order_value = 1000 %}
{%- endif %}
{%- do slave_instance_hostname_frontend_order.append({
'index': order_value,
'hostname': hostname,
'slave_reference': slave_instance['slave_reference']}) %}
{%- endfor %}
{%- endfor %}
order = {{ dumps(slave_instance_hostname_frontend_order) }}
[frontend-haproxy-crt-list]
<= jinja2-template-base
template = {{ template_frontend_haproxy_crt_list }}
rendered = ${frontend-haproxy-config:crt-list}
extra-context =
key frontend_slave_list frontend-haproxy-slave-list:list
key frontend_slave_dict frontend-haproxy-slave-list:dict
key frontend_slave_order frontend-haproxy-slave-list:order
section configuration frontend-haproxy-config
[frontend-haproxy-configuration]
......@@ -492,7 +509,8 @@ extra-context =
template = {{ template_frontend_haproxy_configuration }}
rendered = ${frontend-haproxy-config:file}
extra-context =
key frontend_slave_list frontend-haproxy-slave-list:list
key frontend_slave_dict frontend-haproxy-slave-list:dict
key frontend_slave_order frontend-haproxy-slave-list:order
key crt_list frontend-haproxy-crt-list:rendered
section configuration frontend-haproxy-config
......@@ -512,9 +530,25 @@ autocert-directory = {{ frontend_directory['autocert'] }}
< = jinja2-template-base
url = {{ template_backend_haproxy_configuration }}
output = ${backend-haproxy-config:file}
backend_slave_list = {{ dumps(sorted(backend_slave_list, key=operator_module.itemgetter('slave_reference'))) }}
backend_slave_dict = {{ dumps(backend_slave_dict) }}
{%- set slave_instance_hostname_backend_order = [] %}
{%- for slave_instance in backend_slave_dict.values() %}
{%- for hostname in slave_instance['host_list'] %}
{%- if '*' in hostname %}
{%- set order_value = hostname.count('.') %}
{%- else %}
{%- set order_value = 1000 %}
{%- endif %}
{%- do slave_instance_hostname_backend_order.append({
'index': order_value,
'hostname': hostname,
'slave_reference': slave_instance['slave_reference']}) %}
{%- endfor %}
{%- endfor %}
order = {{ dumps(slave_instance_hostname_backend_order) }}
extra-context =
key backend_slave_list :backend_slave_list
key backend_slave_dict :backend_slave_dict
key backend_slave_order :order
section configuration backend-haproxy-config
[backend-haproxy-config]
......
software/rapid-cdn/software.cfg
View file @ 9cf2c244
......@@ -211,7 +211,7 @@ output = ${buildout:directory}/template-wrapper.cfg
<=download-template
[versions]
kedifa = 0.0.6
kedifa = 0.0.7
# Modern KeDiFa requires zc.lockfile
zc.lockfile = 1.4
......
software/rapid-cdn/templates/backend-haproxy.cfg.in
View file @ 9cf2c244
......@@ -17,30 +17,20 @@ defaults
default-server init-addr last,libc,none
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'http_backend', 'https': 'https_backend'} %}
{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
{%- macro frontend_entry(slave_reference, hostname, slave_instance, scheme) %}
{%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
{%- set matched = {'count': 0} %}
{%- for host in slave_instance['host_list'] %}
{#- Match up to the end or optional port (starting with ':') #}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
{%- if wildcard and host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
# match wildcard {{ host }}
acl is_{{ slave_instance['slave_reference'] }}_{{ scheme }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
{%- elif not wildcard and not host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
acl is_{{ slave_instance['slave_reference'] }}_{{ scheme }} hdr_reg(host) -i ^{{ host }}($|:.*)
{%- endif %}
{%- endfor %}
{%- if matched['count'] > 0 %}
{%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['health-check-failover-hostname'] %}
acl is_failover_{{ slave_instance['slave_reference'] }}_{{ scheme }} nbsrv({{ slave_instance['slave_reference'] }}-{{ scheme }}) eq 0
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}_{{ scheme }} ! is_failover_{{ slave_instance['slave_reference'] }}_{{ scheme }}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover if is_{{ slave_instance['slave_reference'] }}_{{ scheme }} is_failover_{{ slave_instance['slave_reference'] }}_{{ scheme }}
{%- else %}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}_{{ scheme }}
{%- endif %}
{%- if hostname.startswith('*') %}
{%- set matcher = '' ~ hostname[2:] ~ '$' %}
{%- else %}
{%- set matcher = '^' ~ hostname ~ '$' %}
{%- endif %}
{%- set acl = '{ req.hdr(host),host_only -m reg ' ~ matcher ~ ' }' %}
{%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['health-check-failover-hostname'] %}
acl is_failover_{{ slave_reference }}_{{ scheme }} nbsrv({{ slave_reference }}-{{ scheme }}) eq 0
use_backend {{ slave_reference }}-{{ scheme }} if {{ acl }} ! is_failover_{{ slave_reference }}_{{ scheme }}
use_backend {{ slave_reference }}-{{ scheme }}-failover if {{ acl }} is_failover_{{ slave_reference }}_{{ scheme }}
{%- else %}
use_backend {{ slave_reference }}-{{ scheme }} if {{ acl }}
{%- endif %}
{%- endif %}
{%- endmacro %}
......@@ -62,11 +52,8 @@ frontend http-backend
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %}
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', True) }}
{%- for entry in backend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{- frontend_entry(entry['slave_reference'], entry['hostname'], backend_slave_dict[entry['slave_reference']], 'http') -}}
{%- endfor %}
frontend https-backend
......@@ -75,14 +62,12 @@ frontend https-backend
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }}
{%- for entry in backend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{- frontend_entry(entry['slave_reference'], entry['hostname'], backend_slave_dict[entry['slave_reference']], 'https') -}}
{%- endfor %}
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }}
{% endfor %}
{%- for slave_instance in backend_slave_list %}
{%- for slave_reference in sorted(backend_slave_dict) %}
{%- set slave_instance = backend_slave_dict[slave_reference] %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance[prefix] %}
{%- if info_dict['hostname'] and info_dict['port'] %}
......
software/rapid-cdn/templates/frontend-haproxy-crt-list.in
View file @ 9cf2c244
{%- for slave in frontend_slave_list %}
{%- for entry in frontend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{%- set slave = frontend_slave_dict[entry['slave_reference']] %}
{%- set entry_list = [] %}
{%- set sslbindconf = [] %}
{#- <crtfile> #}
......@@ -9,7 +10,7 @@
{%- do sslbindconf.append(slave['alpn']) %}
{%- do entry_list.append('[' + ' '.join(sslbindconf) + ']') %}
{#- <snifilter> #}
{%- do entry_list.extend(slave['host_list']) %}
{%- do entry_list.append(entry['hostname']) %}
{{- ' '.join(entry_list) }}
{% endfor -%}
# Fallback to default certificate
......
software/rapid-cdn/templates/frontend-haproxy.cfg.in
View file @ 9cf2c244
......@@ -23,30 +23,14 @@ defaults
default-server init-addr last,libc,none
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'backend-http-info', 'https': 'backend-https-info'} %}
{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
{#- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] #}
{%- set host_list = (slave_instance.get('server-alias') or '').split() %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
{%- set matched = {'count': 0} %}
{%- for host in host_list %}
{#- Match up to the end or optional port (starting with ':') #}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
{%- if wildcard and host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
# match wildcard {{ host }}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
{%- elif not wildcard and not host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
{%- endif %}
{%- endfor %}
{%- if matched['count'] > 0 %}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
{%- endif %}
{#- endif #}
{%- macro frontend_entry(slave_reference, hostname, scheme) %}
{%- if hostname.startswith('*') %}
{%- set matcher = hostname[2:] %}
{%- else %}
{%- set matcher = '^' ~ hostname %}
{%- endif %}
use_backend {{ slave_reference }}-{{ scheme }} if { req.hdr(host),host_only -m reg {{ matcher }}$ }
{%- endmacro %}
{%- macro frontend_common() %}
......@@ -68,11 +52,8 @@ frontend http-frontend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
bind {{ configuration['global-ipv6'] }}:{{ configuration['http-port'] }}
{{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', True) }}
{%- for entry in frontend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{- frontend_entry(entry['slave_reference'], entry['hostname'], 'http') -}}
{%- endfor %}
default_backend BACKEND_NOT_FOUND
......@@ -84,16 +65,14 @@ frontend https-frontend
bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
{%- endif %}
{{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }}
{%- endfor %}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }}
{%- for entry in frontend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{- frontend_entry(entry['slave_reference'], entry['hostname'], 'https') -}}
{%- endfor %}
default_backend BACKEND_NOT_FOUND
# Backends
{%- for slave_instance in frontend_slave_list %}
{%- for slave_reference in sorted(frontend_slave_dict) %}
{%- set slave_instance = frontend_slave_dict[slave_reference] %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %}
backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
......@@ -189,7 +168,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- endif %} {# if 'hostname' in info_dict and 'port' in info_dict #}
{%- endif %} {# if scheme == 'http' and slave_instance['https-only'] #}
{%- endfor %} {# for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() #}
{%- endfor %} {# for slave_instance in frontend_slave_list #}
{%- endfor %} {# for slave_reference in sorted(frontend_slave_dict) #}
backend BACKEND_NOT_FOUND
{#- a bit hacky but working way to provide default CDN's 404 #}
......
software/rapid-cdn/test/test.py
View file @ 9cf2c244
......@@ -1292,7 +1292,9 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
@classmethod
def requestSlaves(cls):
for slave_reference, partition_parameter_kw in list(
# Note: List is sorted here, so that tests which want slaves
# ordered by their slave_reference are stable
for slave_reference, partition_parameter_kw in sorted(
cls.getSlaveParameterDictDict().items()):
software_url = cls.getSoftwareURL()
software_type = cls.getInstanceSoftwareType()
......@@ -6577,49 +6579,83 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def getSlaveParameterDictDict(cls):
# Note: The slaves are specifically constructed to have an order which
# is triggering the problem. Slave list is sorted in many places,
# and such slave configuration will result with them begin seen
# by backend haproxy configuration in exactly the way seen below
# Ordering it here will not help at all.
# Note: Slave list is ordered by it's reference, so that requestSlaves
# will result in an order, which will hit the bugs covered here:
# * the most wildcard domain is requested first
# * then the more specific wildcard comes
# * in the end specific slaves are there
return {
'wildcard': {
'url': cls.backend_url + 'wildcard',
'01wildcard': {
'url': cls.backend_url + '01wildcard',
'custom_domain': '*.example.com',
'server-alias': 'example.com',
},
'02wildcard': {
'url': cls.backend_url + '02wildcard',
'custom_domain': '*.alias1.example.com',
'server-alias': 'alias1.example.com',
},
'03zspecific': {
'url': cls.backend_url + '03zspecific',
'custom_domain': 'zspecific.example.com',
},
'zspecific': {
'url': cls.backend_url + 'zspecific',
'04zspecific': {
'url': cls.backend_url + '04zspecific',
'custom_domain': 'zspecific.alias1.example.com',
},
}
def test(self):
_, wildcard_key, _, wildcard_crt = createSelfSignedCertificate([
'*.example.com'])
_, wildcard_alias1_key, _, wildcard_alias1_crt = \
createSelfSignedCertificate([
'*.alias1.example.com'])
_, zspecific_key, _, zspecific_crt = createSelfSignedCertificate([
'zspecific.example.com'])
_, zspecific_alias1_key, _, zspecific_alias1_crt = \
createSelfSignedCertificate([
'zspecific.alias1.example.com'])
def uploadCertificate(key, certificate):
auth = mimikra.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate + key
upload = mimikra.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.assertSlaveBase(
'wildcard', hostname='*.alias1')
'01wildcard', hostname='*')
uploadCertificate(wildcard_key, wildcard_crt)
self.assertSlaveBase(
'zspecific', hostname='zspecific.alias1')
result_wildcard = fakeHTTPSResult(
'other.alias1.example.com',
'test-path',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
'Accept-Encoding': 'gzip',
}
)
self.assertEqual(self.certificate_pem, result_wildcard.certificate)
self.assertEqualResultJson(result_wildcard, 'Path', '/wildcard/test-path')
'02wildcard', hostname='*.alias1')
uploadCertificate(wildcard_alias1_key, wildcard_alias1_crt)
self.assertSlaveBase(
'03zspecific', hostname='zspecific')
uploadCertificate(zspecific_key, zspecific_crt)
self.assertSlaveBase(
'04zspecific', hostname='zspecific.alias1')
uploadCertificate(zspecific_alias1_key, zspecific_alias1_crt)
self.runKedifaUpdater()
result_specific = fakeHTTPSResult(
'zspecific.alias1.example.com',
'test-path',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
'Accept-Encoding': 'gzip',
}
)
self.assertEqual(self.certificate_pem, result_specific.certificate)
self.assertEqualResultJson(result_specific, 'Path', '/zspecific/test-path')
def assertResult(hostname, path, certificate):
result_wildcard = fakeHTTPSResult(
hostname,
'test-path',
)
self.assertEqual(certificate, result_wildcard.certificate)
self.assertEqualResultJson(
result_wildcard, 'Path', '/%s/test-path' % (path,))
assertResult('www.example.com', '01wildcard', wildcard_crt)
assertResult('www.alias1.example.com', '02wildcard', wildcard_alias1_crt)
assertResult('zspecific.example.com', '03zspecific', zspecific_crt)
assertResult(
'zspecific.alias1.example.com', '04zspecific', zspecific_alias1_crt)
class TestPassedRequestParameter(HttpFrontendTestCase):
......
software/rapid-cdn/test/test_data/test.TestSlaveHealthCheck.test00cluster_request_instance_parameter_dict.txt
View file @ 9cf2c244
......@@ -14,19 +14,6 @@
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-disabled",
"slave_title": "_health-check-disabled",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"health-check": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-default",
"slave_title": "_health-check-default",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"health-check": true,
"health-check-http-method": "CONNECT",
......@@ -49,6 +36,19 @@
"slave_title": "_health-check-custom",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"health-check": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-default",
"slave_title": "_health-check-default",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-disabled",
"slave_title": "_health-check-disabled",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"enable_cache": true,
"health-check": true,
......@@ -66,32 +66,32 @@
},
{
"health-check": true,
"health-check-failover-https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=",
"health-check-failover-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=",
"health-check-failover-url-netloc-list": "@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@",
"health-check-http-path": "/health-check-failover-url",
"health-check-authenticate-to-failover-backend": true,
"health-check-failover-https-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=",
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=",
"health-check-http-path": "/health-check-failover-url-auth-to-backend",
"health-check-interval": 1,
"health-check-timeout": 1,
"https-only": false,
"https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/https-url",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-netloc-list",
"slave_title": "_health-check-failover-url-netloc-list",
"slave_reference": "_health-check-failover-url-auth-to-backend",
"slave_title": "_health-check-failover-url-auth-to-backend",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/url"
},
{
"health-check": true,
"health-check-authenticate-to-failover-backend": true,
"health-check-failover-https-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=",
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=",
"health-check-http-path": "/health-check-failover-url-auth-to-backend",
"health-check-failover-https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=",
"health-check-failover-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=",
"health-check-failover-url-netloc-list": "@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@",
"health-check-http-path": "/health-check-failover-url",
"health-check-interval": 1,
"health-check-timeout": 1,
"https-only": false,
"https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/https-url",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-auth-to-backend",
"slave_title": "_health-check-failover-url-auth-to-backend",
"slave_reference": "_health-check-failover-url-netloc-list",
"slave_title": "_health-check-failover-url-netloc-list",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/url"
},
{
......@@ -109,27 +109,27 @@
},
{
"health-check": true,
"health-check-failover-ssl-proxy-ca-crt": "@@another_server_ca.certificate_pem@@",
"health-check-failover-ssl-proxy-verify": true,
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_port@@/",
"health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-unverified",
"health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-missing",
"health-check-interval": 1,
"health-check-timeout": 1,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-ssl-proxy-verify-unverified",
"slave_title": "_health-check-failover-url-ssl-proxy-verify-unverified",
"slave_reference": "_health-check-failover-url-ssl-proxy-verify-missing",
"slave_title": "_health-check-failover-url-ssl-proxy-verify-missing",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"health-check": true,
"health-check-failover-ssl-proxy-ca-crt": "@@another_server_ca.certificate_pem@@",
"health-check-failover-ssl-proxy-verify": true,
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_port@@/",
"health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-missing",
"health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-unverified",
"health-check-interval": 1,
"health-check-timeout": 1,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-ssl-proxy-verify-missing",
"slave_title": "_health-check-failover-url-ssl-proxy-verify-missing",
"slave_reference": "_health-check-failover-url-ssl-proxy-verify-unverified",
"slave_title": "_health-check-failover-url-ssl-proxy-verify-unverified",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
],
......
software/rapid-cdn/test/test_data/test.TestSlaveHostHaproxyClash.test00cluster_request_instance_parameter_dict.txt
View file @ 9cf2c244
......@@ -14,19 +14,35 @@
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"custom_domain": "*.example.com",
"server-alias": "example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_01wildcard",
"slave_title": "_01wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard"
},
{
"custom_domain": "*.alias1.example.com",
"server-alias": "alias1.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_02wildcard",
"slave_title": "_02wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard"
},
{
"custom_domain": "zspecific.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_wildcard",
"slave_title": "_wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/wildcard"
"slave_reference": "_03zspecific",
"slave_title": "_03zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific"
},
{
"custom_domain": "zspecific.alias1.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_zspecific",
"slave_title": "_zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/zspecific"
"slave_reference": "_04zspecific",
"slave_title": "_04zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific"
}
],
"timestamp": "@@TIMESTAMP@@"
......@@ -41,15 +57,27 @@
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"slave-list": [
{
"custom_domain": "*.example.com",
"server-alias": "example.com",
"slave_reference": "_01wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard"
},
{
"custom_domain": "*.alias1.example.com",
"slave_reference": "_wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/wildcard"
"server-alias": "alias1.example.com",
"slave_reference": "_02wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard"
},
{
"custom_domain": "zspecific.example.com",
"slave_reference": "_03zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific"
},
{
"custom_domain": "zspecific.alias1.example.com",
"slave_reference": "_zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/zspecific"
"slave_reference": "_04zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific"
}
]
},
......@@ -69,7 +97,7 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"enable-http3": "false",
"extra_slave_instance_list": "[{\"custom_domain\": \"*.alias1.example.com\", \"slave_reference\": \"_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/wildcard\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/zspecific\"}]",
"extra_slave_instance_list": "[{\"custom_domain\": \"*.example.com\", \"server-alias\": \"example.com\", \"slave_reference\": \"_01wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard\"}, {\"custom_domain\": \"*.alias1.example.com\", \"server-alias\": \"alias1.example.com\", \"slave_reference\": \"_02wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard\"}, {\"custom_domain\": \"zspecific.example.com\", \"slave_reference\": \"_03zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_04zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific\"}]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
......@@ -81,7 +109,7 @@
"plain_http_port": "11080",
"port": "11443",
"request-timeout": "12",
"slave-kedifa-information": "{\"_wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@wildcard_key-generate-auth-url@@/@@wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@wildcard_key-generate-auth-url@@?auth=\"}, \"_zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@zspecific_key-generate-auth-url@@/@@wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@zspecific_key-generate-auth-url@@?auth=\"}}"
"slave-kedifa-information": "{\"_01wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@?auth=\"}, \"_02wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@?auth=\"}, \"_03zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@?auth=\"}, \"_04zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
"instance_title": "caddy-frontend-1",
......
software/rapid-cdn/test/test_data/test.TestSlaveHostHaproxyClash.test00file_list_log.txt
View file @ 9cf2c244
......@@ -8,12 +8,18 @@ T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_wildcard_access_log
T-2/var/log/httpd/_wildcard_backend_log
T-2/var/log/httpd/_wildcard_frontend_log
T-2/var/log/httpd/_zspecific_access_log
T-2/var/log/httpd/_zspecific_backend_log
T-2/var/log/httpd/_zspecific_frontend_log
T-2/var/log/httpd/_01wildcard_access_log
T-2/var/log/httpd/_01wildcard_backend_log
T-2/var/log/httpd/_01wildcard_frontend_log
T-2/var/log/httpd/_02wildcard_access_log
T-2/var/log/httpd/_02wildcard_backend_log
T-2/var/log/httpd/_02wildcard_frontend_log
T-2/var/log/httpd/_03zspecific_access_log
T-2/var/log/httpd/_03zspecific_backend_log
T-2/var/log/httpd/_03zspecific_frontend_log
T-2/var/log/httpd/_04zspecific_access_log
T-2/var/log/httpd/_04zspecific_backend_log
T-2/var/log/httpd/_04zspecific_frontend_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00cluster_request_instance_parameter_dict.txt
View file @ 9cf2c244
......@@ -15,35 +15,6 @@
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master",
"slave_title": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master_kedifa_overrides",
"slave_title": "_ssl_from_master_kedifa_overrides",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave",
"slave_title": "_ssl_from_slave",
"ssl_crt": "@@ssl_from_slave_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave_kedifa_overrides",
"slave_title": "_ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"custom_domain": "customdomainsslcrtsslkey.example.com",
"slap_software_type": "RootSoftwareInstance",
......@@ -63,6 +34,15 @@
"ssl_key": "@@customdomain_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_does_not_match",
"slave_title": "_ssl_ca_crt_does_not_match",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@certificate_pem@@",
"ssl_key": "@@key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_garbage",
......@@ -73,12 +53,32 @@
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_does_not_match",
"slave_title": "_ssl_ca_crt_does_not_match",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@certificate_pem@@",
"ssl_key": "@@key_pem@@",
"slave_reference": "_ssl_from_master",
"slave_title": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master_kedifa_overrides",
"slave_title": "_ssl_from_master_kedifa_overrides",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave",
"slave_title": "_ssl_from_slave",
"ssl_crt": "@@ssl_from_slave_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave_kedifa_overrides",
"slave_title": "_ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
......@@ -90,17 +90,17 @@
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_slave",
"slave_title": "_type-notebook-ssl_from_slave",
"ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
"slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
"slave_title": "_type-notebook-ssl_from_master_kedifa_overrides",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
"slave_title": "_type-notebook-ssl_from_master_kedifa_overrides",
"slave_reference": "_type-notebook-ssl_from_slave",
"slave_title": "_type-notebook-ssl_from_slave",
"ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
......
software/re6stnet/buildout.hash.cfg
View file @ 9cf2c244
......@@ -18,7 +18,7 @@ md5sum = 7be0c21751f8385ef876c3d7192d4057
[template-re6stnet]
filename = instance-re6stnet.cfg.in
md5sum = 84320356634f8d241fc827683d211bb8
md5sum = 01da4462b5e20cab73b87e7415f7483d
[template-apache-conf]
filename = apache.conf.in
......
software/re6stnet/instance-re6stnet.cfg.in
View file @ 9cf2c244
......@@ -107,6 +107,7 @@ recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:services}/re6st-registry
pidfile = ${directory:run}/registry.pid
command-line = {{ bin_directory }}/re6st-registry @${re6st-registry-conf:output}
hash-files = ${re6st-registry-conf:output}
[cron-entry-re6st-backup]
recipe = slapos.cookbook:cron.d
......
software/slapos-sr-testing/software.cfg
View file @ 9cf2c244
......@@ -23,7 +23,7 @@ extends =
parts =
eggs/scripts
python2.7-disabled
system-python-disabled
slapos-cookbook
template
......@@ -272,8 +272,8 @@ branch = master
egg = slapos.core
setup = ${slapos.core-repository:location}
[python2.7-disabled]
# An "intentionally broken" python2 command that should catch
[system-python-disabled]
# An "intentionally broken" python command that should catch
# accidental usage of things like #!/usr/bin/env python2
recipe = zc.recipe.egg
# we need an egg to generate a script, use the one from this part's recipe
......@@ -286,10 +286,11 @@ entry-points =
scripts =
python
python2
python3
python2.7
initialization =
import sys
print("Error: attempt to use system python2", file=sys.stderr)
print("Error: attempt to use system python", file=sys.stderr)
sys.exit(2)
[recurls-repository]
......@@ -314,19 +315,66 @@ eggs +=
erp5.util
${python-pynacl:egg}
${python-cryptography:egg}
${python-mysqlclient:egg}
${backports.lzma:egg}
${bcrypt:egg}
${psycopg2:egg}
${selenium:egg}
slapos.libnetworkcache
supervisor
${slapos.cookbook-setup:egg}
${slapos.test.backupserver-setup:egg}
${slapos.test.beremiz-ide-setup:egg}
${slapos.test.caucase-setup:egg}
${slapos.test.cloudooo-setup:egg}
${slapos.test.dream-setup:egg}
${slapos.test.dufs-setup:egg}
${slapos.test.erp5-setup:egg}
${slapos.test.erp5testnode-setup:egg}
${slapos.test.fluentd-setup:egg}
${slapos.test.galene-setup:egg}
${slapos.test.headless-chromium-setup:egg}
${slapos.test.html5as-base-setup:egg}
${slapos.test.html5as-setup:egg}
${slapos.test.htmlvalidatorserver-setup:egg}
${slapos.test.hugo-setup:egg}
${slapos.test.js-drone-setup:egg}
${slapos.test.jscrawler-setup:egg}
${slapos.test.jstestnode-setup:egg}
${slapos.test.jupyter-setup:egg}
${slapos.test.kvm-setup:egg}
${slapos.test.matomo-setup:egg}
${slapos.test.metabase-setup:egg}
${slapos.test.monitor-setup:egg}
${slapos.test.mosquitto-setup:egg}
${slapos.test.nextcloud-setup:egg}
${slapos.test.nginx-push-stream-setup:egg}
${slapos.test.ors-amarisoft-setup:egg}
${slapos.test.osie-coupler-setup:egg}
${slapos.test.peertube-setup:egg}
${slapos.test.plantuml-setup:egg}
${slapos.test.powerdns-setup:egg}
${slapos.test.proftpd-setup:egg}
${slapos.test.rapid-cdn-setup:egg}
${slapos.test.re6stnet-setup:egg}
${slapos.test.repman-setup:egg}
${slapos.test.restic_rest_server-setup:egg}
${slapos.test.seleniumserver-setup:egg}
${slapos.test.slapos-master-setup:egg}
${slapos.test.ssh-setup:egg}
${slapos.test.theia-setup:egg}
${slapos.test.turnserver-setup:egg}
${slapos.test.upgrade_erp5-setup:egg}
# We don't name this interpreter `python`, so that when we run slapos node
# software, installation scripts running `python` use a python without any
# custom eggs pre-installed, not our special python interpreter.
interpreter = python_for_test
## patches for eggs
#patch-binary = ${patch:location}/bin/patch
#PyPDF2-patches = ${:_profile_base_location_}/../../component/egg-patch/PyPDF2/0001-Custom-implementation-of-warnings.formatwarning-remo.patch#d25bb0f5dde7f3337a0a50c2f986f5c8
#PyPDF2-patch-options = -p1
# patches for eggs
patch-binary = ${patch:location}/bin/patch
PyPDF2-patches = ${:_profile_base_location_}/../../component/egg-patch/PyPDF2/0001-Custom-implementation-of-warnings.formatwarning-remo.patch#d25bb0f5dde7f3337a0a50c2f986f5c8
PyPDF2-patch-options = -p1
[eggs/scripts]
recipe = zc.recipe.egg
......@@ -364,7 +412,52 @@ context =
key tests :tests
tests =
json-schemas ${slapos.cookbook-setup:setup}
backupserver ${slapos.test.backupserver-setup:setup}
beremiz-ide ${slapos.test.beremiz-ide-setup:setup}
caucase ${slapos.test.caucase-setup:setup}
cloudooo ${slapos.test.cloudooo-setup:setup}
dream ${slapos.test.dream-setup:setup}
dufs ${slapos.test.dufs-setup:setup}
erp5 ${slapos.test.erp5-setup:setup}
erp5testnode ${slapos.test.erp5testnode-setup:setup}
fluentd ${slapos.test.fluentd-setup:setup}
galene ${slapos.test.galene-setup:setup}
gitlab ${slapos.test.gitlab-setup:setup}
grafana ${slapos.test.grafana-setup:setup}
headless-chromium ${slapos.test.headless-chromium-setup:setup}
helloworld ${slapos.test.helloworld-setup:setup}
html5as ${slapos.test.html5as-setup:setup}
html5as-base ${slapos.test.html5as-base-setup:setup}
htmlvalidatorserver ${slapos.test.htmlvalidatorserver-setup:setup}
hugo ${slapos.test.hugo-setup:setup}
js-drone ${slapos.test.js-drone-setup:setup}
jscrawler ${slapos.test.jscrawler-setup:setup}
jstestnode ${slapos.test.jstestnode-setup:setup}
jupyter ${slapos.test.jupyter-setup:setup}
kvm ${slapos.test.kvm-setup:setup}
matomo ${slapos.test.matomo-setup:setup}
metabase ${slapos.test.metabase-setup:setup}
monitor ${slapos.test.monitor-setup:setup}
mosquitto ${slapos.test.mosquitto-setup:setup}
nextcloud ${slapos.test.nextcloud-setup:setup}
nginx-push-stream ${slapos.test.nginx-push-stream-setup:setup}
ors-amarisoft ${slapos.test.ors-amarisoft-setup:setup}
osie-coupler ${slapos.test.osie-coupler-setup:setup}
peertube ${slapos.test.peertube-setup:setup}
plantuml ${slapos.test.plantuml-setup:setup}
powerdns ${slapos.test.powerdns-setup:setup}
proftpd ${slapos.test.proftpd-setup:setup}
rapid-cdn ${slapos.test.rapid-cdn-setup:setup}
re6stnet ${slapos.test.re6stnet-setup:setup}
repman ${slapos.test.repman-setup:setup}
restic-rest-server ${slapos.test.restic_rest_server-setup:setup}
seleniumserver ${slapos.test.seleniumserver-setup:setup}
slapos-master ${slapos.test.slapos-master-setup:setup}
ssh ${slapos.test.ssh-setup:setup}
theia ${slapos.test.theia-setup:setup}
turnserver ${slapos.test.turnserver-setup:setup}
upgrade_erp5 ${slapos.test.upgrade_erp5-setup:setup}
[versions]
# recurls are under development
......
software/theia/buildout.hash.cfg
View file @ 9cf2c244
......@@ -15,7 +15,7 @@
[instance-theia]
_update_hash_filename_ = instance-theia.cfg.jinja.in
md5sum = c484bba770c6404ba0a5b2a958b07a68
md5sum = b31e74f018ae92607f4ff63984b33c7a
[instance]
_update_hash_filename_ = instance.cfg.in
......
software/theia/instance-theia.cfg.jinja.in
View file @ 9cf2c244
......@@ -260,15 +260,18 @@ content =
frontend app
log global
bind $${:ip}:$${:port} ssl crt $${frontend-instance-certificate:cert-file} alpn h2,http/1.1
# writing twice the same ACL is doing OR
acl is_public path_beg /public/
acl is_public path /$${frontend-instance-favicon.ico:filename}
acl is_public path /$${frontend-instance-theia.webmanifest:filename}
acl is_public path /$${frontend-instance-theia-serviceworker.js:filename}
acl auth_ok http_auth(basic-auth-list)
# writing twice the same ACL is doing OR
acl is_static path_beg /$${frontend-instance-fonts:folder-name}
acl is_static path_beg /$${frontend-instance-slapos.css:folder-name}
acl is_static path /$${frontend-instance-logo:filename}
acl is_static path /$${frontend-instance-favicon.ico:filename}
acl is_static path /$${frontend-instance-theia.webmanifest:filename}
acl is_static path /$${frontend-instance-theia-serviceworker.js:filename}
# No authentication for public folder
http-request auth unless auth_ok || is_public
use_backend static if { path_beg /$${frontend-instance-fonts:folder-name} } || { path_beg /$${frontend-instance-slapos.css:folder-name} } || { path /$${frontend-instance-logo:filename} } || is_public
use_backend static if is_static || is_public
default_backend nodejs
backend nodejs
......
software/theia/test/test.py
View file @ 9cf2c244
......@@ -161,10 +161,22 @@ class TestTheia(TheiaTestCase):
self.assertIn('test_file', get('/public/'))
self.assertEqual('hello', get('/public/test_file'))
# there's a (not empty) favicon (no need for authentication)
resp = self.get(urljoin(url, '/favicon.ico'))
# favicon is not empty
self.get(urljoin(url, '/favicon.ico'), requests.codes.unauthorized)
resp = self.get(urljoin(authenticated_url, '/favicon.ico'))
resp.raise_for_status()
self.assertTrue(resp.raw)
self.get(urljoin(url, '/theia-serviceworker.js'), requests.codes.unauthorized)
resp = self.get(urljoin(authenticated_url, '/theia-serviceworker.js'))
resp.raise_for_status()
self.assertTrue(resp.raw)
self.get(urljoin(url, '/theia.webmanifest'), requests.codes.unauthorized)
resp = self.get(urljoin(authenticated_url, '/theia.webmanifest'))
resp.raise_for_status()
self.assertIn('Theia SlapOS', resp.text)
# there is a CSS referencing fonts
css_text = self.get(urljoin(authenticated_url, '/css/slapos.css')).text
css_urls = re.findall(r'url\([\'"]+([^\)]+)[\'"]+\)', css_text)
......
stack/erp5-zope2/buildout.cfg
View file @ 9cf2c244
......@@ -15,7 +15,6 @@ extends =
../../component/socat/buildout.cfg
../../component/rsyslogd/buildout.cfg
../../component/findutils/buildout.cfg
../../component/librsvg/buildout.cfg
../../component/imagemagick/buildout.cfg
../../component/jpegoptim/buildout.cfg
../../component/kumo/buildout.cfg
......@@ -260,7 +259,6 @@ link-binary =
${imagemagick:location}/bin/identify
${jpegoptim:location}/bin/jpegoptim
${jsl:location}/bin/jsl
${librsvg:location}/bin/rsvg-convert
${mariadb:location}/bin/mysql
${mariadb:location}/bin/mysqldump
${openssl:location}/bin/openssl
......
stack/erp5-zope2/buildout.hash.cfg
View file @ 9cf2c244
......@@ -42,7 +42,7 @@ md5sum = 43556e5bca8336dd543ae8068512aa6d
[template-my-cnf]
filename = my.cnf.in
md5sum = c0bde08ec6bd6d333315a15026266b65
md5sum = 2c553103f1196f95e4b6d0716a1e0638
[template-mariadb-initial-setup]
filename = mariadb_initial_setup.sql.in
......
stack/erp5-zope2/my.cnf.in
View file @ 9cf2c244
......@@ -50,6 +50,10 @@ max_connections = {{ parameter_dict['max-connection-count'] }}
# doesn't use "insert ... select" (in any number of queries) pattern.
innodb_locks_unsafe_for_binlog = 1
# disable innodb_change_buffering to prevent potential risk of crash or data corruption,
# that is default from 10.5.14.
innodb_change_buffering = none
{% set log_bin = parameter_dict['binlog-path'] -%}
{% if log_bin -%}
log_bin = {{ log_bin }}
......@@ -74,6 +78,7 @@ relay-log = mariadb-relay-bin
{{x}}innodb_flush_log_at_trx_commit = 0
{{x}}innodb_flush_method = nosync
{{x}}innodb_doublewrite = 0
{{x}}innodb_change_buffering = all
{{x}}sync_frm = 0
character_set_server = {{ parameter_dict['character-set-server'] }}
......
stack/erp5/buildout.cfg
View file @ 9cf2c244
......@@ -2,7 +2,7 @@
extends =
# versions pins from zope, vendored with:
# curl https://zopefoundation.github.io/Zope/releases/4.8.8/versions-prod.cfg > zope-versions.cfg
# curl https://zopefoundation.github.io/Zope/releases/4.8.9/versions-prod.cfg > zope-versions.cfg
# When updating, keep in mind that some versions are defined in other places,
# for example component/ZEO , component/ZODB and stack/slapos
zope-versions.cfg
......@@ -18,7 +18,6 @@ extends =
../../component/socat/buildout.cfg
../../component/rsyslogd/buildout.cfg
../../component/findutils/buildout.cfg
../../component/librsvg/buildout.cfg
../../component/imagemagick/buildout.cfg
../../component/jpegoptim/buildout.cfg
../../component/kumo/buildout.cfg
......@@ -263,7 +262,6 @@ link-binary =
${imagemagick:location}/bin/identify
${jpegoptim:location}/bin/jpegoptim
${jsl:location}/bin/jsl
${librsvg:location}/bin/rsvg-convert
${mariadb:location}/bin/mysql
${mariadb:location}/bin/mysqldump
${openssl:location}/bin/openssl
......@@ -709,6 +707,9 @@ waitress-patches =
${:_profile_base_location_}/../../component/egg-patch/waitress/CVE-2022-24761-5.patch#ad2765822397cd1e28e02a68a52d7768
${:_profile_base_location_}/../../component/egg-patch/waitress/CVE-2022-24761-6.patch#85fc9c4105eabee3ff71c800b2ddf63b
waitress-patch-options = -p1
Zope-patches =
${:_profile_base_location_}/../../component/egg-patch/Zope/0001-WSGIPublisher-set-REMOTE_USER-even-in-case-of-error-.patch#a437f4da28975f94dd07db0b02954111
Zope-patch-options = -p1
# neoppod installs bin/coverage so we inject erp5 plugin here so that coverage script can use it in report
[neoppod]
......@@ -743,11 +744,12 @@ depends =
Acquisition = 4.7+SlapOSPatched001
Products.DCWorkflow = 2.4.1+SlapOSPatched001
ocropy = 1.0+SlapOSPatched001
PyPDF2 = 1.26.0+SlapOSPatched001
pysvn = 1.9.15+SlapOSPatched001
python-ldap = 2.4.32+SlapOSPatched001
python-magic = 0.4.12+SlapOSPatched001
PyPDF2 = 1.26.0+SlapOSPatched001
waitress = 1.4.4+SlapOSPatched006
Zope = 4.8.9+SlapOSPatched001
## https://lab.nexedi.com/nexedi/slapos/merge_requests/648
pylint = 1.4.4+SlapOSPatched002
# astroid 1.4.1 breaks testDynamicClassGeneration
......@@ -810,7 +812,7 @@ Products.GenericSetup = 2.3.0
Products.MailHost = 4.13
Products.MimetypesRegistry = 2.1.8
Products.PluggableAuthService = 2.8.1
Products.PluginRegistry = 1.6
Products.PluginRegistry = 1.11
Products.PythonScripts = 4.15
Products.Sessions = 4.15
Products.SiteErrorLog = 5.7
......
stack/erp5/buildout.hash.cfg
View file @ 9cf2c244
......@@ -42,7 +42,7 @@ md5sum = f45dc4568b63de39f49b8fecca5deef1
[template-my-cnf]
filename = my.cnf.in
md5sum = c0bde08ec6bd6d333315a15026266b65
md5sum = 2c553103f1196f95e4b6d0716a1e0638
[template-mariadb-initial-setup]
filename = mariadb_initial_setup.sql.in
......@@ -94,7 +94,7 @@ md5sum = b0751d3d12cfcc8934cb1027190f5e5e
[template-haproxy-cfg]
filename = haproxy.cfg.in
md5sum = 1645ef8990ab2b50f91a4c02f0cf8882
md5sum = 85a8c0dadf7b648ef9748b6199dcfeb6
[template-rsyslogd-cfg]
filename = rsyslogd.cfg.in
......
stack/erp5/haproxy.cfg.in
View file @ 9cf2c244
......@@ -154,7 +154,7 @@ defaults
{% for name, (port, _, certificate_authentication, timeout, backend_list) in sorted(six.iteritems(parameter_dict['backend-dict'])) -%}
listen family_{{ name }}
{%- if parameter_dict.get('ca-cert') -%}
{%- set ssl_auth = ' ca-file ' ~ parameter_dict['ca-cert'] ~ ' verify' ~ ( ' required' if certificate_authentication else ' optional' ) ~ ' crl-file ' ~ parameter_dict['crl'] %}
{%- set ssl_auth = ' ca-file ' ~ parameter_dict['ca-cert'] ~ ' verify' ~ ( ' required' if certificate_authentication else ' optional crt-ignore-err all' ) ~ ' crl-file ' ~ parameter_dict['crl'] %}
{%- else %}
{%- set ssl_auth = '' %}
{%- endif %}
......@@ -173,11 +173,10 @@ listen family_{{ name }}
{%- endif %}
# remove X-Forwarded-For unless client presented a verified certificate
acl client_cert_verified ssl_c_used ssl_c_verify 0
http-request del-header X-Forwarded-For unless client_cert_verified
http-request del-header X-Forwarded-For unless { ssl_c_verify 0 } { ssl_c_used 1 }
# set Remote-User if client presented a verified certificate
http-request del-header Remote-User
http-request set-header Remote-User %{+Q}[ssl_c_s_dn(cn)] if client_cert_verified
http-request set-header Remote-User %{+Q}[ssl_c_s_dn(cn)] if { ssl_c_verify 0 } { ssl_c_used 1 }
# logs
capture request header Referer len 512
......
stack/erp5/my.cnf.in
View file @ 9cf2c244
......@@ -50,6 +50,10 @@ max_connections = {{ parameter_dict['max-connection-count'] }}
# doesn't use "insert ... select" (in any number of queries) pattern.
innodb_locks_unsafe_for_binlog = 1
# disable innodb_change_buffering to prevent potential risk of crash or data corruption,
# that is default from 10.5.14.
innodb_change_buffering = none
{% set log_bin = parameter_dict['binlog-path'] -%}
{% if log_bin -%}
log_bin = {{ log_bin }}
......@@ -74,6 +78,7 @@ relay-log = mariadb-relay-bin
{{x}}innodb_flush_log_at_trx_commit = 0
{{x}}innodb_flush_method = nosync
{{x}}innodb_doublewrite = 0
{{x}}innodb_change_buffering = all
{{x}}sync_frm = 0
character_set_server = {{ parameter_dict['character-set-server'] }}
......
stack/erp5/zope-versions.cfg
View file @ 9cf2c244
......@@ -2,10 +2,10 @@
# Version pins for required and commonly used dependencies.
[versions]
Zope = 4.8.8
Zope = 4.8.9
Zope2 = 4.0
# AccessControl 5+ no longer supports Zope 4.
AccessControl = 4.3
AccessControl = 4.4
Acquisition = 4.13
AuthEncoding = 4.3
BTrees = 4.11.3
......@@ -23,7 +23,7 @@ Products.BTreeFolder2 = 4.4
Products.ZCatalog = 5.4
Record = 3.6
# RestrictedPython >= 6 no longer supports Zope 4
RestrictedPython = 5.2
RestrictedPython = 5.4
WSGIProxy2 = 0.5.1
WebOb = 1.8.7
WebTest = 3.0.0
......@@ -59,7 +59,7 @@ zope.cachedescriptors = 4.4
zope.component = 5.0.1
zope.componentvocabulary = 2.3.0
zope.configuration = 4.4.1
zope.container = 4.10
zope.container = 5.1
zope.contentprovider = 4.2.1
zope.contenttype = 4.6
zope.datetime = 4.3.0
......@@ -119,6 +119,8 @@ multipart = 0.1.1
waitress = 1.4.4
# zope.dottedname >= 5 requires Python 3.6 or higher
zope.dottedname = 4.3
# zope.container 5.x requires Python 3.7 or higher
zope.container = 4.10
[versions:python35]
# DocumentTemplate 4+ cannot be installed on Zope 4 for Python 3.5
......@@ -135,6 +137,8 @@ mock = 3.0.5
waitress = 1.4.4
# zope.dottedname >= 5 requires Python 3.6 or higher
zope.dottedname = 4.3
# zope.container 5.x requires Python 3.7 or higher
zope.container = 4.10
[versions:python36]
# PasteDeploy >3 requires Python 3.7
......@@ -143,3 +147,5 @@ PasteDeploy = 2.1.1
WSGIProxy2 = 0.4.6
# waitress 2.1 requires Python 3.7 or higher
waitress = 2.0.0
# zope.container 5.x requires Python 3.7 or higher
zope.container = 4.10
stack/monitor/buildout.cfg
View file @ 9cf2c244
......@@ -51,6 +51,10 @@ filename = monitor.conf.in
[monitor-httpd-cors]
<= monitor-download-base
filename = httpd-cors.cfg.in
[template-monitor-httpd-wrapper]
<= monitor-download-base
filename = template-monitor-httpd-wrapper.sh.in
# End templates files
[monitor-template]
......@@ -82,6 +86,7 @@ context =
raw python_executable ${buildout:executable}
raw python_with_eggs ${buildout:bin-directory}/${monitor-eggs:interpreter}
raw template_wrapper ${monitor-template-wrapper:location}/${monitor-template-wrapper:filename}
raw template_monitor_httpd_wrapper ${template-monitor-httpd-wrapper:location}/${template-monitor-httpd-wrapper:filename}
raw check_disk_space ${buildout:bin-directory}/check-free-disk
raw bin_directory ${buildout:directory}/bin
......
stack/monitor/buildout.hash.cfg
View file @ 9cf2c244
......@@ -14,12 +14,16 @@
# not need these here).
[monitor2-template]
filename = instance-monitor.cfg.jinja2.in
md5sum = 255b4f5f2d960ec958899114cef4cfd9
md5sum = dda9b2355134517dae601cc20709685a
[monitor-httpd-conf]
_update_hash_filename_ = templates/monitor-httpd.conf.in
md5sum = 0540fc5cc439a06079e9e724a5a55a70
[template-monitor-httpd-wrapper]
_update_hash_filename_ = templates/template-monitor-httpd-wrapper.sh.in
md5sum = 45929a22527b71620555326f4dd78c34
[monitor-template-wrapper]
_update_hash_filename_ = templates/wrapper.in
md5sum = e8566c00b28f6f86adde11b6b6371403
......
stack/monitor/instance-monitor.cfg.jinja2.in
View file @ 9cf2c244
......@@ -67,9 +67,22 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
recipe = slapos.cookbook:certificate_authority.request
key-file = ${monitor-httpd-conf-parameter:key-file}
cert-file = ${monitor-httpd-conf-parameter:cert-file}
executable = ${monitor-httpd-wrapper:wrapper-path}
executable = ${monitor-httpd-service-wrapper:output}
wrapper = ${directory:bin}/ca-monitor-httpd
[monitor-httpd-service-wrapper]
recipe = slapos.recipe.template:jinja2
url = {{ template_monitor_httpd_wrapper }}
output = ${directory:bin}/monitor-httpd-service-wrapper
pid-file = ${monitor-httpd-conf-parameter:pid-file}
monitor-httpd-wrapper-path = ${monitor-httpd-wrapper:wrapper-path}
monitor-httpd-conf = ${monitor-httpd-conf:output}
context =
key pid_file :pid-file
key monitor_httpd_wrapper_path :monitor-httpd-wrapper-path
key monitor_httpd_conf :monitor-httpd-conf
raw dash_binary {{ dash_executable_location }}
[ca-monitor-httpd-service]
recipe = slapos.cookbook:wrapper
command-line = ${ca-monitor-httpd:wrapper}
......@@ -338,7 +351,6 @@ configuration-file-path = ${monitor-directory:etc}/monitor_knowledge0.cfg
interface-url = https://monitor.app.officejs.com
# NOTE
[monitor-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
......
stack/monitor/templates/template-monitor-httpd-wrapper.sh.in 0 → 100644
View file @ 9cf2c244
#!{{ dash_binary }}
# BEWARE: This file is operated by slapos node
# BEWARE: It will be overwritten automatically
pid_file="{{ pid_file }}"
monitor_httpd_conf_file={{ monitor_httpd_conf }}
if [ -f "$pid_file" ]; then
pid=$(cat "$pid_file")
result=$(ps aux | grep "^\S*\s*$pid\s")
# The process with the specified PID is running
if [ -n "$result" ]; then
echo "there is a process running with the same pid"
# Get the command line of the process and replace null characters with spaces
cmdline=$(tr '\0' ' ' < "/proc/$pid/cmdline")
# There is a process running with the pid,
# but it is not one using our monitor-httpd.conf
if ! expr "$cmdline" : ".*$monitor_httpd_conf_file" > /dev/null; then
echo "The process is not running with the monitor_httpd_conf"
rm -f {{ pid_file }};
fi
fi
fi
exec {{ monitor_httpd_wrapper_path }} "$@"
stack/slapos.cfg
View file @ 9cf2c244
......@@ -136,17 +136,17 @@ zc.buildout = 2.7.1+slapos019
# Use SlapOS patched zc.recipe.egg (zc.recipe.egg 2.x is for Buildout 2)
zc.recipe.egg = 2.0.3+slapos003
aiohttp = 3.8.3:whl
aiohttp = 3.8.5:whl
aiosignal = 1.3.1:whl
apache-libcloud = 2.4.0
argon2-cffi = 20.1.0
asn1crypto = 1.3.0
astor = 0.5
async-generator = 1.10
async-timeout = 4.0.2
async-timeout = 4.0.3
atomicwrites = 1.4.0
atomize = 0.2.0
attrs = 22.2.0
attrs = 23.1.0:whl
backcall = 0.2.0
backports-abc = 0.5
backports.functools-lru-cache = 1.6.1:whl
......@@ -155,12 +155,12 @@ backports.shutil-get-terminal-size = 1.0.0
bcrypt = 3.1.4
bleach = 5.0.1
CacheControl = 0.12.6:whl
cachetools = 5.2.0
cachetools = 5.3.1
cattrs = 22.2.0
certifi = 2022.12.7
certifi = 2023.7.22
cffi = 1.15.0
chardet = 3.0.4
charset-normalizer = 2.1.1
charset-normalizer = 3.3.0
click = 8.1.3
cliff = 2.8.3:whl
cmd2 = 0.7.0
......@@ -180,10 +180,10 @@ entrypoints = 0.3
enum34 = 1.1.10
erp5.util = 0.4.74
et-xmlfile = 1.0.1
exceptiongroup = 1.0.0:whl
exceptiongroup = 1.1.3:whl
feedparser = 6.0.10
Flask = 1.1.2
frozenlist = 1.3.3:whl
frozenlist = 1.4.0:whl
funcsigs = 1.0.2
functools32 = 3.2.3.post2
gevent = 20.9.0
......@@ -196,7 +196,7 @@ h5py = 2.7.1
idna = 3.4:whl
igmp = 1.0.4
Importing = 1.10
importlib-metadata = 1.7.0:whl
importlib-metadata = 6.8.0:whl
importlib-resources = 5.10.2:whl
inotify-simple = 1.1.1
ipaddress = 1.0.23
......@@ -218,7 +218,7 @@ jupyterlab-launcher = 0.3.1
jupyterlab-pygments = 0.1.2
lock-file = 2.0
lockfile = 0.12.2:whl
lsprotocol = 2022.0.0a9:whl
lsprotocol = 2023.0.0b1:whl
lxml = 4.9.1
manuel = 1.11.2
MarkupSafe = 2.0.1
......@@ -239,7 +239,7 @@ netifaces = 0.10.7
notebook = 6.1.5
openpyxl = 2.5.2
outcome = 1.2.0
packaging = 22.0:whl
packaging = 23.2:whl
pandocfilters = 1.4.3
paramiko = 2.11.0
parso = 0.7.1
......@@ -266,7 +266,7 @@ pyasn1 = 0.4.5
pycparser = 2.20
pycurl = 7.43.0
pydantic = 1.9.1
pygls = 1.0.0:whl
pygls = 1.1.0:whl
Pygments = 2.9.0
PyNaCl = 1.3.0
pyOpenSSL = 19.1.0
......@@ -283,7 +283,7 @@ pyzmq = 22.3.0
qtconsole = 4.3.0
random2 = 1.0.1
regex = 2020.9.27
requests = 2.28.1
requests = 2.31.0
rpdb = 0.1.5
rubygemsrecipe = 0.4.3
scandir = 1.10.0
......@@ -297,7 +297,7 @@ simplegeneric = 0.8.1
singledispatch = 3.4.0.3
six = 1.16.0
slapos.cookbook = 1.0.329
slapos.core = 1.10.2
slapos.core = 1.10.3
slapos.extension.shared = 1.0
slapos.libnetworkcache = 0.25
slapos.rebootstrap = 4.5
......@@ -319,8 +319,8 @@ tornado = 6.1
traitlets = 5.0.5
trio = 0.22.0
trio-websocket = 0.9.2
typeguard = 2.13.3:whl
typing-extensions = 4.3.0:whl
typeguard = 3.0.2:whl
typing-extensions = 4.8.0:whl
tzlocal = 1.5.1
unicodecsv = 0.14.1
uritemplate = 3.0.0
......@@ -330,13 +330,13 @@ webencodings = 0.5.1
websockets = 10.4
websocket-client = 1.5.1
Werkzeug = 2.0.2
wheel = 0.38.4:whl
wheel = 0.41.2:whl
widgetsnbextension = 2.0.0
wsproto = 1.2.0
xlrd = 1.1.0
xml-marshaller = 1.0.2
yarl = 1.8.2
zc.buildout.languageserver = 0.9.0
yarl = 1.9.2
zc.buildout.languageserver = 0.11.0
zc.lockfile = 1.4
ZConfig = 3.6.1
zdaemon = 4.2.0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7