Merge remote-tracking branch 'origin/master' into t

eccf27e5 · Kirill Smelkov · 6814e5c4 · 70cd4824 · eccf27e5 · eccf27e5
Commit eccf27e5 authored Sep 25, 2020 by Kirill Smelkov
32 changed files
--- a/component/caddy/buildout.cfg
+++ b/component/caddy/buildout.cfg
@@ -7,7 +7,7 @@ parts =

 [gowork]
 # Caddy 1.x+ uses go modules, for which gowork does not work yet
-golang  = ${golang1.12:location}
+golang  = ${golang1.14:location}
 install =

 [gowork.goinstall]

--- a/software/caddy-frontend/CHANGES.caddy_frontend.rst
+++ b/software/caddy-frontend/CHANGES.caddy_frontend.rst
@@ -3,6 +3,15 @@ Changes

 Here are listed the most important changes, which might affect upgrades.

+1.0.164 (2020-09-24)
+--------------------
+
+ * feature: serve a stale result up to 1 day if the origin server is down
+ * feature: request real frontend for slave introspection (aka log access)
+ * fix: Kedifa reloading, it was resulting with kedifa server disallowing access after some time
+ * feature: allow to set software release for each node, instead for the whole cluster
+ * fix: haproxy matches correct hostname in case of wildcards, instead of using wildcard host instead of the specific one
+
 1.0.160 (2020-08-25)
 --------------------


--- a/software/caddy-frontend/README.caddy_frontend.rst
+++ b/software/caddy-frontend/README.caddy_frontend.rst
@@ -23,11 +23,11 @@ Slaves of the root instance are sent as a parameter to requested frontends which

 These parameters are:

-  * ``-frontend-type`` : the type to deploy frontends with. (default to 2)
-  * ``-frontend-quantity`` : The quantity of frontends to request (default to "default")
+  * ``-frontend-type`` : the type to deploy frontends with. (default to "default")
+  * ``-frontend-quantity`` : The quantity of frontends to request (default to "1")
  * ``-frontend-i-state``: The state of frontend i
+  * ``-frontend-i-software-release-url``: Software release to be used for frontends, default to the current software release
  * ``-frontend-config-i-foo``: Frontend i will be requested with parameter foo
-  * ``-frontend-software-release-url``: Software release to be used for frontends, default to the current software release
  * ``-sla-i-foo`` : where "i" is the number of the concerned frontend (between 1 and "-frontend-quantity") and "foo" a sla parameter.

 For example::
@@ -36,10 +36,10 @@ For example::
  <parameter id="-frontend-type">custom-personal</parameter>
  <parameter id="-frontend-2-state">stopped</parameter>
  <parameter id="-sla-3-computer_guid">COMP-1234</parameter>
-  <parameter id="-frontend-software-release-url">https://lab.nexedi.com/nexedi/slapos/raw/someid/software/caddy-frontend/software.cfg</parameter>
+  <parameter id="-frontend-3-software-release-url">https://lab.nexedi.com/nexedi/slapos/raw/someid/software/caddy-frontend/software.cfg</parameter>


-will request the third frontend on COMP-1234. All frontends will be of software type ``custom-personal``. The second frontend will be requested with the state stopped
+will request the third frontend on COMP-1234 and with SR https://lab.nexedi.com/nexedi/slapos/raw/someid/software/caddy-frontend/software.cfg. All frontends will be of software type ``custom-personal``. The second frontend will be requested with the state stopped.

 *Note*: the way slaves are transformed to a parameter avoid modifying more than 3 lines in the frontend logic.

@@ -392,6 +392,8 @@ Additional partition with KeDiFa (Key Distribution Facility) is by default reque

 By adding to the request keys like ``-sla-kedifa-<key>`` it is possible to provide SLA information for kedifa partition. Eg to put it on computer ``couscous`` it shall be ``-sla-kedifa-computer_guid: couscous``.

+Also ``-kedifa-software-release-url`` can be used to override the software release for kedifa partition.
+
 Notes
 =====


--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68

 [template-apache-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = 1709085d62f46b22cbe9369fe324bb49
+md5sum = c09755397fbb9c8d831551f1de7bc6c3

 [template-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 19debfbc27c464f451b1eb5bb5ce3c84
+md5sum = b684aacbb7b2a6eec3ca3ab06c61a92c

 [template-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = da4e3de1c1861459273c6e8d32ead21e
+md5sum = e9c5fe132a26e960df0acf3f5d8f877e

 [template-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
@@ -46,7 +46,7 @@ md5sum = 0979a03476e86bf038516c9565dadc17

 [template-not-found-html]
 _update_hash_filename_ = templates/notfound.html
-md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
+md5sum = 88af61e7abbf30dc99a1a2526161128d

 [template-default-slave-virtualhost]
 _update_hash_filename_ = templates/default-virtualhost.conf.in
@@ -54,7 +54,7 @@ md5sum = 266f175dbdfc588af7a86b0b1884fe73

 [template-backend-haproxy-configuration]
 _update_hash_filename_ = templates/backend-haproxy.cfg.in
-md5sum = 68a7758ca8f8b544ba9bc756824be3d3
+md5sum = eaf7491f628e72c877c31588e62eeb89

 [template-log-access]
 _update_hash_filename_ = templates/template-log-access.conf.in
@@ -114,7 +114,7 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8

 [template-kedifa]
 filename = instance-kedifa.cfg.in
-md5sum = f77744e52f9d028c39f99cfbf31eadaf
+md5sum = d76fe7bf062410eda7049446ed06a736

 [template-backend-haproxy-rsyslogd-conf]
 _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in

--- a/software/caddy-frontend/instance-apache-frontend.cfg.in
+++ b/software/caddy-frontend/instance-apache-frontend.cfg.in
@@ -23,6 +23,7 @@ parts =
  promise-caddy-frontend-v4-http
  promise-caddy-frontend-v6-https
  promise-caddy-frontend-v6-http
+  promise-logrotate-setup

  trafficserver-launcher
  trafficserver-reload
@@ -459,6 +460,7 @@ rotate-num = ${configuration:rotate-num}
 #       Here we trust that there will be something to be rotated with error
 #       or access log, and that this will trigger postrotate script.
 post = ${frontend-caddy-lazy-graceful:rendered} &
+delaycompress =

 #################
 # Trafficserver
@@ -768,6 +770,7 @@ rotate-num = ${configuration:rotate-num}
 #       Here we trust that there will be something to be rotated with error
 #       or access log, and that this will trigger postrotate script.
 post = ${backend-haproxy-rsyslogd-lazy-graceful:rendered} &
+delaycompress =

 [backend-haproxy-configuration-state]
 <= jinja2-template-base
@@ -1003,6 +1006,14 @@ name = slave-introspection
 log = ${caddy-configuration:slave-introspection-access-log} ${caddy-configuration:slave-introspection-error-log}
 rotate-num = ${configuration:rotate-num}
 post = kill -USR1 $(cat ${caddy-configuration:slave-introspection-pid-file})
+delaycompress =
+
+[promise-logrotate-setup]
+<= monitor-promise-base
+module = check_command_execute
+name = ${:_buildout_section_name_}.py
+config-command =
+  ${logrotate:wrapper-path} -d

 [configuration]
 {%- for key, value in instance_parameter.iteritems() -%}

--- a/software/caddy-frontend/instance-apache-replicate.cfg.in
+++ b/software/caddy-frontend/instance-apache-replicate.cfg.in
@@ -75,13 +75,15 @@ context =
 {%   do part_list.append(request_section_title) %}
 # Filling request dict for slave
 {%   set state_key = "-frontend-%s-state" % i %}
-{%   do request_dict.__setitem__(request_section_title,
-                                  {
+{%   set request_content_dict = {
                                  'config': config_dict,
                                  'name': frontend_name,
                                  'sla': sla_dict,
                                  'state': slapparameter_dict.pop(state_key, None)
-                                  }) %}
+                                  } %}
+{%   set frontend_software_url_key = "-frontend-%s-software-release-url" % i %}
+{%   do request_content_dict.__setitem__('software-url', slapparameter_dict.get(frontend_software_url_key) or '${slap-connection:software-release-url}') %}
+{%   do request_dict.__setitem__(request_section_title, request_content_dict) %}
 {% endfor %}

 {% set authorized_slave_string_list = [] %}
@@ -212,12 +214,6 @@ config-monitor-cors-domains = {{ slapparameter_dict.get('monitor-cors-domains',
 config-monitor-username = ${monitor-instance-parameter:username}
 config-monitor-password = ${monitor-htpasswd:passwd}

-{% set frontend_software_url_key = "-frontend-software-release-url" %}
-{% if slapparameter_dict.has_key(frontend_software_url_key) %}
-software-url = {{ slapparameter_dict.pop(frontend_software_url_key) }}
-{% else %}
-software-url = ${slap-connection:software-release-url}
-{% endif %}
 software-type = {{frontend_type}}
 return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate

@@ -226,6 +222,7 @@ return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-u
 [{{section}}]
 <= replicate
 name = {{ frontend_request.get('name') }}
+software-url = {{ frontend_request['software-url'] }}
 {%   if state %}
 state = {{ state }}
 {%   endif %}
@@ -328,9 +325,9 @@ config-{{ key }} = {{ dumps(slapparameter_dict[key]) }}
 config-slave-list = {{ dumps(authorized_slave_list) }}
 config-cluster-identification = {{ cluster_identification }}

-{% set frontend_software_url_key = "-frontend-software-release-url" %}
-{% if slapparameter_dict.has_key(frontend_software_url_key) %}
-software-url = {{ slapparameter_dict.pop(frontend_software_url_key) }}
+{% set software_url_key = "-kedifa-software-release-url" %}
+{% if slapparameter_dict.has_key(software_url_key) %}
+software-url = {{ slapparameter_dict.pop(software_url_key) }}
 {% else %}
 software-url = ${slap-connection:software-release-url}
 {% endif %}

--- a/software/caddy-frontend/instance-kedifa.cfg.in
+++ b/software/caddy-frontend/instance-kedifa.cfg.in
@@ -19,6 +19,7 @@ parts =
  caucase-updater
  expose-csr_id
  promise-expose-csr_id-ip-port
+  promise-logrotate-setup

 [monitor-instance-parameter]
 # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
@@ -105,7 +106,7 @@ stop-on-error = True
     ca_path='${kedifa-config:ca-certificate}',
     crl_path='${kedifa-config:crl}',
     key_path='${kedifa-csr:key}',
-     on_renew='${kedifa-reloader:wrapper-path}',
+     on_renew='${kedifa-reloader:rendered}',
     template_csr='${kedifa-csr:template-csr}'
 )}}

@@ -213,9 +214,14 @@ pidfile = ${directory:run}/kedifa.pid
 logfile = ${directory:log}/kedifa.log

 [kedifa-reloader]
-recipe = slapos.cookbook:wrapper
-command-line = kill -SIGHUP `cat ${kedifa-config:pidfile}`
-wrapper-path = ${directory:etc-run}/kedifa-reloader
+<= jinja2-template-base
+template = {{ parameter_dict['template_wrapper'] }}
+rendered = ${directory:etc-run}/kedifa-reloader
+command =
+  kill -HUP `cat ${kedifa-config:pidfile}`
+mode = 0700
+extra-context =
+  key content :command

 [promise-kedifa-http-reply]
 <= monitor-promise-base
@@ -231,6 +237,7 @@ config-ca-cert-file = ${kedifa-config:ca-certificate}
 name = kedifa
 log = ${kedifa-config:logfile}
 rotate-num = {{ instance_parameter['configuration.rotate-num'] | int }}
+delaycompress =

 [kedifa]
 recipe = slapos.cookbook:wrapper
@@ -296,4 +303,12 @@ master-key-download-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${
 csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt
 csr_id-certificate = ${get-csr_id-certificate:certificate}
 monitor-base-url = ${monitor-instance-parameter:monitor-base-url}
+
+[promise-logrotate-setup]
+<= monitor-promise-base
+module = check_command_execute
+name = ${:_buildout_section_name_}.py
+config-command =
+  ${logrotate:wrapper-path} -d
+
 {%- endif -%} {# if slap_software_type in software_type #}
--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -156,6 +156,8 @@ name = ${:_buildout_section_name_}
 log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}} {{slave_parameter_dict.get('backend_log')}}
 backup = {{ slave_log_folder }}
 rotate-num = {{ dumps('' ~ configuration['rotate-num']) }}
+# disable delayed compression, as log filenames shall be stable
+delaycompress =

 {#-   integrate current logs inside #}

@@ -480,6 +482,7 @@ parts +=
    kedifa-updater
    kedifa-updater-run
    backend-haproxy-configuration
+    promise-logrotate-setup
 {%- for part in part_list %}
 {{ '    %s' % part }}
 {%- endfor %}
@@ -571,4 +574,10 @@ recipe = collective.recipe.shelloutput
 commands =
  certificate = cat ${certificate-csr_id:certificate}

+[promise-logrotate-setup]
+<= monitor-promise-base
+module = check_command_execute
+name = ${:_buildout_section_name_}.py
+config-command =
+  ${logrotate:wrapper-path} -d
 {%- endif %} {# if software_type == slap_software_type #}
--- a/software/caddy-frontend/templates/backend-haproxy.cfg.in
+++ b/software/caddy-frontend/templates/backend-haproxy.cfg.in
@@ -14,32 +14,46 @@ defaults
  timeout connect {{ configuration['backend-connect-timeout'] }}s
  retries {{ configuration['backend-connect-retries'] }}

-{%- macro frontend_entry(slave_instance, scheme) %}
+{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
+{#-   wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
 {%-   set host_list = (slave_instance.get('server-alias') or  '').split() %}
 {%-   if slave_instance.get('custom_domain') not in host_list %}
 {%-     do host_list.append(slave_instance.get('custom_domain')) %}
 {%-   endif %}
+{%-   set matched = {'count': 0} %}
 {%-   for host in host_list %}
-{%-     if host.startswith('*.') %}
-{#-     hdr_sub has to be used, as anyway something.example.com shall match *.example.com[:port], with optional port #}
-  acl is_{{ slave_instance['slave_reference'] }} hdr_sub(host) -i {{ host[2:] }}
-{%-     else %}
-  acl is_{{ slave_instance['slave_reference'] }} hdr_dom(host) -i {{ host }}
+{#-     Match up to the end or optional port (starting with ':') #}
+{#-     Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
+{%-     if wildcard and host.startswith('*.') %}
+{%-       do matched.__setitem__('count', matched['count'] + 1) %}
+# match wildcard {{ host }}
+  acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
+{%-     elif not wildcard and not host.startswith('*.') %}
+{%-       do matched.__setitem__('count', matched['count'] + 1) %}
+  acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
 {%-     endif %}
 {%-   endfor %}
+{%-   if matched['count'] > 0 %}
  use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
+{%-   endif %}
 {%- endmacro %}

 frontend http-backend
  bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
 {%- for slave_instance in backend_slave_list %}
-{{ frontend_entry(slave_instance, 'http') }}
+{{ frontend_entry(slave_instance, 'http', False) }}
+{%- endfor %}
+{%- for slave_instance in backend_slave_list %}
+{{ frontend_entry(slave_instance, 'http', True) }}
 {%- endfor %}

 frontend https-backend
  bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
 {%- for slave_instance in backend_slave_list %}
-{{ frontend_entry(slave_instance, 'https') }}
+{{ frontend_entry(slave_instance, 'https', False) }}
+{%- endfor %}
+{%- for slave_instance in backend_slave_list %}
+{{ frontend_entry(slave_instance, 'https', True) }}
 {%- endfor %}

 {%- for slave_instance in backend_slave_list %}

--- a/software/caddy-frontend/templates/notfound.html
+++ b/software/caddy-frontend/templates/notfound.html
@@ -3,7 +3,17 @@
  <title>Instance not found</title>
 </head>
 <body>
-<h1>This instance has not been found.</h1>
-<p>If this error persists, please check your instance URL and status on SlapOS Master.</p>
+<h1>The instance has not been found</h1>
+<p>The reasons of this could be:</p>
+<ul>
+<li>the instance does not exists or the URL is incorrect
+<ul>
+<li>in this case please check the URL
+</ul>
+<li>the instance has been stopped
+<ul>
+<li>in this case please check in the SlapOS Master if the instance is started or wait a bit for it to start
+</ul>
+</ul>
 </body>
 </html>
--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -1628,9 +1628,19 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
  <title>Instance not found</title>
 </head>
 <body>
-<h1>This instance has not been found.</h1>
-<p>If this error persists, please check your instance URL and status on S"""
-      """lapOS Master.</p>
+<h1>The instance has not been found</h1>
+<p>The reasons of this could be:</p>
+<ul>
+<li>the instance does not exists or the URL is incorrect
+<ul>
+<li>in this case please check the URL
+</ul>
+<li>the instance has been stopped
+<ul>
+<li>in this case please check in the SlapOS Master if the instance is """
+      """started or wait a bit for it to start
+</ul>
+</ul>
 </body>
 </html>
 """,
@@ -6575,3 +6585,92 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
      },
      parameter_dict
    )
+
+
+class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
+  @classmethod
+  def getInstanceParameterDict(cls):
+    return {
+      'domain': 'example.com',
+      'public-ipv4': cls._ipv4_address,
+      'port': HTTPS_PORT,
+      'plain_http_port': HTTP_PORT,
+      'kedifa_port': KEDIFA_PORT,
+      'caucase_port': CAUCASE_PORT,
+      'mpm-graceful-shutdown-timeout': 2,
+      'request-timeout': '12',
+    }
+
+  @classmethod
+  def getSlaveParameterDictDict(cls):
+    # Note: The slaves are specifically constructed to have an order which
+    #       is triggering the problem. Slave list is sorted in many places,
+    #       and such slave configuration will result with them begin seen
+    #       by backend haproxy configuration in exactly the way seen below
+    #       Ordering it here will not help at all.
+    return {
+      'wildcard': {
+        'url': cls.backend_url + 'wildcard',
+        'custom_domain': '*.alias1.example.com',
+      },
+      'zspecific': {
+        'url': cls.backend_url + 'zspecific',
+        'custom_domain': 'zspecific.alias1.example.com',
+      },
+    }
+
+  def test(self):
+    parameter_dict_wildcard = self.parseSlaveParameterDict('wildcard')
+    self.assertLogAccessUrlWithPop(parameter_dict_wildcard)
+    self.assertKedifaKeysWithPop(parameter_dict_wildcard, '')
+    hostname = '*.alias1'
+    self.assertEqual(
+      {
+        'domain': '%s.example.com' % (hostname,),
+        'replication_number': '1',
+        'url': 'http://%s.example.com' % (hostname, ),
+        'site_url': 'http://%s.example.com' % (hostname, ),
+        'secure_access': 'https://%s.example.com' % (hostname, ),
+        'public-ipv4': self._ipv4_address,
+        'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
+      },
+      parameter_dict_wildcard
+    )
+    parameter_dict_specific = self.parseSlaveParameterDict('zspecific')
+    self.assertLogAccessUrlWithPop(parameter_dict_specific)
+    self.assertKedifaKeysWithPop(parameter_dict_specific, '')
+    hostname = 'zspecific.alias1'
+    self.assertEqual(
+      {
+        'domain': '%s.example.com' % (hostname,),
+        'replication_number': '1',
+        'url': 'http://%s.example.com' % (hostname, ),
+        'site_url': 'http://%s.example.com' % (hostname, ),
+        'secure_access': 'https://%s.example.com' % (hostname, ),
+        'public-ipv4': self._ipv4_address,
+        'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
+      },
+      parameter_dict_specific
+    )
+
+    result_wildcard = fakeHTTPSResult(
+      'other.alias1.example.com', parameter_dict_wildcard['public-ipv4'],
+      'test-path',
+      headers={
+        'Timeout': '10',  # more than default backend-connect-timeout == 5
+        'Accept-Encoding': 'gzip',
+      }
+    )
+    self.assertEqual(self.certificate_pem, der2pem(result_wildcard.peercert))
+    self.assertEqualResultJson(result_wildcard, 'Path', '/wildcard/test-path')
+
+    result_specific = fakeHTTPSResult(
+      'zspecific.alias1.example.com', parameter_dict_specific['public-ipv4'],
+      'test-path',
+      headers={
+        'Timeout': '10',  # more than default backend-connect-timeout == 5
+        'Accept-Encoding': 'gzip',
+      }
+    )
+    self.assertEqual(self.certificate_pem, der2pem(result_specific.peercert))
+    self.assertEqualResultJson(result_specific, 'Path', '/zspecific/test-path')
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -37,6 +38,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -37,6 +38,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_etc_cron_d-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_etc_cron_d-CADDY.txt
+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate
--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_log-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_log-CADDY.txt
+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_wildcard_access_log
+T-2/var/log/httpd/_wildcard_backend_log
+T-2/var/log/httpd/_wildcard_error_log
+T-2/var/log/httpd/_zspecific_access_log
+T-2/var/log/httpd/_zspecific_backend_log
+T-2/var/log/httpd/_zspecific_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/slave-introspection-access.log
+T-2/var/log/slave-introspection-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out
--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_plugin-CADDY.txt
+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/slave-introspection-configuration.py
+T-2/etc/plugin/slave_introspection_https.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py
--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_run-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_run-CADDY.txt
+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid
+T-2/var/run/slave-introspection.pid
+T-2/var/run/slave_introspection_configuration_last_state
+T-2/var/run/slave_introspection_graceful_configuration_state_signature
--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_supervisor_state-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_supervisor_state-CADDY.txt
+T-0:aibcc-user-caucase-updater-on-watch RUNNING
+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
+T-2:slave-introspection-safe-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/__init__.py
 T-2/etc/plugin/backend-client-caucase-updater.py
 T-2/etc/plugin/backend-haproxy-configuration.py
@@ -35,6 +36,7 @@ T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/slave-introspection-configuration.py
 T-2/etc/plugin/slave_introspection_https.py

--- a/stack/logrotate/buildout.hash.cfg
+++ b/stack/logrotate/buildout.hash.cfg
@@ -18,8 +18,8 @@ md5sum = 7c41026716d856bba7c1252b72adbf77

 [logrotate-entry-template]
 filename = logrotate_entry.in
-md5sum = 117e46af6d9d31c09eeb86089d11407e
+md5sum = ce6ccdd52148770149e6e7525ab71e80

 [template-logrotate-base]
 filename = instance-logrotate-base.cfg.in
-md5sum = c2a06234d923c8e589cc0ddb1d6e0880
+md5sum = 8a774b677623c77c6ff0b88852fac643
--- a/stack/logrotate/instance-logrotate-base.cfg.in
+++ b/stack/logrotate/instance-logrotate-base.cfg.in
@@ -58,12 +58,14 @@ context =
  key frequency :frequency
  key rotate_num :rotate-num
  key nocompress :nocompress
+  key delaycompress :delaycompress
 post =
 pre =
 frequency = daily
 rotate-num = 3650
 backup = ${logrotate-directory:logrotate-backup}
 nocompress =
+delaycompress = true

 [logrotate]
 recipe = slapos.cookbook:wrapper

--- a/stack/logrotate/logrotate_entry.in
+++ b/stack/logrotate/logrotate_entry.in
@@ -4,7 +4,7 @@
  rotate {{ rotate_num }}
  {% if nocompress %}nocompress
  {% else %}compress
-  delaycompress{% endif %}
+  {% if delaycompress %}delaycompress{% endif %}{% endif %}
  notifempty
  sharedscripts
  create