Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
2481bc39
Commit
2481bc39
authored
May 03, 2022
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Convert to python3
Profiles and required scripts are converted to be python3 only compatible.
parent
1dd5d303
Changes
10
Show whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
85 additions
and
65 deletions
+85
-65
software/caddy-frontend/buildout.hash.cfg
software/caddy-frontend/buildout.hash.cfg
+8
-8
software/caddy-frontend/caddyprofiledummy.py
software/caddy-frontend/caddyprofiledummy.py
+7
-7
software/caddy-frontend/instance-apache-frontend.cfg.in
software/caddy-frontend/instance-apache-frontend.cfg.in
+13
-8
software/caddy-frontend/instance-apache-replicate.cfg.in
software/caddy-frontend/instance-apache-replicate.cfg.in
+12
-12
software/caddy-frontend/instance-kedifa.cfg.in
software/caddy-frontend/instance-kedifa.cfg.in
+19
-9
software/caddy-frontend/instance.cfg.in
software/caddy-frontend/instance.cfg.in
+2
-1
software/caddy-frontend/software.cfg
software/caddy-frontend/software.cfg
+0
-1
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
.../caddy-frontend/templates/apache-custom-slave-list.cfg.in
+16
-11
software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
...tend/templates/replicate-publish-slave-information.cfg.in
+7
-7
software/caddy-frontend/templates/slave-introspection-httpd-nginx.conf.in
...rontend/templates/slave-introspection-httpd-nginx.conf.in
+1
-1
No files found.
software/caddy-frontend/buildout.hash.cfg
View file @
2481bc39
...
@@ -14,7 +14,7 @@
...
@@ -14,7 +14,7 @@
# not need these here).
# not need these here).
[template]
[template]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
051ae51b86f9aba169a6777fa2239901
md5sum =
f1f04e7f27bc6e40a655dd4badb2a8af
[profile-common]
[profile-common]
filename = instance-common.cfg.in
filename = instance-common.cfg.in
...
@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
...
@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend]
[profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in
filename = instance-apache-frontend.cfg.in
md5sum =
1e912fb970401a4b7670b25ba8284a5b
md5sum =
874133120f3a4eda1d0505b8608b280f
[profile-caddy-replicate]
[profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in
filename = instance-apache-replicate.cfg.in
md5sum =
57388e76c7e61b3d7213df8aac0b407d
md5sum =
02a10d92d2b0e270454998cf865b6895
[profile-slave-list]
[profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum =
964a7f673f441f3a3e90c88ab03e3351
md5sum =
268a945e5c7a52c8766b54a817215c4c
[profile-replicate-publish-slave-information]
[profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
md5sum = b
e54431846fe7f3cee65260eefc83d62
md5sum = b
3422f3624054f57b78d0e50a0de399a
[profile-caddy-frontend-configuration]
[profile-caddy-frontend-configuration]
_update_hash_filename_ = templates/Caddyfile.in
_update_hash_filename_ = templates/Caddyfile.in
...
@@ -98,11 +98,11 @@ md5sum = f6f72d03af7d9dc29fb4d4fef1062e73
...
@@ -98,11 +98,11 @@ md5sum = f6f72d03af7d9dc29fb4d4fef1062e73
[caddyprofiledeps-dummy]
[caddyprofiledeps-dummy]
filename = caddyprofiledummy.py
filename = caddyprofiledummy.py
md5sum =
b41b8de115ad815d0b0db306ad650365
md5sum =
1c866272ec0ea0c161f0c0d80cb6e584
[profile-kedifa]
[profile-kedifa]
filename = instance-kedifa.cfg.in
filename = instance-kedifa.cfg.in
md5sum =
b5426129668f39ace55f14012c4a2fd2
md5sum =
2f1c9cc9a3d2f4c6ac59eba5a99d4983
[template-backend-haproxy-rsyslogd-conf]
[template-backend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
...
@@ -110,7 +110,7 @@ md5sum = 3336d554661b138dcef97b1d1866803c
...
@@ -110,7 +110,7 @@ md5sum = 3336d554661b138dcef97b1d1866803c
[template-slave-introspection-httpd-nginx]
[template-slave-introspection-httpd-nginx]
_update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in
_update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in
md5sum =
3067e6ba6c6901821d57d2109517d39c
md5sum =
b79addf01b6fb93c2f3d018e83eff766
[template-expose-csr-nginx-conf]
[template-expose-csr-nginx-conf]
_update_hash_filename_ = templates/expose-csr-nginx.conf.in
_update_hash_filename_ = templates/expose-csr-nginx.conf.in
...
...
software/caddy-frontend/caddyprofiledummy.py
View file @
2481bc39
from
__future__
import
print_function
import
caucase.client
import
caucase.client
import
caucase.utils
import
caucase.utils
import
os
import
os
import
ssl
import
ssl
import
sys
import
sys
import
urllib
import
urllib
.request
,
urllib
.
parse
,
urllib
.
error
import
urlparse
import
url
lib.
parse
from
cryptography
import
x509
from
cryptography
import
x509
from
cryptography.hazmat.primitives
import
serialization
from
cryptography.hazmat.primitives
import
serialization
...
@@ -24,7 +24,7 @@ class Recipe(object):
...
@@ -24,7 +24,7 @@ class Recipe(object):
def
validate_netloc
(
netloc
):
def
validate_netloc
(
netloc
):
# a bit crazy way to validate that the passed parameter is haproxy
# a bit crazy way to validate that the passed parameter is haproxy
# compatible server netloc
# compatible server netloc
parsed
=
urlparse
.
urlparse
(
'scheme://'
+
netloc
)
parsed
=
url
lib
.
parse
.
urlparse
(
'scheme://'
+
netloc
)
if
':'
in
parsed
.
hostname
:
if
':'
in
parsed
.
hostname
:
hostname
=
'[%s]'
%
parsed
.
hostname
hostname
=
'[%s]'
%
parsed
.
hostname
else
:
else
:
...
@@ -33,7 +33,7 @@ def validate_netloc(netloc):
...
@@ -33,7 +33,7 @@ def validate_netloc(netloc):
def
_check_certificate
(
url
,
certificate
):
def
_check_certificate
(
url
,
certificate
):
parsed
=
urlparse
.
urlparse
(
url
)
parsed
=
url
lib
.
parse
.
urlparse
(
url
)
got_certificate
=
ssl
.
get_server_certificate
((
parsed
.
hostname
,
parsed
.
port
))
got_certificate
=
ssl
.
get_server_certificate
((
parsed
.
hostname
,
parsed
.
port
))
if
certificate
.
strip
()
!=
got_certificate
.
strip
():
if
certificate
.
strip
()
!=
got_certificate
.
strip
():
raise
ValueError
(
'Certificate for %s does not match expected one'
%
(
url
,))
raise
ValueError
(
'Certificate for %s does not match expected one'
%
(
url
,))
...
@@ -44,7 +44,7 @@ def _get_exposed_csr(url, certificate):
...
@@ -44,7 +44,7 @@ def _get_exposed_csr(url, certificate):
self_signed
=
ssl
.
create_default_context
()
self_signed
=
ssl
.
create_default_context
()
self_signed
.
check_hostname
=
False
self_signed
.
check_hostname
=
False
self_signed
.
verify_mode
=
ssl
.
CERT_NONE
self_signed
.
verify_mode
=
ssl
.
CERT_NONE
return
urllib
.
urlopen
(
url
,
context
=
self_signed
).
read
()
return
urllib
.
request
.
urlopen
(
url
,
context
=
self_signed
).
read
().
decode
()
def
_get_caucase_client
(
ca_url
,
ca_crt
,
user_key
):
def
_get_caucase_client
(
ca_url
,
ca_crt
,
user_key
):
...
@@ -72,7 +72,7 @@ def _csr_match(*csr_list):
...
@@ -72,7 +72,7 @@ def _csr_match(*csr_list):
number_list
=
set
([])
number_list
=
set
([])
for
csr
in
csr_list
:
for
csr
in
csr_list
:
number_list
.
add
(
number_list
.
add
(
x509
.
load_pem_x509_csr
(
str
(
csr
)).
public_key
().
public_numbers
())
x509
.
load_pem_x509_csr
(
csr
.
encode
(
)).
public_key
().
public_numbers
())
return
len
(
number_list
)
==
1
return
len
(
number_list
)
==
1
...
...
software/caddy-frontend/instance-apache-frontend.cfg.in
View file @
2481bc39
...
@@ -99,7 +99,7 @@ hash-salt = ${frontend-node-private-salt:value}
...
@@ -99,7 +99,7 @@ hash-salt = ${frontend-node-private-salt:value}
init =
init =
import hashlib
import hashlib
import base64
import base64
options['value'] = base64.urlsafe_b64encode(hashlib.md5(''.join([options['software-release-url'].strip(), options['hash-salt']])
).digest()
)
options['value'] = base64.urlsafe_b64encode(hashlib.md5(''.join([options['software-release-url'].strip(), options['hash-salt']])
.encode()).digest()).decode(
)
[frontend-node-information]
[frontend-node-information]
recipe = slapos.recipe.build
recipe = slapos.recipe.build
...
@@ -359,9 +359,9 @@ partition_ipv6 = ${slap-configuration:ipv6-random}
...
@@ -359,9 +359,9 @@ partition_ipv6 = ${slap-configuration:ipv6-random}
extra-context =
extra-context =
key caddy_configuration_directory caddy-directory:slave-configuration
key caddy_configuration_directory caddy-directory:slave-configuration
key backend_client_caucase_url :backend-client-caucase-url
key backend_client_caucase_url :backend-client-caucase-url
import urlparse_module urlparse
import furl_module furl
import furl_module furl
import urllib_module urllib
import urllib_module urllib
import operator_module operator
key master_key_download_url :master_key_download_url
key master_key_download_url :master_key_download_url
key autocert caddy-directory:autocert
key autocert caddy-directory:autocert
key caddy_log_directory caddy-directory:slave-log
key caddy_log_directory caddy-directory:slave-log
...
@@ -475,9 +475,14 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
...
@@ -475,9 +475,14 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
# BBB: SlapOS Master non-zero knowledge BEGIN
# BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access]
[get-self-signed-fallback-access]
recipe = collective.recipe.shelloutput
recipe = slapos.recipe.build
commands =
certificate-file = ${self-signed-fallback-access:certificate}
certificate = cat ${self-signed-fallback-access:certificate}
init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[apache-certificate]
[apache-certificate]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
@@ -1066,7 +1071,7 @@ config-command =
...
@@ -1066,7 +1071,7 @@ config-command =
${logrotate:wrapper-path} -d
${logrotate:wrapper-path} -d
[configuration]
[configuration]
{%- for key, value in instance_parameter_dict.ite
rite
ms() -%}
{%- for key, value in instance_parameter_dict.items() -%}
{%- if key.startswith('configuration.') %}
{%- if key.startswith('configuration.') %}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{%- endif -%}
{%- endif -%}
...
@@ -1076,13 +1081,13 @@ config-command =
...
@@ -1076,13 +1081,13 @@ config-command =
{#- There are dangerous keys like recipe, etc #}
{#- There are dangerous keys like recipe, etc #}
{#- XXX: Some other approach would be useful #}
{#- XXX: Some other approach would be useful #}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- for key, value in instance_parameter_dict.ite
rite
ms() -%}
{%- for key, value in instance_parameter_dict.items() -%}
{%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
{%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{%- endif -%}
{%- endif -%}
{%- endfor %}
{%- endfor %}
[software-parameter-section]
[software-parameter-section]
{%- for key, value in software_parameter_dict.ite
rite
ms() %}
{%- for key, value in software_parameter_dict.items() %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{%- endfor %}
{%- endfor %}
software/caddy-frontend/instance-apache-replicate.cfg.in
View file @
2481bc39
...
@@ -129,7 +129,7 @@ context =
...
@@ -129,7 +129,7 @@ context =
{% set config_key = "-frontend-config-%s-" % i %}
{% set config_key = "-frontend-config-%s-" % i %}
{% set config_key_length = config_key | length %}
{% set config_key_length = config_key | length %}
{% set config_dict = {} %}
{% set config_dict = {} %}
{% for key in
slapparameter_dict.keys(
) %}
{% for key in
list(slapparameter_dict.keys()
) %}
{% if key.startswith(sla_key) %}
{% if key.startswith(sla_key) %}
{% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
{% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
# We check for specific configuration regarding the frontend
# We check for specific configuration regarding the frontend
...
@@ -164,7 +164,7 @@ context =
...
@@ -164,7 +164,7 @@ context =
{% set critical_rejected_slave_dict = {} %}
{% set critical_rejected_slave_dict = {} %}
{% set warning_slave_dict = {} %}
{% set warning_slave_dict = {} %}
{% set used_host_list = [] %}
{% set used_host_list = [] %}
{% for slave in sorted(instance_parameter_dict['slave-instance-list']) %}
{% for slave in sorted(instance_parameter_dict['slave-instance-list']
, key=operator_module.itemgetter('slave_reference')
) %}
{% set slave_error_list = [] %}
{% set slave_error_list = [] %}
{% set slave_critical_error_list = [] %}
{% set slave_critical_error_list = [] %}
{% set slave_warning_list = [] %}
{% set slave_warning_list = [] %}
...
@@ -278,7 +278,7 @@ context =
...
@@ -278,7 +278,7 @@ context =
{% if k in slave %}
{% if k in slave %}
{% set crt = slave.get(k, '') %}
{% set crt = slave.get(k, '') %}
{% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %}
{% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %}
{% do check_popen.communicate(crt) %}
{% do check_popen.communicate(crt
.encode()
) %}
{% if check_popen.returncode != 0 %}
{% if check_popen.returncode != 0 %}
{% do slave_error_list.append('%s is invalid' % (k,)) %}
{% do slave_error_list.append('%s is invalid' % (k,)) %}
{% endif %}
{% endif %}
...
@@ -296,8 +296,8 @@ context =
...
@@ -296,8 +296,8 @@ context =
{% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
{% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
{% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
{% set key_modulus = key_popen.communicate(slave['ssl_key']
.encode()
)[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt']
.encode()
)[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %}
{% if not key_modulus or key_modulus != crt_modulus %}
{% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %}
{% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %}
{% endif %}
{% endif %}
...
@@ -334,7 +334,7 @@ context =
...
@@ -334,7 +334,7 @@ context =
{% do warning_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_warning_list)) %}
{% do warning_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_warning_list)) %}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% do authorized_slave_list.sort() %}
{% do authorized_slave_list.sort(
key=operator_module.itemgetter('slave_reference')
) %}
[monitor-instance-parameter]
[monitor-instance-parameter]
monitor-httpd-port = {{ master_partition_monitor_monitor_httpd_port }}
monitor-httpd-port = {{ master_partition_monitor_monitor_httpd_port }}
...
@@ -356,7 +356,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
...
@@ -356,7 +356,7 @@ return = slave-instance-information-list monitor-base-url backend-client-csr-url
{%- do base_node_configuration_dict.__setitem__(key, slapparameter_dict[key]) %}
{%- do base_node_configuration_dict.__setitem__(key, slapparameter_dict[key]) %}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{% for section, frontend_request in request_dict.ite
rite
ms() %}
{% for section, frontend_request in request_dict.items() %}
{% set state = frontend_request.get('state', '') %}
{% set state = frontend_request.get('state', '') %}
[{{section}}]
[{{section}}]
<= replicate
<= replicate
...
@@ -377,14 +377,14 @@ config-cluster-identification = {{ instance_parameter_dict['root-instance-title'
...
@@ -377,14 +377,14 @@ config-cluster-identification = {{ instance_parameter_dict['root-instance-title'
{# sort_keys are important in order to avoid shuffling parameters on each run #}
{# sort_keys are important in order to avoid shuffling parameters on each run #}
{% do node_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %}
{% do node_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %}
{% do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
{% do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
{%- for config_key, config_value in node_configuration_dict.ite
rite
ms() %}
{%- for config_key, config_value in node_configuration_dict.items() %}
config-{{ config_key }} = {{ dumps(config_value) }}
config-{{ config_key }} = {{ dumps(config_value) }}
{% endfor -%}
{% endfor -%}
{%- for config_key, config_value in base_node_configuration_dict.ite
rite
ms() %}
{%- for config_key, config_value in base_node_configuration_dict.items() %}
config-{{ config_key }} = {{ dumps(config_value) }}
config-{{ config_key }} = {{ dumps(config_value) }}
{% endfor -%}
{% endfor -%}
{% if frontend_request.get('sla') %}
{% if frontend_request.get('sla') %}
{% for parameter, value in frontend_request.get('sla').ite
rite
ms() %}
{% for parameter, value in frontend_request.get('sla').items() %}
sla-{{ parameter }} = {{ value }}
sla-{{ parameter }} = {{ value }}
{% endfor %}
{% endfor %}
{% endif %}
{% endif %}
...
@@ -489,7 +489,7 @@ config-slave-list = {{ dumps(authorized_slave_list) }}
...
@@ -489,7 +489,7 @@ config-slave-list = {{ dumps(authorized_slave_list) }}
config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
{% set software_url_key = "-kedifa-software-release-url" %}
{% set software_url_key = "-kedifa-software-release-url" %}
{% if s
lapparameter_dict.has_key(software_url_key)
%}
{% if s
oftware_url_key in slapparameter_dict
%}
software-url = {{ slapparameter_dict.pop(software_url_key) }}
software-url = {{ slapparameter_dict.pop(software_url_key) }}
{% else %}
{% else %}
software-url = ${slap-connection:software-release-url}
software-url = ${slap-connection:software-release-url}
...
@@ -499,7 +499,7 @@ name = kedifa
...
@@ -499,7 +499,7 @@ name = kedifa
return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate monitor-base-url
return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate monitor-base-url
{% set sla_kedifa_key = "-sla-kedifa-" %}
{% set sla_kedifa_key = "-sla-kedifa-" %}
{% set sla_kedifa_key_length = sla_kedifa_key | length %}
{% set sla_kedifa_key_length = sla_kedifa_key | length %}
{% for key in
slapparameter_dict.keys(
) %}
{% for key in
list(slapparameter_dict.keys()
) %}
{% if key.startswith(sla_kedifa_key) %}
{% if key.startswith(sla_kedifa_key) %}
sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }}
sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }}
{% endif %}
{% endif %}
...
...
software/caddy-frontend/instance-kedifa.cfg.in
View file @
2481bc39
...
@@ -171,9 +171,14 @@ wrapper-path = ${directory:service}/expose-csr
...
@@ -171,9 +171,14 @@ wrapper-path = ${directory:service}/expose-csr
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[expose-csr-certificate-get]
[expose-csr-certificate-get]
recipe = collective.recipe.shelloutput
recipe = slapos.recipe.build
commands =
certificate-file = ${expose-csr-certificate:certificate}
certificate = cat ${expose-csr-certificate:certificate}
init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[jinja2-template-base]
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
@@ -259,10 +264,8 @@ command =
...
@@ -259,10 +264,8 @@ command =
update-command = ${:command}
update-command = ${:command}
[{{ slave_reference }}-auth-random]
[{{ slave_reference }}-auth-random]
recipe = collective.recipe.shelloutput
<= auth-random
file = {{ '${' + slave_reference }}-auth-random-generate:file}
file = {{ '${' + slave_reference }}-auth-random-generate:file}
commands =
passwd = cat ${:file} 2>/dev/null || echo "NotReadyYet"
{% endfor %}
{% endfor %}
...
@@ -273,11 +276,18 @@ command =
...
@@ -273,11 +276,18 @@ command =
[ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file}
[ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file}
update-command = ${:command}
update-command = ${:command}
[auth-random]
recipe = slapos.recipe.build
init =
import os
options['passwd'] = 'NotReadyYet'
if os.path.exists(options['file']):
with open(options['file'], 'r') as fh:
options['passwd'] = fh.read()
[master-auth-random]
[master-auth-random]
recipe = collective.recipe.shelloutput
<= auth-random
file = ${master-auth-random-generate:file}
file = ${master-auth-random-generate:file}
commands =
passwd = cat ${:file} 2>/dev/null || echo "NotReadyYet"
[slave-kedifa-information]
[slave-kedifa-information]
recipe = slapos.cookbook:publish.serialised
recipe = slapos.cookbook:publish.serialised
...
...
software/caddy-frontend/instance.cfg.in
View file @
2481bc39
...
@@ -34,7 +34,7 @@ replicate = dynamic-profile-caddy-replicate:output
...
@@ -34,7 +34,7 @@ replicate = dynamic-profile-caddy-replicate:output
kedifa = dynamic-profile-kedifa:output
kedifa = dynamic-profile-kedifa:output
[software-parameter-section]
[software-parameter-section]
{% for key,value in software_parameter_dict.ite
rite
ms() %}
{% for key,value in software_parameter_dict.items() %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{% endfor -%}
{% endfor -%}
...
@@ -54,6 +54,7 @@ filename = instance-caddy-replicate.cfg
...
@@ -54,6 +54,7 @@ filename = instance-caddy-replicate.cfg
extra-context =
extra-context =
import subprocess_module subprocess
import subprocess_module subprocess
import functools_module functools
import functools_module functools
import operator_module operator
import validators validators
import validators validators
import caddyprofiledummy caddyprofiledummy
import caddyprofiledummy caddyprofiledummy
# Must match the key id in [switch-softwaretype] which uses this section.
# Must match the key id in [switch-softwaretype] which uses this section.
...
...
software/caddy-frontend/software.cfg
View file @
2481bc39
...
@@ -60,7 +60,6 @@ recipe = zc.recipe.egg
...
@@ -60,7 +60,6 @@ recipe = zc.recipe.egg
eggs =
eggs =
caddyprofiledeps
caddyprofiledeps
websockify
websockify
collective.recipe.shelloutput
[profile-common]
[profile-common]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
...
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
View file @
2481bc39
...
@@ -52,13 +52,13 @@ context =
...
@@ -52,13 +52,13 @@ context =
{#- * setup defaults to simplify other profiles #}
{#- * setup defaults to simplify other profiles #}
{#- * stabilise values for backend #}
{#- * stabilise values for backend #}
{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
{%- set parsed = url
parse_modul
e.urlparse(slave_instance.get(key, '').strip()) %}
{%- set parsed = url
lib_module.pars
e.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %}
{%- endfor %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- for key, prefix in [('health-check-failover-url', 'http_backend'), ('health-check-failover-https-url', 'https_backend')] %}
{%- for key, prefix in [('health-check-failover-url', 'http_backend'), ('health-check-failover-https-url', 'https_backend')] %}
{%- set parsed = url
parse_modul
e.urlparse(slave_instance.get(key, '').strip()) %}
{%- set parsed = url
lib_module.pars
e.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = slave_instance[prefix] %}
{%- set info_dict = slave_instance[prefix] %}
{%- do info_dict.__setitem__('health-check-failover-scheme', parsed.scheme) %}
{%- do info_dict.__setitem__('health-check-failover-scheme', parsed.scheme) %}
{%- do info_dict.__setitem__('health-check-failover-hostname', parsed.hostname) %}
{%- do info_dict.__setitem__('health-check-failover-hostname', parsed.hostname) %}
...
@@ -189,7 +189,7 @@ context =
...
@@ -189,7 +189,7 @@ context =
{%- do furled.set(password = '${'+ slave_password_section +':passwd}') %}
{%- do furled.set(password = '${'+ slave_password_section +':passwd}') %}
{%- do furled.set(path = slave_reference + '/') %}
{%- do furled.set(path = slave_reference + '/') %}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{%- set slave_log_access_url = url
parse_modul
e.unquote(furled.tostr()) %}
{%- set slave_log_access_url = url
lib_module.pars
e.unquote(furled.tostr()) %}
{%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
{%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
...
@@ -212,7 +212,7 @@ context =
...
@@ -212,7 +212,7 @@ context =
{%- for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
{%- for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
{%- set websocket_path = websocket_path.strip('/') %}
{%- set websocket_path = websocket_path.strip('/') %}
{#- Unquote the path, so %20 and similar can be represented correctly #}
{#- Unquote the path, so %20 and similar can be represented correctly #}
{%- set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
{%- set websocket_path = urllib_module.
parse.
unquote(websocket_path.strip()) %}
{%- if websocket_path %}
{%- if websocket_path %}
{%- do websocket_path_list.append(websocket_path) %}
{%- do websocket_path_list.append(websocket_path) %}
{%- endif %}
{%- endif %}
...
@@ -332,7 +332,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
...
@@ -332,7 +332,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
version-hash = {{ version_hash }}
version-hash = {{ version_hash }}
node-id = {{ node_id }}
node-id = {{ node_id }}
{%- for key, value in slave_instance.ite
rite
ms() %}
{%- for key, value in slave_instance.items() %}
{%- if value is not none %}
{%- if value is not none %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{%- endif %}
{%- endif %}
...
@@ -383,7 +383,7 @@ config-frequency = 720
...
@@ -383,7 +383,7 @@ config-frequency = 720
{%- do part_list.append(publish_section_title) %}
{%- do part_list.append(publish_section_title) %}
[{{ publish_section_title }}]
[{{ publish_section_title }}]
recipe = slapos.cookbook:publish
recipe = slapos.cookbook:publish
{%- for key, value in slave_publish_dict.ite
rite
ms() %}
{%- for key, value in slave_publish_dict.items() %}
{{ key }} = {{ value }}
{{ key }} = {{ value }}
{%- endfor %}
{%- endfor %}
{%- else %}
{%- else %}
...
@@ -463,7 +463,7 @@ csr-certificate = ${expose-csr-certificate-get:certificate}
...
@@ -463,7 +463,7 @@ csr-certificate = ${expose-csr-certificate-get:certificate}
{%- do furled.set(password = backend_haproxy_configuration['statistic-password']) %}
{%- do furled.set(password = backend_haproxy_configuration['statistic-password']) %}
{%- do furled.set(path = '/') %}
{%- do furled.set(path = '/') %}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{#- We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
{%- set statistic_url = url
parse_modul
e.unquote(furled.tostr()) %}
{%- set statistic_url = url
lib_module.pars
e.unquote(furled.tostr()) %}
backend-haproxy-statistic-url = {{ statistic_url }}
backend-haproxy-statistic-url = {{ statistic_url }}
{#- sort_keys are important in order to avoid shuffling parameters on each run #}
{#- sort_keys are important in order to avoid shuffling parameters on each run #}
node-information-json = {{ json_module.dumps(node_information, sort_keys=True) }}
node-information-json = {{ json_module.dumps(node_information, sort_keys=True) }}
...
@@ -503,7 +503,7 @@ output = ${:file}
...
@@ -503,7 +503,7 @@ output = ${:file}
< = jinja2-template-base
< = jinja2-template-base
url = {{ template_backend_haproxy_configuration }}
url = {{ template_backend_haproxy_configuration }}
output = ${backend-haproxy-config:file}
output = ${backend-haproxy-config:file}
backend_slave_list = {{ dumps(sorted(backend_slave_list)) }}
backend_slave_list = {{ dumps(sorted(backend_slave_list
, key=operator_module.itemgetter('slave_reference')
)) }}
extra-context =
extra-context =
key backend_slave_list :backend_slave_list
key backend_slave_list :backend_slave_list
section configuration backend-haproxy-config
section configuration backend-haproxy-config
...
@@ -611,9 +611,14 @@ wrapper-path = {{ directory['service'] }}/expose-csr
...
@@ -611,9 +611,14 @@ wrapper-path = {{ directory['service'] }}/expose-csr
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[expose-csr-certificate-get]
[expose-csr-certificate-get]
recipe = collective.recipe.shelloutput
recipe = slapos.recipe.build
commands =
certificate-file = ${expose-csr-certificate:certificate}
certificate = cat ${expose-csr-certificate:certificate}
init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[promise-logrotate-setup]
[promise-logrotate-setup]
<= monitor-promise-base
<= monitor-promise-base
...
...
software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
View file @
2481bc39
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
{% set slave_information_dict = {} %}
{% set slave_information_dict = {} %}
# regroup slave information from all frontends
# regroup slave information from all frontends
{% for frontend, slave_list_raw in slave_information.ite
rite
ms() %}
{% for frontend, slave_list_raw in slave_information.items() %}
{% if slave_list_raw %}
{% if slave_list_raw %}
{% set slave_list = json_module.loads(slave_list_raw) %}
{% set slave_list = json_module.loads(slave_list_raw) %}
{% else %}
{% else %}
...
@@ -27,21 +27,21 @@
...
@@ -27,21 +27,21 @@
{% endfor %}
{% endfor %}
{% endfor %}
{% endfor %}
{% for slave_reference, rejected_info_list in rejected_slave_information['rejected-slave-dict'].ite
rite
ms() %}
{% for slave_reference, rejected_info_list in rejected_slave_information['rejected-slave-dict'].items() %}
{% if slave_reference not in slave_information_dict %}
{% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %}
{% endif %}
{% do slave_information_dict[slave_reference].__setitem__('request-error-list', json_module.dumps(rejected_info_list)) %}
{% do slave_information_dict[slave_reference].__setitem__('request-error-list', json_module.dumps(rejected_info_list)) %}
{% endfor %}
{% endfor %}
{% for slave_reference, warning_info_list in warning_slave_information['warning-slave-dict'].ite
rite
ms() %}
{% for slave_reference, warning_info_list in warning_slave_information['warning-slave-dict'].items() %}
{% if slave_reference not in slave_information_dict %}
{% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %}
{% endif %}
{% do slave_information_dict[slave_reference].__setitem__('warning-list', json_module.dumps(warning_info_list)) %}
{% do slave_information_dict[slave_reference].__setitem__('warning-list', json_module.dumps(warning_info_list)) %}
{% endfor %}
{% endfor %}
{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).ite
rite
ms() %}
{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).items() %}
{% if slave_reference not in rejected_slave_information['rejected-slave-dict'] %}
{% if slave_reference not in rejected_slave_information['rejected-slave-dict'] %}
{% if slave_reference not in slave_information_dict %}
{% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %}
...
@@ -54,7 +54,7 @@
...
@@ -54,7 +54,7 @@
# Publish information for each slave
# Publish information for each slave
{% set active_slave_instance_list = json_module.loads(active_slave_instance_dict['active-slave-instance-list']) %}
{% set active_slave_instance_list = json_module.loads(active_slave_instance_dict['active-slave-instance-list']) %}
{% for slave_reference, slave_information in slave_information_dict.ite
rite
ms() %}
{% for slave_reference, slave_information in slave_information_dict.items() %}
{# Filter out destroyed, so not existing anymore, slaves #}
{# Filter out destroyed, so not existing anymore, slaves #}
{# Note: This functionality is not yet covered by tests, please modify with care #}
{# Note: This functionality is not yet covered by tests, please modify with care #}
{% if slave_reference in active_slave_instance_list %}
{% if slave_reference in active_slave_instance_list %}
...
@@ -68,11 +68,11 @@ recipe = slapos.cookbook:publish
...
@@ -68,11 +68,11 @@ recipe = slapos.cookbook:publish
{# sort_keys are important in order to avoid shuffling parameters on each run #}
{# sort_keys are important in order to avoid shuffling parameters on each run #}
log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
{% endif %}
{% endif %}
{% for key, value in slave_information.ite
rite
ms() %}
{% for key, value in slave_information.items() %}
{{ key }} = {{ dumps(value) }}
{{ key }} = {{ dumps(value) }}
{% endfor %}
{% endfor %}
{% endif %}
{% endif %}
{% for frontend_key, frontend_value in frontend_information.ite
rite
ms() %}
{% for frontend_key, frontend_value in frontend_information.items() %}
{{ frontend_key }} = {{ frontend_value }}
{{ frontend_key }} = {{ frontend_value }}
{% endfor %}
{% endfor %}
{% endfor %}
{% endfor %}
...
...
software/caddy-frontend/templates/slave-introspection-httpd-nginx.conf.in
View file @
2481bc39
...
@@ -23,7 +23,7 @@ http {
...
@@ -23,7 +23,7 @@ http {
fastcgi_temp_path {{ parameter_dict['var'] }} 1 2;
fastcgi_temp_path {{ parameter_dict['var'] }} 1 2;
uwsgi_temp_path {{ parameter_dict['var'] }} 1 2;
uwsgi_temp_path {{ parameter_dict['var'] }} 1 2;
scgi_temp_path {{ parameter_dict['var'] }} 1 2;
scgi_temp_path {{ parameter_dict['var'] }} 1 2;
{% for slave, directory in slave_log_directory.ite
rite
ms() %}
{% for slave, directory in slave_log_directory.items() %}
location /{{ slave }} {
location /{{ slave }} {
alias {{ directory }};
alias {{ directory }};
autoindex on;
autoindex on;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment