Commit 2e5779d0 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Drop non zero knowledge certificate management

The kedifa way is working for long time and users has been warned about moving
there, so now it's time to drop the insecure approach totally.
parent 3bdf421c
Pipeline #24149 running with stage
......@@ -139,8 +139,6 @@ This replaces old request parameters:
* ``apache-key``
* ``apache-ca-certificate``
(*Note*: They are still supported for backward compatibility, but any value send to the ``master-key-upload-url`` will supersede information from SlapOS Master.)
Slave partition
---------------
......@@ -167,8 +165,6 @@ This replaces old request parameters:
* ``ssl_key``
* ``ssl_ca_crt``
(*Note*: They are still supported for backward compatibility, but any value send to the ``key-upload-url`` will supersede information from SlapOS Master.)
Instance Parameters
===================
......@@ -331,42 +327,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
"domain": "www.example.org",
"enable_cache": "True",
Advanced example - XXX - to be written
--------------------------------------
Request slave frontend instance using custom apache configuration, willing to use cache and ssl certificates.
Listening to a custom domain and redirecting to /erp5/ so that
https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
the proxy::
instance = request(
software_release=caddy_frontend,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
software_type="custom-personal",
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
"enable_cache":"true",
"type":"zope",
"path":"/erp5",
"domain":"example.org",
"ssl_key":"-----BEGIN RSA PRIVATE KEY-----
XXXXXXX..........XXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----",
"ssl_crt":'-----BEGIN CERTIFICATE-----
XXXXXXXXXXX.............XXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----',
"ssl_ca_crt":'-----BEGIN CERTIFICATE-----
XXXXXXXXX...........XXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----',
"ssl_csr":'-----BEGIN CERTIFICATE REQUEST-----
XXXXXXXXXXXXXXX.............XXXXXXXXXXXXXXXXXX
-----END CERTIFICATE REQUEST-----',
}
)
Promises
========
......
......@@ -14,7 +14,7 @@
# not need these here).
[template]
filename = instance.cfg.in
md5sum = d408adbd12d4161c22fe9c29118fd83e
md5sum = d836ff58655a7f0503104cb9a39fdb42
[profile-common]
filename = instance-common.cfg.in
......@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend]
filename = instance-frontend.cfg.in
md5sum = 0ec59d2fb5617e82d1848c1170772d84
md5sum = 5dea84310dd0fcee1d3d9929e15e3d62
[profile-master]
filename = instance-master.cfg.in
md5sum = 2c599c22f6ab9bf2bbc48da8a12ae6e0
md5sum = e2e927ca7609c378375497c67eec0ef7
[profile-slave-list]
filename = instance-slave-list.cfg.in
md5sum = 5be5a32d5cf22e10967e59570dda2d36
md5sum = 2c5069eea87876eebf7ba130f7e339ed
[profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in
......
......@@ -152,9 +152,6 @@ etc-run = ${:etc}/run
ca-dir = ${:srv}/ssl
backend-client-dir = ${:srv}/backend-client
# BBB: SlapOS Master non-zero knowledge BEGIN
bbb-ssl-dir = ${:srv}/bbb-ssl
# BBB: SlapOS Master non-zero knowledge END
frontend_cluster = ${:var}/frontend_cluster
......@@ -381,9 +378,6 @@ extra-context =
key software_release_url version-hash:software-release-url
key node_information frontend-node-information:value
key custom_ssl_directory caddy-directory:custom-ssl-directory
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:output
# BBB: SlapOS Master non-zero knowledge END
## backend haproxy
key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration
## Configuration passed by section
......@@ -415,9 +409,6 @@ extra-context =
key not_found_file caddy-configuration:not-found-file
key username monitor-instance-parameter:username
key password monitor-htpasswd:passwd
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:output
# BBB: SlapOS Master non-zero knowledge END
[caddy-wrapper]
recipe = slapos.recipe.template:jinja2
......@@ -466,6 +457,7 @@ pid-file = ${directory:run}/httpd.pid
frontend-graceful-command = ${frontend-caddy-validate:output} && kill -USR1 $(cat ${:pid-file})
not-found-file = ${caddy-directory:document-root}/${not-found-html:filename}
master-certificate = ${caddy-directory:master-autocert-dir}/master.pem
self-signed-fallback-certificate = ${self-signed-fallback-access:certificate}
# Communication with ATS
cache-port = ${trafficserver-variable:input-port}
# slave instrspection
......@@ -474,31 +466,6 @@ slave-introspection-error-log = ${directory:log}/slave-introspection-error.log
slave-introspection-pid-file = ${directory:run}/slave-introspection.pid
slave-introspection-graceful-command = ${slave-introspection-validate:output} && kill -HUP $(cat ${:slave-introspection-pid-file})
# BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access]
recipe = slapos.recipe.build
certificate-file = ${self-signed-fallback-access:certificate}
init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[apache-certificate]
recipe = slapos.recipe.template:jinja2
inline =
{% raw %}
{{ certificate or fallback_certificate }}
{{ key or '' }}
{% endraw %}
context =
key certificate configuration:apache-certificate
key key configuration:apache-key
key fallback_certificate get-self-signed-fallback-access:certificate
output = ${directory:bbb-ssl-dir}/frontend.crt
# BBB: SlapOS Master non-zero knowledge END
[logrotate-entry-caddy]
<= logrotate-entry-base
name = caddy
......@@ -665,7 +632,7 @@ command = ${trafficserver-rotate-script:output}
url = {{ software_parameter_dict['template_configuration_state_script'] }}
output = ${directory:bin}/${:_buildout_section_name_}
path_list = ${caddy-configuration:frontend-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
path_list = ${caddy-configuration:frontend-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt
sha256sum = {{ software_parameter_dict['sha256sum'] }}
extra-context =
......
......@@ -6,18 +6,6 @@
"title": "Frontend Replication Quantity",
"type": "integer"
},
"apache-certificate": {
"description": "SSL Certificate used by the server. By appending to it CA certificate it is possible to use this field to replace not implemented apache-ca-certificate. Deprecated, please use master-key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Certificate, with optional CA certificate",
"type": "string"
},
"apache-key": {
"description": "SSL Key used by the server. Deprecated, please use master-key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Key",
"type": "string"
},
"domain": {
"description": "Domain used to generate automatic hostnames for slaves. For example 'example.com' will result with slave hostname 'slaveref.example.com'.",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
......
......@@ -10,8 +10,6 @@
{%- set FRONTEND_NODE_PASSED_KEY_LIST = [
'plain_http_port',
'port',
'apache-certificate',
'apache-key',
'domain',
'enable-http2-by-default',
'mpm-graceful-shutdown-timeout',
......@@ -62,9 +60,6 @@
'request-timeout',
'server-alias',
'ssl-proxy-verify',
'ssl_ca_crt',
'ssl_crt',
'ssl_key',
'ssl_proxy_ca_crt',
'strict-transport-security',
'strict-transport-security-preload',
......@@ -286,25 +281,11 @@ context =
{% endif %}
{% endif %}
{% endfor %}
{# BBB: SlapOS Master non-zero knowledge BEGIN #}
{% for key in ['ssl_key', 'ssl_crt', 'ssl_ca_crt'] %}
{% if key in slave %}
{% do slave_warning_list.append('%s is obsolete, please use key-upload-url' % (key,)) %}
{% do slave_warning_list.append('%s is discontinued, key-upload-url must be used instead' % (key,)) %}
{% endif %}
{% endfor %}
{% if slave.get('ssl_ca_crt') and not (slave.get('ssl_crt') and slave.get('ssl_key')) %}
{% do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required') %}
{% endif %}
{% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'].encode())[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'].encode())[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %}
{% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %}
{% endif %}
{% endif %}
{# BBB: SlapOS Master non-zero knowledge END #}
{% if slave.get('custom_domain') %}
{% set slave_custom_domain = '' ~ slave['custom_domain'] %}
{% if slave_custom_domain.startswith('*.') %}
......@@ -399,7 +380,7 @@ return =
{% set warning_list = [] %}
{% for key in ['apache-certificate', 'apache-key'] %}
{% if key in slapparameter_dict %}
{% do warning_list.append('%s is obsolete, please use master-key-upload-url' % (key, )) %}
{% do warning_list.append('%s is discontinued, master-key-upload-url must be used instead' % (key, )) %}
{% endif %}
{% endfor %}
......
......@@ -154,27 +154,6 @@
"title": "Verify Backend Certificates",
"type": "string"
},
"ssl_crt": {
"default": "",
"description": "Content of the SSL Certificate file. Deprecated, please use key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Certificate",
"type": "string"
},
"ssl_key": {
"default": "",
"description": "Content of the SSL Key file. Deprecated, please use key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Key",
"type": "string"
},
"ssl_ca_crt": {
"default": "",
"description": "Content of the CA certificate file. Deprecated, please use key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Certificate Authority's Certificate",
"type": "string"
},
"ssl_proxy_ca_crt": {
"default": "",
"description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
......
......@@ -17,9 +17,9 @@
{%- do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %}
{%- endif %}
{%- if master_key_download_url %}
{%- do kedifa_updater_mapping.append((master_key_download_url, caddy_configuration['master-certificate'], apache_certificate)) %}
{%- do kedifa_updater_mapping.append((master_key_download_url, caddy_configuration['master-certificate'], caddy_configuration['self-signed-fallback-certificate'])) %}
{%- else %}
{%- do kedifa_updater_mapping.append(('notreadyyet', caddy_configuration['master-certificate'], apache_certificate)) %}
{%- do kedifa_updater_mapping.append(('notreadyyet', caddy_configuration['master-certificate'], caddy_configuration['self-signed-fallback-certificate'])) %}
{%- endif %}
{%- if kedifa_configuration['slave_kedifa_information'] %}
{%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
......@@ -293,7 +293,6 @@ url = {{ empty_template }}
output = {{ cert_file }}
extra-context =
key content {{ cert_title + '-config:value' }}
{#- BBB: SlapOS Master non-zero knowledge BEGIN #}
{#- Store certificate in config #}
[{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }}
......@@ -302,24 +301,7 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
{%- endif %} {#- if cert_name in slave_instance #}
{%- endfor %}
{#- Set Up Certs #}
{%- if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
{%- set cert_title = '%s-crt' % (slave_reference) %}
{%- set cert_file = '/'.join([directory['bbb-ssl-dir'], cert_title.replace('-','.')]) %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate, cert_file)) %}
{%- do part_list.append(cert_title) %}
{%- do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
[{{cert_title}}]
< = jinja2-template-base
url = {{ empty_template }}
output = {{ cert_file }}
cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '') + '\n' + slave_instance.get('ssl_key')) }}
extra-context =
key content :cert-content
{%- else %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate, caddy_configuration['master-certificate'])) %}
{%- endif %}
{#- BBB: SlapOS Master non-zero knowledge END #}
{%- do kedifa_updater_mapping.append((key_download_url, certificate, caddy_configuration['master-certificate'])) %}
{#- ########################################## #}
{#- Set Slave Configuration #}
......
......@@ -89,8 +89,6 @@ configuration.kedifa_port = 7879
# Warning: Caucase takes also cacuase_port+1
configuration.caucase_port = 8890
configuration.caucase_backend_client_port = 8990
configuration.apache-key =
configuration.apache-certificate =
configuration.open-port = 80 443
configuration.disk-cache-size = 8G
configuration.ram-cache-size = 1G
......
......@@ -4911,838 +4911,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase,
)
class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def setUpMaster(cls):
parameter_dict = cls.requestDefaultInstance().getConnectionParameterDict()
cls._fetchKedifaCaucaseCaCertificateFile(parameter_dict)
# Do not upload certificates for the master partition
def _updateDataReplacementDict(self, data_replacement_dict):
local_replacement_dict = {
'@@certificate_pem@@': unicode_escape(self.certificate_pem.decode()),
'@@key_pem@@': unicode_escape(self.key_pem.decode()),
}
for key in list(local_replacement_dict.keys()):
new_key = ''.join([key[:-2], '_double', '@@'])
local_replacement_dict[new_key] = unicode_escape(
local_replacement_dict[key])
data_replacement_dict.update(**local_replacement_dict)
@classmethod
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
}
@classmethod
def getSlaveParameterDictDict(cls):
return {
'ssl_from_master_kedifa_overrides_master_certificate': {
'url': cls.backend_url,
'enable_cache': True
},
}
def test_ssl_from_master_kedifa_overrides_master_certificate(self):
parameter_dict = self.assertSlaveBase(
'ssl_from_master_kedifa_overrides_master_certificate')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = \
createSelfSignedCertificate([parameter_dict['domain']])
master_parameter_dict = \
self.requestDefaultInstance().getConnectionParameterDict()
auth = requests.get(
master_parameter_dict['master-key-generate-auth-url'],
verify=self.kedifa_caucase_ca_certificate_file)
requests.put(
master_parameter_dict['master-key-upload-url'] + auth.text,
data=key_pem + certificate_pem,
verify=self.kedifa_caucase_ca_certificate_file)
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
class TestSlaveSlapOSMasterCertificateCompatibility(
SlaveHttpFrontendTestCase, TestDataMixin):
def _updateDataReplacementDict(self, data_replacement_dict):
local_replacement_dict = {
'@@certificate_pem@@': unicode_escape(self.certificate_pem.decode()),
'@@key_pem@@': unicode_escape(self.key_pem.decode()),
'@@ssl_from_slave_certificate_pem@@': unicode_escape(
self.ssl_from_slave_certificate_pem.decode()),
'@@ssl_from_slave_key_pem@@': unicode_escape(
self.ssl_from_slave_key_pem.decode()),
'@@customdomain_certificate_pem@@': unicode_escape(
self.customdomain_certificate_pem.decode()),
'@@customdomain_key_pem@@': unicode_escape(
self.customdomain_key_pem.decode()),
'@@ssl_from_slave_kedifa_overrides_key_pem@@': unicode_escape(
self.ssl_from_slave_kedifa_overrides_key_pem.decode()),
'@@ssl_from_slave_kedifa_overrides_certificate_pem@@': unicode_escape(
self.ssl_from_slave_kedifa_overrides_certificate_pem.decode()),
'@@customdomain_ca_certificate_pem@@': unicode_escape(
self.customdomain_ca_certificate_pem.decode()),
'@@customdomain_ca_key_pem@@': unicode_escape(
self.customdomain_ca_key_pem.decode()),
'@@ca.certificate_pem@@': unicode_escape(
self.ca.certificate_pem.decode()),
'@@sslcacrtgarbage_ca_certificate_pem@@': unicode_escape(
self.sslcacrtgarbage_ca_certificate_pem.decode()),
'@@sslcacrtgarbage_ca_key_pem@@': unicode_escape(
self.sslcacrtgarbage_ca_key_pem.decode()),
'@@type_notebook_ssl_from_slave_certificate_pem@@': unicode_escape(
self.type_notebook_ssl_from_slave_certificate_pem.decode()),
'@@type_notebook_ssl_from_slave_key_pem@@': unicode_escape(
self.type_notebook_ssl_from_slave_key_pem.decode()),
'@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem@@':
unicode_escape(
self.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem
.decode()),
'@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem@@':
unicode_escape(
self.type_notebook_ssl_from_slave_kedifa_overrides_key_pem.decode()),
}
for key in list(local_replacement_dict.keys()):
new_key = ''.join([key[:-2], '_double', '@@'])
local_replacement_dict[new_key] = unicode_escape(
local_replacement_dict[key])
data_replacement_dict.update(**local_replacement_dict)
@classmethod
def setUpMaster(cls):
parameter_dict = cls.requestDefaultInstance().getConnectionParameterDict()
cls._fetchKedifaCaucaseCaCertificateFile(parameter_dict)
# Do not upload certificates for the master partition
@classmethod
def prepareCertificate(cls):
_, cls.ssl_from_slave_key_pem, _, cls.ssl_from_slave_certificate_pem = \
createSelfSignedCertificate(
[
'sslfromslave.example.com',
])
_, cls.ssl_from_slave_kedifa_overrides_key_pem, _, \
cls.ssl_from_slave_kedifa_overrides_certificate_pem = \
createSelfSignedCertificate(
[
'sslfromslavekedifaoverrides.example.com',
])
_, cls.type_notebook_ssl_from_slave_key_pem, _, \
cls.type_notebook_ssl_from_slave_certificate_pem = \
createSelfSignedCertificate(
[
'typenotebooksslfromslave.example.com',
])
_, cls.type_notebook_ssl_from_slave_kedifa_overrides_key_pem, _, \
cls.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem = \
createSelfSignedCertificate(
[
'typenotebooksslfromslavekedifaoverrides.example.com',
])
cls.ca = CertificateAuthority(
'TestSlaveSlapOSMasterCertificateCompatibility')
_, cls.customdomain_ca_key_pem, csr, _ = createCSR(
'customdomainsslcrtsslkeysslcacrt.example.com')
_, cls.customdomain_ca_certificate_pem = cls.ca.signCSR(csr)
_, cls.sslcacrtgarbage_ca_key_pem, csr, _ = createCSR(
'sslcacrtgarbage.example.com')
_, cls.sslcacrtgarbage_ca_certificate_pem = cls.ca.signCSR(csr)
_, cls.ssl_from_slave_ca_key_pem, csr, _ = createCSR(
'sslfromslave.example.com')
_, cls.ssl_from_slave_ca_certificate_pem = cls.ca.signCSR(csr)
_, cls.customdomain_key_pem, _, cls.customdomain_certificate_pem = \
createSelfSignedCertificate(['customdomainsslcrtsslkey.example.com'])
super(
TestSlaveSlapOSMasterCertificateCompatibility, cls).prepareCertificate()
@classmethod
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
}
@classmethod
def getSlaveParameterDictDict(cls):
return {
'ssl_from_master': {
'url': cls.backend_url,
'enable_cache': True,
},
'ssl_from_master_kedifa_overrides': {
'url': cls.backend_url,
},
'ssl_from_slave': {
'url': cls.backend_url,
'ssl_crt': cls.ssl_from_slave_certificate_pem,
'ssl_key': cls.ssl_from_slave_key_pem,
},
'ssl_from_slave_kedifa_overrides': {
'url': cls.backend_url,
'ssl_crt': cls.ssl_from_slave_kedifa_overrides_certificate_pem,
'ssl_key': cls.ssl_from_slave_kedifa_overrides_key_pem,
},
'custom_domain_ssl_crt_ssl_key': {
'url': cls.backend_url,
'ssl_crt': cls.customdomain_certificate_pem,
'ssl_key': cls.customdomain_key_pem,
'custom_domain': 'customdomainsslcrtsslkey.example.com'
},
'custom_domain_ssl_crt_ssl_key_ssl_ca_crt': {
'url': cls.backend_url,
'ssl_crt': cls.customdomain_ca_certificate_pem,
'ssl_key': cls.customdomain_ca_key_pem,
'ssl_ca_crt': cls.ca.certificate_pem,
'custom_domain': 'customdomainsslcrtsslkeysslcacrt.example.com',
},
'ssl_ca_crt_garbage': {
'url': cls.backend_url,
'ssl_crt': cls.sslcacrtgarbage_ca_certificate_pem,
'ssl_key': cls.sslcacrtgarbage_ca_key_pem,
'ssl_ca_crt': 'some garbage',
},
'ssl_ca_crt_does_not_match': {
'url': cls.backend_url,
'ssl_crt': cls.certificate_pem,
'ssl_key': cls.key_pem,
'ssl_ca_crt': cls.ca.certificate_pem,
},
'type-notebook-ssl_from_master': {
'url': cls.backend_url,
'type': 'notebook',
},
'type-notebook-ssl_from_slave': {
'url': cls.backend_url,
'ssl_crt': cls.type_notebook_ssl_from_slave_certificate_pem,
'ssl_key': cls.type_notebook_ssl_from_slave_key_pem,
'type': 'notebook',
},
'type-notebook-ssl_from_master_kedifa_overrides': {
'url': cls.backend_url,
'type': 'notebook',
},
'type-notebook-ssl_from_slave_kedifa_overrides': {
'url': cls.backend_url,
'ssl_crt':
cls.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem,
'ssl_key':
cls.type_notebook_ssl_from_slave_kedifa_overrides_key_pem,
'type': 'notebook',
}
}
def test_master_partition_state(self):
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertBackendHaproxyStatisticUrl(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertNodeInformationWithPop(parameter_dict)
self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)
expected_parameter_dict = {
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com',
'accepted-slave-amount': '12',
'rejected-slave-amount': '0',
'slave-amount': '12',
'rejected-slave-dict': {
},
'warning-list': [
'apache-certificate is obsolete, please use master-key-upload-url',
'apache-key is obsolete, please use master-key-upload-url',
],
'warning-slave-dict': {
'_custom_domain_ssl_crt_ssl_key': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url'
],
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url'
],
'_ssl_ca_crt_does_not_match': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
'_ssl_ca_crt_garbage': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
# u'_ssl_ca_crt_only': [
# u'ssl_ca_crt is obsolete, please use key-upload-url',
# ],
'_ssl_from_slave': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
'_ssl_from_slave_kedifa_overrides': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
# u'_ssl_key-ssl_crt-unsafe': [
# u'ssl_key is obsolete, please use key-upload-url',
# u'ssl_crt is obsolete, please use key-upload-url',
# ],
'_type-notebook-ssl_from_slave': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
'_type-notebook-ssl_from_slave_kedifa_overrides': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
}
}
self.assertEqual(
expected_parameter_dict,
parameter_dict
)
def test_ssl_from_master(self):
parameter_dict = self.assertSlaveBase('ssl_from_master')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_from_master_kedifa_overrides(self):
parameter_dict = self.assertSlaveBase('ssl_from_master_kedifa_overrides')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = \
createSelfSignedCertificate([parameter_dict['domain']])
# as now the place to put the key is known put the key there
auth = requests.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate_pem + key_pem
upload = requests.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_from_slave(self):
parameter_dict = self.assertSlaveBase(
'ssl_from_slave',
expected_parameter_dict={
'warning-list': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
]
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.ssl_from_slave_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_from_slave_kedifa_overrides(self):
parameter_dict = self.assertSlaveBase(
'ssl_from_slave_kedifa_overrides',
expected_parameter_dict={
'warning-list': ['ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url']
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.ssl_from_slave_kedifa_overrides_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = \
createSelfSignedCertificate([parameter_dict['domain']])
# as now the place to put the key is known put the key there
auth = requests.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate_pem + key_pem
upload = requests.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_type_notebook_ssl_from_master(self):
parameter_dict = self.assertSlaveBase('type-notebook-ssl_from_master')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_type_notebook_ssl_from_master_kedifa_overrides(self):
parameter_dict = self.assertSlaveBase(
'type-notebook-ssl_from_master_kedifa_overrides')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = \
createSelfSignedCertificate([parameter_dict['domain']])
# as now the place to put the key is known put the key there
auth = requests.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate_pem + key_pem
upload = requests.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_type_notebook_ssl_from_slave(self):
parameter_dict = self.assertSlaveBase(
'type-notebook-ssl_from_slave',
expected_parameter_dict={
'warning-list': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
]
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
self.type_notebook_ssl_from_slave_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_type_notebook_ssl_from_slave_kedifa_overrides(self):
parameter_dict = self.assertSlaveBase(
'type-notebook-ssl_from_slave_kedifa_overrides',
expected_parameter_dict={
'warning-list': ['ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url']
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
self.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = \
createSelfSignedCertificate([parameter_dict['domain']])
# as now the place to put the key is known put the key there
auth = requests.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate_pem + key_pem
upload = requests.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
@skip('Not implemented in new test system')
def test_custom_domain_ssl_crt_ssl_key(self):
parameter_dict = self.assertSlaveBase(
'custom_domain_ssl_crt_ssl_key',
expected_parameter_dict={
'warning-list': ['ssl_key is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url']
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.customdomain_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_ca_crt(self):
parameter_dict = self.assertSlaveBase(
'custom_domain_ssl_crt_ssl_key_ssl_ca_crt',
expected_parameter_dict={
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url'
]
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.customdomain_ca_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'srv', 'bbb-ssl',
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.crt'))
self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0]
with open(certificate_file) as out:
expected = \
self.customdomain_ca_certificate_pem.decode() + '\n' + \
self.ca.certificate_pem.decode() + '\n' + \
self.customdomain_ca_key_pem.decode()
self.assertEqual(
expected,
out.read()
)
ca = CertificateAuthority(
'TestSlaveSlapOSMasterCertificateCompatibility')
_, customdomain_ca_key_pem, csr, _ = createCSR(
'customdomainsslcrtsslkeysslcacrt.example.com')
_, customdomain_ca_certificate_pem = ca.signCSR(csr)
slave_parameter_dict = self.getSlaveParameterDictDict()[
'custom_domain_ssl_crt_ssl_key_ssl_ca_crt'].copy()
slave_parameter_dict.update(
ssl_crt=customdomain_ca_certificate_pem,
ssl_key=customdomain_ca_key_pem,
ssl_ca_crt=ca.certificate_pem,
)
self.requestSlaveInstance(
partition_reference='custom_domain_ssl_crt_ssl_key_ssl_ca_crt',
partition_parameter_kw=slave_parameter_dict,
)
self.slap.waitForInstance()
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
customdomain_ca_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'srv', 'bbb-ssl',
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.crt'))
self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0]
with open(certificate_file) as out:
expected = customdomain_ca_certificate_pem.decode() + '\n' + \
ca.certificate_pem.decode() + '\n' + \
customdomain_ca_key_pem.decode()
self.assertEqual(
expected,
out.read()
)
def test_ssl_ca_crt_garbage(self):
parameter_dict = self.assertSlaveBase(
'ssl_ca_crt_garbage',
expected_parameter_dict={
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url']
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.sslcacrtgarbage_ca_certificate_pem,
der2pem(result.peercert)
)
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_ca_crt_does_not_match(self):
parameter_dict = self.assertSlaveBase(
'ssl_ca_crt_does_not_match',
expected_parameter_dict={
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url'
]
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'srv', 'bbb-ssl',
'_ssl_ca_crt_does_not_match.crt'))
self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0]
with open(certificate_file) as out:
expected = self.certificate_pem.decode() + '\n' + \
self.ca.certificate_pem.decode() + '\n' + \
self.key_pem.decode()
self.assertEqual(
expected,
out.read()
)
class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def setUpMaster(cls):
parameter_dict = cls.requestDefaultInstance().getConnectionParameterDict()
cls._fetchKedifaCaucaseCaCertificateFile(parameter_dict)
# Do not upload certificates for the master partition
def _updateDataReplacementDict(self, data_replacement_dict):
local_replacement_dict = {
'@@certificate_pem@@': unicode_escape(self.certificate_pem.decode()),
'@@key_pem@@': unicode_escape(self.key_pem.decode()),
}
for key in list(local_replacement_dict.keys()):
new_key = ''.join([key[:-2], '_double', '@@'])
local_replacement_dict[new_key] = unicode_escape(
local_replacement_dict[key])
data_replacement_dict.update(**local_replacement_dict)
instance_parameter_dict = {
'domain': 'example.com',
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
}
@classmethod
def getInstanceParameterDict(cls):
if 'apache-certificate' not in cls.instance_parameter_dict:
cls.instance_parameter_dict.update(**{
'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem,
})
return cls.instance_parameter_dict
@classmethod
def getSlaveParameterDictDict(cls):
return {
'ssl_from_master': {
'url': cls.backend_url,
'enable_cache': True,
},
}
def test_master_partition_state(self):
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertBackendHaproxyStatisticUrl(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertNodeInformationWithPop(parameter_dict)
self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)
expected_parameter_dict = {
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com',
'accepted-slave-amount': '1',
'rejected-slave-amount': '0',
'rejected-slave-dict': {},
'slave-amount': '1',
'warning-list': [
'apache-certificate is obsolete, please use master-key-upload-url',
'apache-key is obsolete, please use master-key-upload-url',
],
}
self.assertEqual(
expected_parameter_dict,
parameter_dict
)
def test_apache_key_apache_certificate_update(self):
parameter_dict = self.assertSlaveBase('ssl_from_master')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = createSelfSignedCertificate(
[
'*.customdomain.example.com',
'*.example.com',
'*.alias1.example.com',
])
self.instance_parameter_dict.update(**{
'apache-certificate': certificate_pem,
'apache-key': key_pem,
})
self.requestDefaultInstance()
self.slap.waitForInstance()
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def getInstanceParameterDict(cls):
......@@ -5964,14 +5132,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'custom_domain': 'duplicate.example.com',
'server-alias': 'duplicate.example.com',
},
'SSL_CA_CRT_ONLY': {
'url': cls.backend_url,
'ssl_ca_crt': cls.ca.certificate_pem,
},
'SSL_KEY-SSL_CRT-UNSAFE': {
'ssl_key': '${section:option}ssl_keyunsafe\nunsafe',
'ssl_crt': '${section:option}ssl_crtunsafe\nunsafe',
},
'health-check-http-method': {
'health-check': True,
'health-check-http-method': 'WRONG',
......@@ -6050,8 +5210,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com',
'accepted-slave-amount': '5',
'rejected-slave-amount': '28',
'slave-amount': '33',
'rejected-slave-amount': '26',
'slave-amount': '31',
'rejected-slave-dict': {
'_HTTPS-URL': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
' invalid'],
......@@ -6076,10 +5236,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'_SITE_2': ["custom_domain 'duplicate.example.com' clashes"],
'_SITE_3': ["server-alias 'duplicate.example.com' clashes"],
'_SITE_4': ["custom_domain 'duplicate.example.com' clashes"],
'_SSL_CA_CRT_ONLY': [
"ssl_ca_crt is present, so ssl_crt and ssl_key are required"],
'_SSL_KEY-SSL_CRT-UNSAFE': [
"slave ssl_key and ssl_crt does not match"],
'_BAD-BACKEND': [
"slave https-url 'http://host.domain:badport' invalid",
"slave url 'http://1:2:3:4' invalid"],
......@@ -6117,12 +5273,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'_health-check-timeout-negative': [
'Wrong health-check-timeout -2'],
},
'warning-slave-dict': {
'_SSL_CA_CRT_ONLY': [
'ssl_ca_crt is obsolete, please use key-upload-url'],
'_SSL_KEY-SSL_CRT-UNSAFE': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url']}
}
self.assertEqual(
......@@ -6398,33 +5548,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
parameter_dict
)
def test_ssl_ca_crt_only(self):
parameter_dict = self.parseSlaveParameterDict('SSL_CA_CRT_ONLY')
self.assertNodeInformationWithPop(parameter_dict)
self.assertEqual(
parameter_dict,
{
'request-error-list': [
"ssl_ca_crt is present, so ssl_crt and ssl_key are required"],
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
],
}
)
def test_ssl_key_ssl_crt_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('SSL_KEY-SSL_CRT-UNSAFE')
self.assertNodeInformationWithPop(parameter_dict)
self.assertEqual(
{
'request-error-list': ["slave ssl_key and ssl_crt does not match"],
'warning-list': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url']
},
parameter_dict
)
def test_bad_backend(self):
parameter_dict = self.parseSlaveParameterDict('BAD-BACKEND')
self.assertNodeInformationWithPop(parameter_dict)
......@@ -6558,8 +5681,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'automatic-internal-kedifa-caucase-csr': False,
'automatic-internal-backend-client-caucase-csr': False,
# all nodes partition parameters
'apache-certificate': self.certificate_pem,
'apache-key': self.key_pem,
'domain': 'example.com',
'enable-http2-by-default': True,
'mpm-graceful-shutdown-timeout': 2,
......@@ -6643,8 +5764,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
expected_partition_parameter_dict_dict = {
'caddy-frontend-1': {
'X-software_release_url': base_software_url,
'apache-certificate': self.certificate_pem.decode(),
'apache-key': self.key_pem.decode(),
'authenticate-to-backend': 'True',
'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1',
......@@ -6669,8 +5788,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
},
'caddy-frontend-2': {
'X-software_release_url': self.frontend_2_sr,
'apache-certificate': self.certificate_pem.decode(),
'apache-key': self.key_pem.decode(),
'authenticate-to-backend': 'True',
'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1',
......@@ -6695,8 +5812,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
},
'caddy-frontend-3': {
'X-software_release_url': self.frontend_3_sr,
'apache-certificate': self.certificate_pem.decode(),
'apache-key': self.key_pem.decode(),
'authenticate-to-backend': 'True',
'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1',
......@@ -6740,8 +5855,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'-sla-2-computer_guid': 'local',
'-sla-3-computer_guid': 'local',
'X-software_release_url': base_software_url,
'apache-certificate': self.certificate_pem.decode(),
'apache-key': self.key_pem.decode(),
'authenticate-to-backend': 'True',
'automatic-internal-backend-client-caucase-csr': 'False',
'automatic-internal-kedifa-caucase-csr': 'False',
......
[
{
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"caucase_port": "15090",
"domain": "example.com",
"full_address_list": [],
"instance_title": "testing partition 0",
"ip_list": [
[
"T-0",
"@@_ipv4_address@@"
],
[
"T-0",
"@@_ipv6_address@@"
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-0",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master",
"slave_title": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master_kedifa_overrides",
"slave_title": "_ssl_from_master_kedifa_overrides",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave",
"slave_title": "_ssl_from_slave",
"ssl_crt": "@@ssl_from_slave_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave_kedifa_overrides",
"slave_title": "_ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"custom_domain": "customdomainsslcrtsslkey.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_custom_domain_ssl_crt_ssl_key",
"slave_title": "_custom_domain_ssl_crt_ssl_key",
"ssl_crt": "@@customdomain_certificate_pem@@",
"ssl_key": "@@customdomain_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"custom_domain": "customdomainsslcrtsslkeysslcacrt.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_custom_domain_ssl_crt_ssl_key_ssl_ca_crt",
"slave_title": "_custom_domain_ssl_crt_ssl_key_ssl_ca_crt",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@customdomain_ca_certificate_pem@@",
"ssl_key": "@@customdomain_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_garbage",
"slave_title": "_ssl_ca_crt_garbage",
"ssl_ca_crt": "some garbage",
"ssl_crt": "@@sslcacrtgarbage_ca_certificate_pem@@",
"ssl_key": "@@sslcacrtgarbage_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_does_not_match",
"slave_title": "_ssl_ca_crt_does_not_match",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@certificate_pem@@",
"ssl_key": "@@key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_master",
"slave_title": "_type-notebook-ssl_from_master",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_slave",
"slave_title": "_type-notebook-ssl_from_slave",
"ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
"slave_title": "_type-notebook-ssl_from_master_kedifa_overrides",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_slave_kedifa_overrides",
"slave_title": "_type-notebook-ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem@@",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"caucase_port": "15090",
"cluster-identification": "testing partition 0",
"kedifa_port": "15080",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"slave-list": [
{
"custom_domain": "customdomainsslcrtsslkey.example.com",
"slave_reference": "_custom_domain_ssl_crt_ssl_key",
"ssl_crt": "@@customdomain_certificate_pem@@",
"ssl_key": "@@customdomain_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"custom_domain": "customdomainsslcrtsslkeysslcacrt.example.com",
"slave_reference": "_custom_domain_ssl_crt_ssl_key_ssl_ca_crt",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@customdomain_ca_certificate_pem@@",
"ssl_key": "@@customdomain_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_ssl_ca_crt_does_not_match",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@certificate_pem@@",
"ssl_key": "@@key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_ssl_ca_crt_garbage",
"ssl_ca_crt": "some garbage",
"ssl_crt": "@@sslcacrtgarbage_ca_certificate_pem@@",
"ssl_key": "@@sslcacrtgarbage_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"enable_cache": true,
"slave_reference": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_ssl_from_master_kedifa_overrides",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_ssl_from_slave",
"ssl_crt": "@@ssl_from_slave_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_type-notebook-ssl_from_master",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_type-notebook-ssl_from_slave",
"ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_type-notebook-ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem@@",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
]
},
"full_address_list": [],
"instance_title": "kedifa",
"ip_list": [
[
"T-1",
"@@_ipv4_address@@"
],
[
"T-1",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-1",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "kedifa",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"ssl_crt\": \"@@customdomain_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@customdomain_ca_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@certificate_pem_double@@\", \"ssl_key\": \"@@key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"ssl_ca_crt\": \"some garbage\", \"ssl_crt\": \"@@sslcacrtgarbage_ca_certificate_pem_double@@\", \"ssl_key\": \"@@sslcacrtgarbage_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_master_kedifa_overrides\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave\", \"ssl_crt\": \"@@ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master_kedifa_overrides\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"slave-kedifa-information": "{\"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
"instance_title": "caddy-frontend-1",
"ip_list": [
[
"T-2",
"@@_ipv4_address@@"
],
[
"T-2",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-2",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "single-custom-personal",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
}
]
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/master-key-download-url-ready-promise.py
T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
T-0/etc/plugin/master-key-upload-url-ready-promise.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-kedifa-auth-ready.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-key-download-url-ready.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/slave-introspection.pid
T-2/var/run/slave_introspection_configuration_last_state
T-2/var/run/slave_introspection_graceful_configuration_state_signature
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_backend_log
T-2/var/log/httpd/_ssl_from_master_error_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_backend_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_error_log
T-2/var/log/httpd/_ssl_from_slave_access_log
T-2/var/log/httpd/_ssl_from_slave_backend_log
T-2/var/log/httpd/_ssl_from_slave_error_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_access_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_backend_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
[
{
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"caucase_port": "15090",
"domain": "example.com",
"full_address_list": [],
"instance_title": "testing partition 0",
"ip_list": [
[
"T-0",
"@@_ipv4_address@@"
],
[
"T-0",
"@@_ipv6_address@@"
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-0",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master_kedifa_overrides_master_certificate",
"slave_title": "_ssl_from_master_kedifa_overrides_master_certificate",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"caucase_port": "15090",
"cluster-identification": "testing partition 0",
"kedifa_port": "15080",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"slave-list": [
{
"enable_cache": true,
"slave_reference": "_ssl_from_master_kedifa_overrides_master_certificate",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
]
},
"full_address_list": [],
"instance_title": "kedifa",
"ip_list": [
[
"T-1",
"@@_ipv4_address@@"
],
[
"T-1",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-1",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "kedifa",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
"instance_title": "caddy-frontend-1",
"ip_list": [
[
"T-2",
"@@_ipv4_address@@"
],
[
"T-2",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-2",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "single-custom-personal",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
}
]
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/master-key-download-url-ready-promise.py
T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
T-0/etc/plugin/master-key-upload-url-ready-promise.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-kedifa-auth-ready.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-key-download-url-ready.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/slave-introspection.pid
T-2/var/run/slave_introspection_configuration_last_state
T-2/var/run/slave_introspection_graceful_configuration_state_signature
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_backend_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
[
{
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"caucase_port": "15090",
"domain": "example.com",
"full_address_list": [],
"instance_title": "testing partition 0",
"ip_list": [
[
"T-0",
"@@_ipv4_address@@"
],
[
"T-0",
"@@_ipv6_address@@"
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-0",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master",
"slave_title": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"caucase_port": "15090",
"cluster-identification": "testing partition 0",
"kedifa_port": "15080",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"slave-list": [
{
"enable_cache": true,
"slave_reference": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
]
},
"full_address_list": [],
"instance_title": "kedifa",
"ip_list": [
[
"T-1",
"@@_ipv4_address@@"
],
[
"T-1",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-1",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "kedifa",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
"instance_title": "caddy-frontend-1",
"ip_list": [
[
"T-2",
"@@_ipv4_address@@"
],
[
"T-2",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-2",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "single-custom-personal",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
}
]
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/master-key-download-url-ready-promise.py
T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
T-0/etc/plugin/master-key-upload-url-ready-promise.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-kedifa-auth-ready.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-key-download-url-ready.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/slave-introspection.pid
T-2/var/run/slave_introspection_configuration_last_state
T-2/var/run/slave_introspection_graceful_configuration_state_signature
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_backend_log
T-2/var/log/httpd/_ssl_from_master_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment