Commit 2e5779d0 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Drop non zero knowledge certificate management

The kedifa way is working for long time and users has been warned about moving
there, so now it's time to drop the insecure approach totally.
parent 3bdf421c
Pipeline #24149 running with stage
...@@ -139,8 +139,6 @@ This replaces old request parameters: ...@@ -139,8 +139,6 @@ This replaces old request parameters:
* ``apache-key`` * ``apache-key``
* ``apache-ca-certificate`` * ``apache-ca-certificate``
(*Note*: They are still supported for backward compatibility, but any value send to the ``master-key-upload-url`` will supersede information from SlapOS Master.)
Slave partition Slave partition
--------------- ---------------
...@@ -167,8 +165,6 @@ This replaces old request parameters: ...@@ -167,8 +165,6 @@ This replaces old request parameters:
* ``ssl_key`` * ``ssl_key``
* ``ssl_ca_crt`` * ``ssl_ca_crt``
(*Note*: They are still supported for backward compatibility, but any value send to the ``key-upload-url`` will supersede information from SlapOS Master.)
Instance Parameters Instance Parameters
=================== ===================
...@@ -331,42 +327,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be:: ...@@ -331,42 +327,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
"domain": "www.example.org", "domain": "www.example.org",
"enable_cache": "True", "enable_cache": "True",
Advanced example - XXX - to be written
--------------------------------------
Request slave frontend instance using custom apache configuration, willing to use cache and ssl certificates.
Listening to a custom domain and redirecting to /erp5/ so that
https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
the proxy::
instance = request(
software_release=caddy_frontend,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
software_type="custom-personal",
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
"enable_cache":"true",
"type":"zope",
"path":"/erp5",
"domain":"example.org",
"ssl_key":"-----BEGIN RSA PRIVATE KEY-----
XXXXXXX..........XXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----",
"ssl_crt":'-----BEGIN CERTIFICATE-----
XXXXXXXXXXX.............XXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----',
"ssl_ca_crt":'-----BEGIN CERTIFICATE-----
XXXXXXXXX...........XXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----',
"ssl_csr":'-----BEGIN CERTIFICATE REQUEST-----
XXXXXXXXXXXXXXX.............XXXXXXXXXXXXXXXXXX
-----END CERTIFICATE REQUEST-----',
}
)
Promises Promises
======== ========
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = d408adbd12d4161c22fe9c29118fd83e md5sum = d836ff58655a7f0503104cb9a39fdb42
[profile-common] [profile-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend] [profile-frontend]
filename = instance-frontend.cfg.in filename = instance-frontend.cfg.in
md5sum = 0ec59d2fb5617e82d1848c1170772d84 md5sum = 5dea84310dd0fcee1d3d9929e15e3d62
[profile-master] [profile-master]
filename = instance-master.cfg.in filename = instance-master.cfg.in
md5sum = 2c599c22f6ab9bf2bbc48da8a12ae6e0 md5sum = e2e927ca7609c378375497c67eec0ef7
[profile-slave-list] [profile-slave-list]
filename = instance-slave-list.cfg.in filename = instance-slave-list.cfg.in
md5sum = 5be5a32d5cf22e10967e59570dda2d36 md5sum = 2c5069eea87876eebf7ba130f7e339ed
[profile-master-publish-slave-information] [profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in filename = instance-master-publish-slave-information.cfg.in
......
...@@ -152,9 +152,6 @@ etc-run = ${:etc}/run ...@@ -152,9 +152,6 @@ etc-run = ${:etc}/run
ca-dir = ${:srv}/ssl ca-dir = ${:srv}/ssl
backend-client-dir = ${:srv}/backend-client backend-client-dir = ${:srv}/backend-client
# BBB: SlapOS Master non-zero knowledge BEGIN
bbb-ssl-dir = ${:srv}/bbb-ssl
# BBB: SlapOS Master non-zero knowledge END
frontend_cluster = ${:var}/frontend_cluster frontend_cluster = ${:var}/frontend_cluster
...@@ -381,9 +378,6 @@ extra-context = ...@@ -381,9 +378,6 @@ extra-context =
key software_release_url version-hash:software-release-url key software_release_url version-hash:software-release-url
key node_information frontend-node-information:value key node_information frontend-node-information:value
key custom_ssl_directory caddy-directory:custom-ssl-directory key custom_ssl_directory caddy-directory:custom-ssl-directory
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:output
# BBB: SlapOS Master non-zero knowledge END
## backend haproxy ## backend haproxy
key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration
## Configuration passed by section ## Configuration passed by section
...@@ -415,9 +409,6 @@ extra-context = ...@@ -415,9 +409,6 @@ extra-context =
key not_found_file caddy-configuration:not-found-file key not_found_file caddy-configuration:not-found-file
key username monitor-instance-parameter:username key username monitor-instance-parameter:username
key password monitor-htpasswd:passwd key password monitor-htpasswd:passwd
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:output
# BBB: SlapOS Master non-zero knowledge END
[caddy-wrapper] [caddy-wrapper]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
...@@ -466,6 +457,7 @@ pid-file = ${directory:run}/httpd.pid ...@@ -466,6 +457,7 @@ pid-file = ${directory:run}/httpd.pid
frontend-graceful-command = ${frontend-caddy-validate:output} && kill -USR1 $(cat ${:pid-file}) frontend-graceful-command = ${frontend-caddy-validate:output} && kill -USR1 $(cat ${:pid-file})
not-found-file = ${caddy-directory:document-root}/${not-found-html:filename} not-found-file = ${caddy-directory:document-root}/${not-found-html:filename}
master-certificate = ${caddy-directory:master-autocert-dir}/master.pem master-certificate = ${caddy-directory:master-autocert-dir}/master.pem
self-signed-fallback-certificate = ${self-signed-fallback-access:certificate}
# Communication with ATS # Communication with ATS
cache-port = ${trafficserver-variable:input-port} cache-port = ${trafficserver-variable:input-port}
# slave instrspection # slave instrspection
...@@ -474,31 +466,6 @@ slave-introspection-error-log = ${directory:log}/slave-introspection-error.log ...@@ -474,31 +466,6 @@ slave-introspection-error-log = ${directory:log}/slave-introspection-error.log
slave-introspection-pid-file = ${directory:run}/slave-introspection.pid slave-introspection-pid-file = ${directory:run}/slave-introspection.pid
slave-introspection-graceful-command = ${slave-introspection-validate:output} && kill -HUP $(cat ${:slave-introspection-pid-file}) slave-introspection-graceful-command = ${slave-introspection-validate:output} && kill -HUP $(cat ${:slave-introspection-pid-file})
# BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access]
recipe = slapos.recipe.build
certificate-file = ${self-signed-fallback-access:certificate}
init =
import os
options['certificate'] = ''
if os.path.exists(options['certificate-file']):
with open(options['certificate-file'], 'r') as fh:
options['certificate'] = fh.read()
[apache-certificate]
recipe = slapos.recipe.template:jinja2
inline =
{% raw %}
{{ certificate or fallback_certificate }}
{{ key or '' }}
{% endraw %}
context =
key certificate configuration:apache-certificate
key key configuration:apache-key
key fallback_certificate get-self-signed-fallback-access:certificate
output = ${directory:bbb-ssl-dir}/frontend.crt
# BBB: SlapOS Master non-zero knowledge END
[logrotate-entry-caddy] [logrotate-entry-caddy]
<= logrotate-entry-base <= logrotate-entry-base
name = caddy name = caddy
...@@ -665,7 +632,7 @@ command = ${trafficserver-rotate-script:output} ...@@ -665,7 +632,7 @@ command = ${trafficserver-rotate-script:output}
url = {{ software_parameter_dict['template_configuration_state_script'] }} url = {{ software_parameter_dict['template_configuration_state_script'] }}
output = ${directory:bin}/${:_buildout_section_name_} output = ${directory:bin}/${:_buildout_section_name_}
path_list = ${caddy-configuration:frontend-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt path_list = ${caddy-configuration:frontend-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt
sha256sum = {{ software_parameter_dict['sha256sum'] }} sha256sum = {{ software_parameter_dict['sha256sum'] }}
extra-context = extra-context =
......
...@@ -6,18 +6,6 @@ ...@@ -6,18 +6,6 @@
"title": "Frontend Replication Quantity", "title": "Frontend Replication Quantity",
"type": "integer" "type": "integer"
}, },
"apache-certificate": {
"description": "SSL Certificate used by the server. By appending to it CA certificate it is possible to use this field to replace not implemented apache-ca-certificate. Deprecated, please use master-key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Certificate, with optional CA certificate",
"type": "string"
},
"apache-key": {
"description": "SSL Key used by the server. Deprecated, please use master-key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Key",
"type": "string"
},
"domain": { "domain": {
"description": "Domain used to generate automatic hostnames for slaves. For example 'example.com' will result with slave hostname 'slaveref.example.com'.", "description": "Domain used to generate automatic hostnames for slaves. For example 'example.com' will result with slave hostname 'slaveref.example.com'.",
"pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$", "pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
......
...@@ -10,8 +10,6 @@ ...@@ -10,8 +10,6 @@
{%- set FRONTEND_NODE_PASSED_KEY_LIST = [ {%- set FRONTEND_NODE_PASSED_KEY_LIST = [
'plain_http_port', 'plain_http_port',
'port', 'port',
'apache-certificate',
'apache-key',
'domain', 'domain',
'enable-http2-by-default', 'enable-http2-by-default',
'mpm-graceful-shutdown-timeout', 'mpm-graceful-shutdown-timeout',
...@@ -62,9 +60,6 @@ ...@@ -62,9 +60,6 @@
'request-timeout', 'request-timeout',
'server-alias', 'server-alias',
'ssl-proxy-verify', 'ssl-proxy-verify',
'ssl_ca_crt',
'ssl_crt',
'ssl_key',
'ssl_proxy_ca_crt', 'ssl_proxy_ca_crt',
'strict-transport-security', 'strict-transport-security',
'strict-transport-security-preload', 'strict-transport-security-preload',
...@@ -286,25 +281,11 @@ context = ...@@ -286,25 +281,11 @@ context =
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{# BBB: SlapOS Master non-zero knowledge BEGIN #}
{% for key in ['ssl_key', 'ssl_crt', 'ssl_ca_crt'] %} {% for key in ['ssl_key', 'ssl_crt', 'ssl_ca_crt'] %}
{% if key in slave %} {% if key in slave %}
{% do slave_warning_list.append('%s is obsolete, please use key-upload-url' % (key,)) %} {% do slave_warning_list.append('%s is discontinued, key-upload-url must be used instead' % (key,)) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% if slave.get('ssl_ca_crt') and not (slave.get('ssl_crt') and slave.get('ssl_key')) %}
{% do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required') %}
{% endif %}
{% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'].encode())[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'].encode())[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %}
{% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %}
{% endif %}
{% endif %}
{# BBB: SlapOS Master non-zero knowledge END #}
{% if slave.get('custom_domain') %} {% if slave.get('custom_domain') %}
{% set slave_custom_domain = '' ~ slave['custom_domain'] %} {% set slave_custom_domain = '' ~ slave['custom_domain'] %}
{% if slave_custom_domain.startswith('*.') %} {% if slave_custom_domain.startswith('*.') %}
...@@ -399,7 +380,7 @@ return = ...@@ -399,7 +380,7 @@ return =
{% set warning_list = [] %} {% set warning_list = [] %}
{% for key in ['apache-certificate', 'apache-key'] %} {% for key in ['apache-certificate', 'apache-key'] %}
{% if key in slapparameter_dict %} {% if key in slapparameter_dict %}
{% do warning_list.append('%s is obsolete, please use master-key-upload-url' % (key, )) %} {% do warning_list.append('%s is discontinued, master-key-upload-url must be used instead' % (key, )) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
......
...@@ -154,27 +154,6 @@ ...@@ -154,27 +154,6 @@
"title": "Verify Backend Certificates", "title": "Verify Backend Certificates",
"type": "string" "type": "string"
}, },
"ssl_crt": {
"default": "",
"description": "Content of the SSL Certificate file. Deprecated, please use key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Certificate",
"type": "string"
},
"ssl_key": {
"default": "",
"description": "Content of the SSL Key file. Deprecated, please use key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Key",
"type": "string"
},
"ssl_ca_crt": {
"default": "",
"description": "Content of the CA certificate file. Deprecated, please use key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Certificate Authority's Certificate",
"type": "string"
},
"ssl_proxy_ca_crt": { "ssl_proxy_ca_crt": {
"default": "", "default": "",
"description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)", "description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
......
...@@ -17,9 +17,9 @@ ...@@ -17,9 +17,9 @@
{%- do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %} {%- do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %}
{%- endif %} {%- endif %}
{%- if master_key_download_url %} {%- if master_key_download_url %}
{%- do kedifa_updater_mapping.append((master_key_download_url, caddy_configuration['master-certificate'], apache_certificate)) %} {%- do kedifa_updater_mapping.append((master_key_download_url, caddy_configuration['master-certificate'], caddy_configuration['self-signed-fallback-certificate'])) %}
{%- else %} {%- else %}
{%- do kedifa_updater_mapping.append(('notreadyyet', caddy_configuration['master-certificate'], apache_certificate)) %} {%- do kedifa_updater_mapping.append(('notreadyyet', caddy_configuration['master-certificate'], caddy_configuration['self-signed-fallback-certificate'])) %}
{%- endif %} {%- endif %}
{%- if kedifa_configuration['slave_kedifa_information'] %} {%- if kedifa_configuration['slave_kedifa_information'] %}
{%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %} {%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
...@@ -293,7 +293,6 @@ url = {{ empty_template }} ...@@ -293,7 +293,6 @@ url = {{ empty_template }}
output = {{ cert_file }} output = {{ cert_file }}
extra-context = extra-context =
key content {{ cert_title + '-config:value' }} key content {{ cert_title + '-config:value' }}
{#- BBB: SlapOS Master non-zero knowledge BEGIN #}
{#- Store certificate in config #} {#- Store certificate in config #}
[{{ cert_title + '-config' }}] [{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }} value = {{ dumps(slave_instance.get(cert_name)) }}
...@@ -302,24 +301,7 @@ value = {{ dumps(slave_instance.get(cert_name)) }} ...@@ -302,24 +301,7 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
{%- endif %} {#- if cert_name in slave_instance #} {%- endif %} {#- if cert_name in slave_instance #}
{%- endfor %} {%- endfor %}
{#- Set Up Certs #} {#- Set Up Certs #}
{%- if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %} {%- do kedifa_updater_mapping.append((key_download_url, certificate, caddy_configuration['master-certificate'])) %}
{%- set cert_title = '%s-crt' % (slave_reference) %}
{%- set cert_file = '/'.join([directory['bbb-ssl-dir'], cert_title.replace('-','.')]) %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate, cert_file)) %}
{%- do part_list.append(cert_title) %}
{%- do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
[{{cert_title}}]
< = jinja2-template-base
url = {{ empty_template }}
output = {{ cert_file }}
cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '') + '\n' + slave_instance.get('ssl_key')) }}
extra-context =
key content :cert-content
{%- else %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate, caddy_configuration['master-certificate'])) %}
{%- endif %}
{#- BBB: SlapOS Master non-zero knowledge END #}
{#- ########################################## #} {#- ########################################## #}
{#- Set Slave Configuration #} {#- Set Slave Configuration #}
......
...@@ -89,8 +89,6 @@ configuration.kedifa_port = 7879 ...@@ -89,8 +89,6 @@ configuration.kedifa_port = 7879
# Warning: Caucase takes also cacuase_port+1 # Warning: Caucase takes also cacuase_port+1
configuration.caucase_port = 8890 configuration.caucase_port = 8890
configuration.caucase_backend_client_port = 8990 configuration.caucase_backend_client_port = 8990
configuration.apache-key =
configuration.apache-certificate =
configuration.open-port = 80 443 configuration.open-port = 80 443
configuration.disk-cache-size = 8G configuration.disk-cache-size = 8G
configuration.ram-cache-size = 1G configuration.ram-cache-size = 1G
......
...@@ -4911,838 +4911,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase, ...@@ -4911,838 +4911,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase,
) )
class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def setUpMaster(cls):
parameter_dict = cls.requestDefaultInstance().getConnectionParameterDict()
cls._fetchKedifaCaucaseCaCertificateFile(parameter_dict)
# Do not upload certificates for the master partition
def _updateDataReplacementDict(self, data_replacement_dict):
local_replacement_dict = {
'@@certificate_pem@@': unicode_escape(self.certificate_pem.decode()),
'@@key_pem@@': unicode_escape(self.key_pem.decode()),
}
for key in list(local_replacement_dict.keys()):
new_key = ''.join([key[:-2], '_double', '@@'])
local_replacement_dict[new_key] = unicode_escape(
local_replacement_dict[key])
data_replacement_dict.update(**local_replacement_dict)
@classmethod
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
}
@classmethod
def getSlaveParameterDictDict(cls):
return {
'ssl_from_master_kedifa_overrides_master_certificate': {
'url': cls.backend_url,
'enable_cache': True
},
}
def test_ssl_from_master_kedifa_overrides_master_certificate(self):
parameter_dict = self.assertSlaveBase(
'ssl_from_master_kedifa_overrides_master_certificate')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = \
createSelfSignedCertificate([parameter_dict['domain']])
master_parameter_dict = \
self.requestDefaultInstance().getConnectionParameterDict()
auth = requests.get(
master_parameter_dict['master-key-generate-auth-url'],
verify=self.kedifa_caucase_ca_certificate_file)
requests.put(
master_parameter_dict['master-key-upload-url'] + auth.text,
data=key_pem + certificate_pem,
verify=self.kedifa_caucase_ca_certificate_file)
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
class TestSlaveSlapOSMasterCertificateCompatibility(
SlaveHttpFrontendTestCase, TestDataMixin):
def _updateDataReplacementDict(self, data_replacement_dict):
local_replacement_dict = {
'@@certificate_pem@@': unicode_escape(self.certificate_pem.decode()),
'@@key_pem@@': unicode_escape(self.key_pem.decode()),
'@@ssl_from_slave_certificate_pem@@': unicode_escape(
self.ssl_from_slave_certificate_pem.decode()),
'@@ssl_from_slave_key_pem@@': unicode_escape(
self.ssl_from_slave_key_pem.decode()),
'@@customdomain_certificate_pem@@': unicode_escape(
self.customdomain_certificate_pem.decode()),
'@@customdomain_key_pem@@': unicode_escape(
self.customdomain_key_pem.decode()),
'@@ssl_from_slave_kedifa_overrides_key_pem@@': unicode_escape(
self.ssl_from_slave_kedifa_overrides_key_pem.decode()),
'@@ssl_from_slave_kedifa_overrides_certificate_pem@@': unicode_escape(
self.ssl_from_slave_kedifa_overrides_certificate_pem.decode()),
'@@customdomain_ca_certificate_pem@@': unicode_escape(
self.customdomain_ca_certificate_pem.decode()),
'@@customdomain_ca_key_pem@@': unicode_escape(
self.customdomain_ca_key_pem.decode()),
'@@ca.certificate_pem@@': unicode_escape(
self.ca.certificate_pem.decode()),
'@@sslcacrtgarbage_ca_certificate_pem@@': unicode_escape(
self.sslcacrtgarbage_ca_certificate_pem.decode()),
'@@sslcacrtgarbage_ca_key_pem@@': unicode_escape(
self.sslcacrtgarbage_ca_key_pem.decode()),
'@@type_notebook_ssl_from_slave_certificate_pem@@': unicode_escape(
self.type_notebook_ssl_from_slave_certificate_pem.decode()),
'@@type_notebook_ssl_from_slave_key_pem@@': unicode_escape(
self.type_notebook_ssl_from_slave_key_pem.decode()),
'@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem@@':
unicode_escape(
self.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem
.decode()),
'@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem@@':
unicode_escape(
self.type_notebook_ssl_from_slave_kedifa_overrides_key_pem.decode()),
}
for key in list(local_replacement_dict.keys()):
new_key = ''.join([key[:-2], '_double', '@@'])
local_replacement_dict[new_key] = unicode_escape(
local_replacement_dict[key])
data_replacement_dict.update(**local_replacement_dict)
@classmethod
def setUpMaster(cls):
parameter_dict = cls.requestDefaultInstance().getConnectionParameterDict()
cls._fetchKedifaCaucaseCaCertificateFile(parameter_dict)
# Do not upload certificates for the master partition
@classmethod
def prepareCertificate(cls):
_, cls.ssl_from_slave_key_pem, _, cls.ssl_from_slave_certificate_pem = \
createSelfSignedCertificate(
[
'sslfromslave.example.com',
])
_, cls.ssl_from_slave_kedifa_overrides_key_pem, _, \
cls.ssl_from_slave_kedifa_overrides_certificate_pem = \
createSelfSignedCertificate(
[
'sslfromslavekedifaoverrides.example.com',
])
_, cls.type_notebook_ssl_from_slave_key_pem, _, \
cls.type_notebook_ssl_from_slave_certificate_pem = \
createSelfSignedCertificate(
[
'typenotebooksslfromslave.example.com',
])
_, cls.type_notebook_ssl_from_slave_kedifa_overrides_key_pem, _, \
cls.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem = \
createSelfSignedCertificate(
[
'typenotebooksslfromslavekedifaoverrides.example.com',
])
cls.ca = CertificateAuthority(
'TestSlaveSlapOSMasterCertificateCompatibility')
_, cls.customdomain_ca_key_pem, csr, _ = createCSR(
'customdomainsslcrtsslkeysslcacrt.example.com')
_, cls.customdomain_ca_certificate_pem = cls.ca.signCSR(csr)
_, cls.sslcacrtgarbage_ca_key_pem, csr, _ = createCSR(
'sslcacrtgarbage.example.com')
_, cls.sslcacrtgarbage_ca_certificate_pem = cls.ca.signCSR(csr)
_, cls.ssl_from_slave_ca_key_pem, csr, _ = createCSR(
'sslfromslave.example.com')
_, cls.ssl_from_slave_ca_certificate_pem = cls.ca.signCSR(csr)
_, cls.customdomain_key_pem, _, cls.customdomain_certificate_pem = \
createSelfSignedCertificate(['customdomainsslcrtsslkey.example.com'])
super(
TestSlaveSlapOSMasterCertificateCompatibility, cls).prepareCertificate()
@classmethod
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
}
@classmethod
def getSlaveParameterDictDict(cls):
return {
'ssl_from_master': {
'url': cls.backend_url,
'enable_cache': True,
},
'ssl_from_master_kedifa_overrides': {
'url': cls.backend_url,
},
'ssl_from_slave': {
'url': cls.backend_url,
'ssl_crt': cls.ssl_from_slave_certificate_pem,
'ssl_key': cls.ssl_from_slave_key_pem,
},
'ssl_from_slave_kedifa_overrides': {
'url': cls.backend_url,
'ssl_crt': cls.ssl_from_slave_kedifa_overrides_certificate_pem,
'ssl_key': cls.ssl_from_slave_kedifa_overrides_key_pem,
},
'custom_domain_ssl_crt_ssl_key': {
'url': cls.backend_url,
'ssl_crt': cls.customdomain_certificate_pem,
'ssl_key': cls.customdomain_key_pem,
'custom_domain': 'customdomainsslcrtsslkey.example.com'
},
'custom_domain_ssl_crt_ssl_key_ssl_ca_crt': {
'url': cls.backend_url,
'ssl_crt': cls.customdomain_ca_certificate_pem,
'ssl_key': cls.customdomain_ca_key_pem,
'ssl_ca_crt': cls.ca.certificate_pem,
'custom_domain': 'customdomainsslcrtsslkeysslcacrt.example.com',
},
'ssl_ca_crt_garbage': {
'url': cls.backend_url,
'ssl_crt': cls.sslcacrtgarbage_ca_certificate_pem,
'ssl_key': cls.sslcacrtgarbage_ca_key_pem,
'ssl_ca_crt': 'some garbage',
},
'ssl_ca_crt_does_not_match': {
'url': cls.backend_url,
'ssl_crt': cls.certificate_pem,
'ssl_key': cls.key_pem,
'ssl_ca_crt': cls.ca.certificate_pem,
},
'type-notebook-ssl_from_master': {
'url': cls.backend_url,
'type': 'notebook',
},
'type-notebook-ssl_from_slave': {
'url': cls.backend_url,
'ssl_crt': cls.type_notebook_ssl_from_slave_certificate_pem,
'ssl_key': cls.type_notebook_ssl_from_slave_key_pem,
'type': 'notebook',
},
'type-notebook-ssl_from_master_kedifa_overrides': {
'url': cls.backend_url,
'type': 'notebook',
},
'type-notebook-ssl_from_slave_kedifa_overrides': {
'url': cls.backend_url,
'ssl_crt':
cls.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem,
'ssl_key':
cls.type_notebook_ssl_from_slave_kedifa_overrides_key_pem,
'type': 'notebook',
}
}
def test_master_partition_state(self):
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertBackendHaproxyStatisticUrl(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertNodeInformationWithPop(parameter_dict)
self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)
expected_parameter_dict = {
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com',
'accepted-slave-amount': '12',
'rejected-slave-amount': '0',
'slave-amount': '12',
'rejected-slave-dict': {
},
'warning-list': [
'apache-certificate is obsolete, please use master-key-upload-url',
'apache-key is obsolete, please use master-key-upload-url',
],
'warning-slave-dict': {
'_custom_domain_ssl_crt_ssl_key': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url'
],
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url'
],
'_ssl_ca_crt_does_not_match': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
'_ssl_ca_crt_garbage': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
# u'_ssl_ca_crt_only': [
# u'ssl_ca_crt is obsolete, please use key-upload-url',
# ],
'_ssl_from_slave': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
'_ssl_from_slave_kedifa_overrides': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
# u'_ssl_key-ssl_crt-unsafe': [
# u'ssl_key is obsolete, please use key-upload-url',
# u'ssl_crt is obsolete, please use key-upload-url',
# ],
'_type-notebook-ssl_from_slave': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
'_type-notebook-ssl_from_slave_kedifa_overrides': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
],
}
}
self.assertEqual(
expected_parameter_dict,
parameter_dict
)
def test_ssl_from_master(self):
parameter_dict = self.assertSlaveBase('ssl_from_master')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_from_master_kedifa_overrides(self):
parameter_dict = self.assertSlaveBase('ssl_from_master_kedifa_overrides')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = \
createSelfSignedCertificate([parameter_dict['domain']])
# as now the place to put the key is known put the key there
auth = requests.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate_pem + key_pem
upload = requests.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_from_slave(self):
parameter_dict = self.assertSlaveBase(
'ssl_from_slave',
expected_parameter_dict={
'warning-list': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
]
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.ssl_from_slave_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_from_slave_kedifa_overrides(self):
parameter_dict = self.assertSlaveBase(
'ssl_from_slave_kedifa_overrides',
expected_parameter_dict={
'warning-list': ['ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url']
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.ssl_from_slave_kedifa_overrides_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = \
createSelfSignedCertificate([parameter_dict['domain']])
# as now the place to put the key is known put the key there
auth = requests.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate_pem + key_pem
upload = requests.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_type_notebook_ssl_from_master(self):
parameter_dict = self.assertSlaveBase('type-notebook-ssl_from_master')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_type_notebook_ssl_from_master_kedifa_overrides(self):
parameter_dict = self.assertSlaveBase(
'type-notebook-ssl_from_master_kedifa_overrides')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = \
createSelfSignedCertificate([parameter_dict['domain']])
# as now the place to put the key is known put the key there
auth = requests.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate_pem + key_pem
upload = requests.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_type_notebook_ssl_from_slave(self):
parameter_dict = self.assertSlaveBase(
'type-notebook-ssl_from_slave',
expected_parameter_dict={
'warning-list': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
]
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
self.type_notebook_ssl_from_slave_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_type_notebook_ssl_from_slave_kedifa_overrides(self):
parameter_dict = self.assertSlaveBase(
'type-notebook-ssl_from_slave_kedifa_overrides',
expected_parameter_dict={
'warning-list': ['ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url']
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
self.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = \
createSelfSignedCertificate([parameter_dict['domain']])
# as now the place to put the key is known put the key there
auth = requests.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate_pem + key_pem
upload = requests.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path',
HTTPS_PORT)
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
@skip('Not implemented in new test system')
def test_custom_domain_ssl_crt_ssl_key(self):
parameter_dict = self.assertSlaveBase(
'custom_domain_ssl_crt_ssl_key',
expected_parameter_dict={
'warning-list': ['ssl_key is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url']
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.customdomain_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_ca_crt(self):
parameter_dict = self.assertSlaveBase(
'custom_domain_ssl_crt_ssl_key_ssl_ca_crt',
expected_parameter_dict={
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url'
]
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.customdomain_ca_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'srv', 'bbb-ssl',
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.crt'))
self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0]
with open(certificate_file) as out:
expected = \
self.customdomain_ca_certificate_pem.decode() + '\n' + \
self.ca.certificate_pem.decode() + '\n' + \
self.customdomain_ca_key_pem.decode()
self.assertEqual(
expected,
out.read()
)
ca = CertificateAuthority(
'TestSlaveSlapOSMasterCertificateCompatibility')
_, customdomain_ca_key_pem, csr, _ = createCSR(
'customdomainsslcrtsslkeysslcacrt.example.com')
_, customdomain_ca_certificate_pem = ca.signCSR(csr)
slave_parameter_dict = self.getSlaveParameterDictDict()[
'custom_domain_ssl_crt_ssl_key_ssl_ca_crt'].copy()
slave_parameter_dict.update(
ssl_crt=customdomain_ca_certificate_pem,
ssl_key=customdomain_ca_key_pem,
ssl_ca_crt=ca.certificate_pem,
)
self.requestSlaveInstance(
partition_reference='custom_domain_ssl_crt_ssl_key_ssl_ca_crt',
partition_parameter_kw=slave_parameter_dict,
)
self.slap.waitForInstance()
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
customdomain_ca_certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'srv', 'bbb-ssl',
'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.crt'))
self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0]
with open(certificate_file) as out:
expected = customdomain_ca_certificate_pem.decode() + '\n' + \
ca.certificate_pem.decode() + '\n' + \
customdomain_ca_key_pem.decode()
self.assertEqual(
expected,
out.read()
)
def test_ssl_ca_crt_garbage(self):
parameter_dict = self.assertSlaveBase(
'ssl_ca_crt_garbage',
expected_parameter_dict={
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url']
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.sslcacrtgarbage_ca_certificate_pem,
der2pem(result.peercert)
)
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_ssl_ca_crt_does_not_match(self):
parameter_dict = self.assertSlaveBase(
'ssl_ca_crt_does_not_match',
expected_parameter_dict={
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url'
]
})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
certificate_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'srv', 'bbb-ssl',
'_ssl_ca_crt_does_not_match.crt'))
self.assertEqual(1, len(certificate_file_list))
certificate_file = certificate_file_list[0]
with open(certificate_file) as out:
expected = self.certificate_pem.decode() + '\n' + \
self.ca.certificate_pem.decode() + '\n' + \
self.key_pem.decode()
self.assertEqual(
expected,
out.read()
)
class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def setUpMaster(cls):
parameter_dict = cls.requestDefaultInstance().getConnectionParameterDict()
cls._fetchKedifaCaucaseCaCertificateFile(parameter_dict)
# Do not upload certificates for the master partition
def _updateDataReplacementDict(self, data_replacement_dict):
local_replacement_dict = {
'@@certificate_pem@@': unicode_escape(self.certificate_pem.decode()),
'@@key_pem@@': unicode_escape(self.key_pem.decode()),
}
for key in list(local_replacement_dict.keys()):
new_key = ''.join([key[:-2], '_double', '@@'])
local_replacement_dict[new_key] = unicode_escape(
local_replacement_dict[key])
data_replacement_dict.update(**local_replacement_dict)
instance_parameter_dict = {
'domain': 'example.com',
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
}
@classmethod
def getInstanceParameterDict(cls):
if 'apache-certificate' not in cls.instance_parameter_dict:
cls.instance_parameter_dict.update(**{
'apache-certificate': cls.certificate_pem,
'apache-key': cls.key_pem,
})
return cls.instance_parameter_dict
@classmethod
def getSlaveParameterDictDict(cls):
return {
'ssl_from_master': {
'url': cls.backend_url,
'enable_cache': True,
},
}
def test_master_partition_state(self):
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertBackendHaproxyStatisticUrl(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertNodeInformationWithPop(parameter_dict)
self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)
expected_parameter_dict = {
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com',
'accepted-slave-amount': '1',
'rejected-slave-amount': '0',
'rejected-slave-dict': {},
'slave-amount': '1',
'warning-list': [
'apache-certificate is obsolete, please use master-key-upload-url',
'apache-key is obsolete, please use master-key-upload-url',
],
}
self.assertEqual(
expected_parameter_dict,
parameter_dict
)
def test_apache_key_apache_certificate_update(self):
parameter_dict = self.assertSlaveBase('ssl_from_master')
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
_, key_pem, _, certificate_pem = createSelfSignedCertificate(
[
'*.customdomain.example.com',
'*.example.com',
'*.alias1.example.com',
])
self.instance_parameter_dict.update(**{
'apache-certificate': certificate_pem,
'apache-key': key_pem,
})
self.requestDefaultInstance()
self.slap.waitForInstance()
self.runKedifaUpdater()
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod @classmethod
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
...@@ -5964,14 +5132,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -5964,14 +5132,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'custom_domain': 'duplicate.example.com', 'custom_domain': 'duplicate.example.com',
'server-alias': 'duplicate.example.com', 'server-alias': 'duplicate.example.com',
}, },
'SSL_CA_CRT_ONLY': {
'url': cls.backend_url,
'ssl_ca_crt': cls.ca.certificate_pem,
},
'SSL_KEY-SSL_CRT-UNSAFE': {
'ssl_key': '${section:option}ssl_keyunsafe\nunsafe',
'ssl_crt': '${section:option}ssl_crtunsafe\nunsafe',
},
'health-check-http-method': { 'health-check-http-method': {
'health-check': True, 'health-check': True,
'health-check-http-method': 'WRONG', 'health-check-http-method': 'WRONG',
...@@ -6050,8 +5210,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6050,8 +5210,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '5', 'accepted-slave-amount': '5',
'rejected-slave-amount': '28', 'rejected-slave-amount': '26',
'slave-amount': '33', 'slave-amount': '31',
'rejected-slave-dict': { 'rejected-slave-dict': {
'_HTTPS-URL': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"' '_HTTPS-URL': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
' invalid'], ' invalid'],
...@@ -6076,10 +5236,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6076,10 +5236,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'_SITE_2': ["custom_domain 'duplicate.example.com' clashes"], '_SITE_2': ["custom_domain 'duplicate.example.com' clashes"],
'_SITE_3': ["server-alias 'duplicate.example.com' clashes"], '_SITE_3': ["server-alias 'duplicate.example.com' clashes"],
'_SITE_4': ["custom_domain 'duplicate.example.com' clashes"], '_SITE_4': ["custom_domain 'duplicate.example.com' clashes"],
'_SSL_CA_CRT_ONLY': [
"ssl_ca_crt is present, so ssl_crt and ssl_key are required"],
'_SSL_KEY-SSL_CRT-UNSAFE': [
"slave ssl_key and ssl_crt does not match"],
'_BAD-BACKEND': [ '_BAD-BACKEND': [
"slave https-url 'http://host.domain:badport' invalid", "slave https-url 'http://host.domain:badport' invalid",
"slave url 'http://1:2:3:4' invalid"], "slave url 'http://1:2:3:4' invalid"],
...@@ -6117,12 +5273,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6117,12 +5273,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'_health-check-timeout-negative': [ '_health-check-timeout-negative': [
'Wrong health-check-timeout -2'], 'Wrong health-check-timeout -2'],
}, },
'warning-slave-dict': {
'_SSL_CA_CRT_ONLY': [
'ssl_ca_crt is obsolete, please use key-upload-url'],
'_SSL_KEY-SSL_CRT-UNSAFE': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url']}
} }
self.assertEqual( self.assertEqual(
...@@ -6398,33 +5548,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6398,33 +5548,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
parameter_dict parameter_dict
) )
def test_ssl_ca_crt_only(self):
parameter_dict = self.parseSlaveParameterDict('SSL_CA_CRT_ONLY')
self.assertNodeInformationWithPop(parameter_dict)
self.assertEqual(
parameter_dict,
{
'request-error-list': [
"ssl_ca_crt is present, so ssl_crt and ssl_key are required"],
'warning-list': [
'ssl_ca_crt is obsolete, please use key-upload-url',
],
}
)
def test_ssl_key_ssl_crt_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('SSL_KEY-SSL_CRT-UNSAFE')
self.assertNodeInformationWithPop(parameter_dict)
self.assertEqual(
{
'request-error-list': ["slave ssl_key and ssl_crt does not match"],
'warning-list': [
'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url']
},
parameter_dict
)
def test_bad_backend(self): def test_bad_backend(self):
parameter_dict = self.parseSlaveParameterDict('BAD-BACKEND') parameter_dict = self.parseSlaveParameterDict('BAD-BACKEND')
self.assertNodeInformationWithPop(parameter_dict) self.assertNodeInformationWithPop(parameter_dict)
...@@ -6558,8 +5681,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6558,8 +5681,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'automatic-internal-kedifa-caucase-csr': False, 'automatic-internal-kedifa-caucase-csr': False,
'automatic-internal-backend-client-caucase-csr': False, 'automatic-internal-backend-client-caucase-csr': False,
# all nodes partition parameters # all nodes partition parameters
'apache-certificate': self.certificate_pem,
'apache-key': self.key_pem,
'domain': 'example.com', 'domain': 'example.com',
'enable-http2-by-default': True, 'enable-http2-by-default': True,
'mpm-graceful-shutdown-timeout': 2, 'mpm-graceful-shutdown-timeout': 2,
...@@ -6643,8 +5764,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6643,8 +5764,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
expected_partition_parameter_dict_dict = { expected_partition_parameter_dict_dict = {
'caddy-frontend-1': { 'caddy-frontend-1': {
'X-software_release_url': base_software_url, 'X-software_release_url': base_software_url,
'apache-certificate': self.certificate_pem.decode(),
'apache-key': self.key_pem.decode(),
'authenticate-to-backend': 'True', 'authenticate-to-backend': 'True',
'backend-client-caucase-url': backend_client_caucase_url, 'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1', 'backend-connect-retries': '1',
...@@ -6669,8 +5788,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6669,8 +5788,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
}, },
'caddy-frontend-2': { 'caddy-frontend-2': {
'X-software_release_url': self.frontend_2_sr, 'X-software_release_url': self.frontend_2_sr,
'apache-certificate': self.certificate_pem.decode(),
'apache-key': self.key_pem.decode(),
'authenticate-to-backend': 'True', 'authenticate-to-backend': 'True',
'backend-client-caucase-url': backend_client_caucase_url, 'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1', 'backend-connect-retries': '1',
...@@ -6695,8 +5812,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6695,8 +5812,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
}, },
'caddy-frontend-3': { 'caddy-frontend-3': {
'X-software_release_url': self.frontend_3_sr, 'X-software_release_url': self.frontend_3_sr,
'apache-certificate': self.certificate_pem.decode(),
'apache-key': self.key_pem.decode(),
'authenticate-to-backend': 'True', 'authenticate-to-backend': 'True',
'backend-client-caucase-url': backend_client_caucase_url, 'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1', 'backend-connect-retries': '1',
...@@ -6740,8 +5855,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6740,8 +5855,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'-sla-2-computer_guid': 'local', '-sla-2-computer_guid': 'local',
'-sla-3-computer_guid': 'local', '-sla-3-computer_guid': 'local',
'X-software_release_url': base_software_url, 'X-software_release_url': base_software_url,
'apache-certificate': self.certificate_pem.decode(),
'apache-key': self.key_pem.decode(),
'authenticate-to-backend': 'True', 'authenticate-to-backend': 'True',
'automatic-internal-backend-client-caucase-csr': 'False', 'automatic-internal-backend-client-caucase-csr': 'False',
'automatic-internal-kedifa-caucase-csr': 'False', 'automatic-internal-kedifa-caucase-csr': 'False',
......
[
{
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"caucase_port": "15090",
"domain": "example.com",
"full_address_list": [],
"instance_title": "testing partition 0",
"ip_list": [
[
"T-0",
"@@_ipv4_address@@"
],
[
"T-0",
"@@_ipv6_address@@"
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-0",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master",
"slave_title": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master_kedifa_overrides",
"slave_title": "_ssl_from_master_kedifa_overrides",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave",
"slave_title": "_ssl_from_slave",
"ssl_crt": "@@ssl_from_slave_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave_kedifa_overrides",
"slave_title": "_ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"custom_domain": "customdomainsslcrtsslkey.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_custom_domain_ssl_crt_ssl_key",
"slave_title": "_custom_domain_ssl_crt_ssl_key",
"ssl_crt": "@@customdomain_certificate_pem@@",
"ssl_key": "@@customdomain_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"custom_domain": "customdomainsslcrtsslkeysslcacrt.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_custom_domain_ssl_crt_ssl_key_ssl_ca_crt",
"slave_title": "_custom_domain_ssl_crt_ssl_key_ssl_ca_crt",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@customdomain_ca_certificate_pem@@",
"ssl_key": "@@customdomain_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_garbage",
"slave_title": "_ssl_ca_crt_garbage",
"ssl_ca_crt": "some garbage",
"ssl_crt": "@@sslcacrtgarbage_ca_certificate_pem@@",
"ssl_key": "@@sslcacrtgarbage_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_does_not_match",
"slave_title": "_ssl_ca_crt_does_not_match",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@certificate_pem@@",
"ssl_key": "@@key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_master",
"slave_title": "_type-notebook-ssl_from_master",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_slave",
"slave_title": "_type-notebook-ssl_from_slave",
"ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
"slave_title": "_type-notebook-ssl_from_master_kedifa_overrides",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_slave_kedifa_overrides",
"slave_title": "_type-notebook-ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem@@",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"caucase_port": "15090",
"cluster-identification": "testing partition 0",
"kedifa_port": "15080",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"slave-list": [
{
"custom_domain": "customdomainsslcrtsslkey.example.com",
"slave_reference": "_custom_domain_ssl_crt_ssl_key",
"ssl_crt": "@@customdomain_certificate_pem@@",
"ssl_key": "@@customdomain_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"custom_domain": "customdomainsslcrtsslkeysslcacrt.example.com",
"slave_reference": "_custom_domain_ssl_crt_ssl_key_ssl_ca_crt",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@customdomain_ca_certificate_pem@@",
"ssl_key": "@@customdomain_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_ssl_ca_crt_does_not_match",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@certificate_pem@@",
"ssl_key": "@@key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_ssl_ca_crt_garbage",
"ssl_ca_crt": "some garbage",
"ssl_crt": "@@sslcacrtgarbage_ca_certificate_pem@@",
"ssl_key": "@@sslcacrtgarbage_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"enable_cache": true,
"slave_reference": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_ssl_from_master_kedifa_overrides",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_ssl_from_slave",
"ssl_crt": "@@ssl_from_slave_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_type-notebook-ssl_from_master",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_type-notebook-ssl_from_slave",
"ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_type-notebook-ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem@@",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
]
},
"full_address_list": [],
"instance_title": "kedifa",
"ip_list": [
[
"T-1",
"@@_ipv4_address@@"
],
[
"T-1",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-1",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "kedifa",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"ssl_crt\": \"@@customdomain_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@customdomain_ca_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@certificate_pem_double@@\", \"ssl_key\": \"@@key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"ssl_ca_crt\": \"some garbage\", \"ssl_crt\": \"@@sslcacrtgarbage_ca_certificate_pem_double@@\", \"ssl_key\": \"@@sslcacrtgarbage_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_master_kedifa_overrides\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave\", \"ssl_crt\": \"@@ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master_kedifa_overrides\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"slave-kedifa-information": "{\"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
"instance_title": "caddy-frontend-1",
"ip_list": [
[
"T-2",
"@@_ipv4_address@@"
],
[
"T-2",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-2",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "single-custom-personal",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
}
]
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/master-key-download-url-ready-promise.py
T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
T-0/etc/plugin/master-key-upload-url-ready-promise.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-kedifa-auth-ready.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-key-download-url-ready.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/slave-introspection.pid
T-2/var/run/slave_introspection_configuration_last_state
T-2/var/run/slave_introspection_graceful_configuration_state_signature
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_backend_log
T-2/var/log/httpd/_ssl_from_master_error_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_backend_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_error_log
T-2/var/log/httpd/_ssl_from_slave_access_log
T-2/var/log/httpd/_ssl_from_slave_backend_log
T-2/var/log/httpd/_ssl_from_slave_error_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_access_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_backend_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
[
{
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"caucase_port": "15090",
"domain": "example.com",
"full_address_list": [],
"instance_title": "testing partition 0",
"ip_list": [
[
"T-0",
"@@_ipv4_address@@"
],
[
"T-0",
"@@_ipv6_address@@"
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-0",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master_kedifa_overrides_master_certificate",
"slave_title": "_ssl_from_master_kedifa_overrides_master_certificate",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"caucase_port": "15090",
"cluster-identification": "testing partition 0",
"kedifa_port": "15080",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"slave-list": [
{
"enable_cache": true,
"slave_reference": "_ssl_from_master_kedifa_overrides_master_certificate",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
]
},
"full_address_list": [],
"instance_title": "kedifa",
"ip_list": [
[
"T-1",
"@@_ipv4_address@@"
],
[
"T-1",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-1",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "kedifa",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
"instance_title": "caddy-frontend-1",
"ip_list": [
[
"T-2",
"@@_ipv4_address@@"
],
[
"T-2",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-2",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "single-custom-personal",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
}
]
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/master-key-download-url-ready-promise.py
T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
T-0/etc/plugin/master-key-upload-url-ready-promise.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-kedifa-auth-ready.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-key-download-url-ready.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/slave-introspection.pid
T-2/var/run/slave_introspection_configuration_last_state
T-2/var/run/slave_introspection_graceful_configuration_state_signature
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_backend_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
[
{
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"caucase_port": "15090",
"domain": "example.com",
"full_address_list": [],
"instance_title": "testing partition 0",
"ip_list": [
[
"T-0",
"@@_ipv4_address@@"
],
[
"T-0",
"@@_ipv6_address@@"
]
],
"kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-0",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master",
"slave_title": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"caucase_port": "15090",
"cluster-identification": "testing partition 0",
"kedifa_port": "15080",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"slave-list": [
{
"enable_cache": true,
"slave_reference": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
]
},
"full_address_list": [],
"instance_title": "kedifa",
"ip_list": [
[
"T-1",
"@@_ipv4_address@@"
],
[
"T-1",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-1",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "kedifa",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080",
"port": "11443",
"slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
"instance_title": "caddy-frontend-1",
"ip_list": [
[
"T-2",
"@@_ipv4_address@@"
],
[
"T-2",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-2",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "single-custom-personal",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
}
]
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/master-key-download-url-ready-promise.py
T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
T-0/etc/plugin/master-key-upload-url-ready-promise.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-kedifa-auth-ready.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-key-download-url-ready.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/slave-introspection.pid
T-2/var/run/slave_introspection_configuration_last_state
T-2/var/run/slave_introspection_graceful_configuration_state_signature
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_backend_log
T-2/var/log/httpd/_ssl_from_master_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment