caddy-frontend: Drop non zero knowledge certificate management

The kedifa way is working for long time and users has been warned about moving there, so now it's time to drop the insecure approach totally.

caddy-frontend: Drop non zero knowledge certificate management
The kedifa way is working for long time and users has been warned about moving there, so now it's time to drop the insecure approach totally.
2e5779d0 · Łukasz Nowak · 3bdf421c · 2e5779d0 · 2e5779d0 · 2e5779d0
Commit 2e5779d0 authored Sep 22, 2022 by Łukasz Nowak
27 changed files
--- a/software/caddy-frontend/README.caddy_frontend.rst
+++ b/software/caddy-frontend/README.caddy_frontend.rst
@@ -139,8 +139,6 @@ This replaces old request parameters:
 * ``apache-key``
 * ``apache-ca-certificate``
-(*Note*: They are still supported for backward compatibility, but any value send to the ``master-key-upload-url`` will supersede information from SlapOS Master.)
 Slave partition
 ---------------
@@ -167,8 +165,6 @@ This replaces old request parameters:
 * ``ssl_key``
 * ``ssl_ca_crt``
-(*Note*: They are still supported for backward compatibility, but any value send to the ``key-upload-url`` will supersede information from SlapOS Master.)
 Instance Parameters
 ===================
@@ -331,42 +327,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
 	"domain": "www.example.org",
 	"enable_cache": "True",
-Advanced example - XXX - to be written
--------------------------------------
-Request slave frontend instance using custom apache configuration, willing to use cache and ssl certificates.
-Listening to a custom domain and redirecting to /erp5/ so that
-https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
-the proxy::
-  instance = request(
-    software_release=caddy_frontend,
-    software_type="RootSoftwareInstance",
-    partition_reference='my frontend',
-    shared=True,
-    software_type="custom-personal",
-    partition_parameter_kw={
-        "url":"https://[1:2:3:4:5:6:7:8]:1234",
-        "enable_cache":"true",
-        "type":"zope",
-        "path":"/erp5",
-        "domain":"example.org",
-    "ssl_key":"-----BEGIN RSA PRIVATE KEY-----
-  XXXXXXX..........XXXXXXXXXXXXXXX
-  -----END RSA PRIVATE KEY-----",
-      "ssl_crt":'-----BEGIN CERTIFICATE-----
-  XXXXXXXXXXX.............XXXXXXXXXXXXXXXXXXX
-  -----END CERTIFICATE-----',
-      "ssl_ca_crt":'-----BEGIN CERTIFICATE-----
-  XXXXXXXXX...........XXXXXXXXXXXXXXXXX
-  -----END CERTIFICATE-----',
-      "ssl_csr":'-----BEGIN CERTIFICATE REQUEST-----
-  XXXXXXXXXXXXXXX.............XXXXXXXXXXXXXXXXXX
-  -----END CERTIFICATE REQUEST-----',
-    }
-  )
 Promises
 ========

--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = d408adbd12d4161c22fe9c29118fd83e
+md5sum = d836ff58655a7f0503104cb9a39fdb42
 [profile-common]
 filename = instance-common.cfg.in
@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 [profile-frontend]
 filename = instance-frontend.cfg.in
-md5sum = 0ec59d2fb5617e82d1848c1170772d84
+md5sum = 5dea84310dd0fcee1d3d9929e15e3d62
 [profile-master]
 filename = instance-master.cfg.in
-md5sum = 2c599c22f6ab9bf2bbc48da8a12ae6e0
+md5sum = e2e927ca7609c378375497c67eec0ef7
 [profile-slave-list]
 filename = instance-slave-list.cfg.in
-md5sum = 5be5a32d5cf22e10967e59570dda2d36
+md5sum = 2c5069eea87876eebf7ba130f7e339ed
 [profile-master-publish-slave-information]
 filename = instance-master-publish-slave-information.cfg.in

--- a/software/caddy-frontend/instance-frontend.cfg.in
+++ b/software/caddy-frontend/instance-frontend.cfg.in
@@ -152,9 +152,6 @@ etc-run = ${:etc}/run
 ca-dir = ${:srv}/ssl
 backend-client-dir = ${:srv}/backend-client
-# BBB: SlapOS Master non-zero knowledge BEGIN
-bbb-ssl-dir = ${:srv}/bbb-ssl
-# BBB: SlapOS Master non-zero knowledge END
 frontend_cluster = ${:var}/frontend_cluster
@@ -381,9 +378,6 @@ extra-context =
    key software_release_url version-hash:software-release-url
    key node_information frontend-node-information:value
    key custom_ssl_directory caddy-directory:custom-ssl-directory
-# BBB: SlapOS Master non-zero knowledge BEGIN
-    key apache_certificate apache-certificate:output
-# BBB: SlapOS Master non-zero knowledge END
 ## backend haproxy
    key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration
 ## Configuration passed by section
@@ -415,9 +409,6 @@ extra-context =
    key not_found_file caddy-configuration:not-found-file
    key username monitor-instance-parameter:username
    key password monitor-htpasswd:passwd
-# BBB: SlapOS Master non-zero knowledge BEGIN
-    key apache_certificate apache-certificate:output
-# BBB: SlapOS Master non-zero knowledge END
 [caddy-wrapper]
 recipe = slapos.recipe.template:jinja2
@@ -466,6 +457,7 @@ pid-file = ${directory:run}/httpd.pid
 frontend-graceful-command = ${frontend-caddy-validate:output} && kill -USR1 $(cat ${:pid-file})
 not-found-file = ${caddy-directory:document-root}/${not-found-html:filename}
 master-certificate = ${caddy-directory:master-autocert-dir}/master.pem
+self-signed-fallback-certificate = ${self-signed-fallback-access:certificate}
 # Communication with ATS
 cache-port = ${trafficserver-variable:input-port}
 # slave instrspection
@@ -474,31 +466,6 @@ slave-introspection-error-log = ${directory:log}/slave-introspection-error.log
 slave-introspection-pid-file = ${directory:run}/slave-introspection.pid
 slave-introspection-graceful-command = ${slave-introspection-validate:output} && kill -HUP $(cat ${:slave-introspection-pid-file})
-# BBB: SlapOS Master non-zero knowledge BEGIN
-[get-self-signed-fallback-access]
-recipe = slapos.recipe.build
-certificate-file = ${self-signed-fallback-access:certificate}
-init =
-  import os
-  options['certificate'] = ''
-  if os.path.exists(options['certificate-file']):
-    with open(options['certificate-file'], 'r') as fh:
-      options['certificate'] = fh.read()
-[apache-certificate]
-recipe = slapos.recipe.template:jinja2
-inline =
-{% raw %}
-  {{ certificate or fallback_certificate }}
-  {{ key or '' }}
-{% endraw %}
-context =
-  key certificate configuration:apache-certificate
-  key key configuration:apache-key
-  key fallback_certificate get-self-signed-fallback-access:certificate
-output = ${directory:bbb-ssl-dir}/frontend.crt
-# BBB: SlapOS Master non-zero knowledge END
 [logrotate-entry-caddy]
 <= logrotate-entry-base
 name = caddy
@@ -665,7 +632,7 @@ command = ${trafficserver-rotate-script:output}
 url = {{ software_parameter_dict['template_configuration_state_script'] }}
 output = ${directory:bin}/${:_buildout_section_name_}
-path_list = ${caddy-configuration:frontend-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
+path_list = ${caddy-configuration:frontend-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt
 sha256sum = {{ software_parameter_dict['sha256sum'] }}
 extra-context =

--- a/software/caddy-frontend/instance-input-schema.json
+++ b/software/caddy-frontend/instance-input-schema.json
@@ -6,18 +6,6 @@
      "title": "Frontend Replication Quantity",
      "type": "integer"
    },
-    "apache-certificate": {
-      "description": "SSL Certificate used by the server. By appending to it CA certificate it is possible to use this field to replace not implemented apache-ca-certificate. Deprecated, please use master-key-upload-url.",
-      "textarea": true,
-      "title": "[DEPRECATED] SSL Certificate, with optional CA certificate",
-      "type": "string"
-    },
-    "apache-key": {
-      "description": "SSL Key used by the server. Deprecated, please use master-key-upload-url.",
-      "textarea": true,
-      "title": "[DEPRECATED] SSL Key",
-      "type": "string"
-    },
    "domain": {
      "description": "Domain used to generate automatic hostnames for slaves. For example 'example.com' will result with slave hostname 'slaveref.example.com'.",
      "pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",

--- a/software/caddy-frontend/instance-master.cfg.in
+++ b/software/caddy-frontend/instance-master.cfg.in
@@ -10,8 +10,6 @@
 {%- set FRONTEND_NODE_PASSED_KEY_LIST = [
        'plain_http_port',
        'port',
-        'apache-certificate',
-        'apache-key',
        'domain',
        'enable-http2-by-default',
        'mpm-graceful-shutdown-timeout',
@@ -62,9 +60,6 @@
      'request-timeout',
      'server-alias',
      'ssl-proxy-verify',
-      'ssl_ca_crt',
-      'ssl_crt',
-      'ssl_key',
      'ssl_proxy_ca_crt',
      'strict-transport-security',
      'strict-transport-security-preload',
@@ -286,25 +281,11 @@ context =
 {%       endif %}
 {%     endif %}
 {%   endfor %}
-{# BBB: SlapOS Master non-zero knowledge BEGIN #}
 {%   for key in ['ssl_key', 'ssl_crt', 'ssl_ca_crt'] %}
 {%     if key in slave %}
-{%       do slave_warning_list.append('%s is obsolete, please use key-upload-url' % (key,)) %}
+{%       do slave_warning_list.append('%s is discontinued, key-upload-url must be used instead' % (key,)) %}
 {%     endif %}
 {%   endfor %}
-{%   if slave.get('ssl_ca_crt') and not (slave.get('ssl_crt') and slave.get('ssl_key')) %}
-{%     do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required')  %}
-{%   endif %}
-{%   if slave.get('ssl_key') and slave.get('ssl_crt') %}
-{%     set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
-{%     set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
-{%     set key_modulus = key_popen.communicate(slave['ssl_key'].encode())[0] | trim %}
-{%     set crt_modulus = crt_popen.communicate(slave['ssl_crt'].encode())[0] | trim %}
-{%     if not key_modulus or key_modulus != crt_modulus  %}
-{%       do slave_error_list.append('slave ssl_key and ssl_crt does not match')  %}
-{%     endif %}
-{%   endif %}
-{# BBB: SlapOS Master non-zero knowledge END #}
 {%   if slave.get('custom_domain') %}
 {%     set slave_custom_domain = '' ~ slave['custom_domain'] %}
 {%     if slave_custom_domain.startswith('*.') %}
@@ -399,7 +380,7 @@ return =
 {%  set warning_list = [] %}
 {%  for key in ['apache-certificate', 'apache-key'] %}
 {%    if key in slapparameter_dict %}
-{%      do warning_list.append('%s is obsolete, please use master-key-upload-url' % (key, )) %}
+{%      do warning_list.append('%s is discontinued, master-key-upload-url must be used instead' % (key, )) %}
 {%    endif %}
 {%  endfor %}

--- a/software/caddy-frontend/instance-slave-input-schema.json
+++ b/software/caddy-frontend/instance-slave-input-schema.json
@@ -154,27 +154,6 @@
      "title": "Verify Backend Certificates",
      "type": "string"
    },
-    "ssl_crt": {
-      "default": "",
-      "description": "Content of the SSL Certificate file. Deprecated, please use key-upload-url.",
-      "textarea": true,
-      "title": "[DEPRECATED] SSL Certificate",
-      "type": "string"
-    },
-    "ssl_key": {
-      "default": "",
-      "description": "Content of the SSL Key file. Deprecated, please use key-upload-url.",
-      "textarea": true,
-      "title": "[DEPRECATED] SSL Key",
-      "type": "string"
-    },
-    "ssl_ca_crt": {
-      "default": "",
-      "description": "Content of the CA certificate file. Deprecated, please use key-upload-url.",
-      "textarea": true,
-      "title": "[DEPRECATED] SSL Certificate Authority's Certificate",
-      "type": "string"
-    },
    "ssl_proxy_ca_crt": {
      "default": "",
      "description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",

--- a/software/caddy-frontend/instance-slave-list.cfg.in
+++ b/software/caddy-frontend/instance-slave-list.cfg.in
@@ -17,9 +17,9 @@
 {%-   do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %}
 {%- endif %}
 {%- if master_key_download_url %}
-{%-   do kedifa_updater_mapping.append((master_key_download_url, caddy_configuration['master-certificate'], apache_certificate)) %}
+{%-   do kedifa_updater_mapping.append((master_key_download_url, caddy_configuration['master-certificate'], caddy_configuration['self-signed-fallback-certificate'])) %}
 {%- else %}
-{%-   do kedifa_updater_mapping.append(('notreadyyet', caddy_configuration['master-certificate'], apache_certificate)) %}
+{%-   do kedifa_updater_mapping.append(('notreadyyet', caddy_configuration['master-certificate'], caddy_configuration['self-signed-fallback-certificate'])) %}
 {%- endif %}
 {%- if kedifa_configuration['slave_kedifa_information'] %}
 {%-   set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
@@ -293,7 +293,6 @@ url = {{ empty_template }}
 output = {{ cert_file }}
 extra-context =
    key content {{ cert_title + '-config:value' }}
-{#-         BBB: SlapOS Master non-zero knowledge BEGIN #}
 {#-         Store certificate in config #}
 [{{ cert_title + '-config' }}]
 value = {{ dumps(slave_instance.get(cert_name)) }}
@@ -302,24 +301,7 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
 {%-       endif %} {#- if cert_name in slave_instance #}
 {%-     endfor %}
 {#-   Set Up Certs #}
-{%-   if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
+{%-   do kedifa_updater_mapping.append((key_download_url, certificate, caddy_configuration['master-certificate'])) %}
-{%-     set cert_title = '%s-crt' % (slave_reference) %}
-{%-     set cert_file = '/'.join([directory['bbb-ssl-dir'], cert_title.replace('-','.')]) %}
-{%-     do kedifa_updater_mapping.append((key_download_url, certificate, cert_file)) %}
-{%-     do part_list.append(cert_title) %}
-{%-     do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
-[{{cert_title}}]
-< = jinja2-template-base
-url = {{ empty_template }}
-output = {{ cert_file }}
-cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '') + '\n' + slave_instance.get('ssl_key')) }}
-extra-context =
-    key content :cert-content
-{%-   else %}
-{%-     do kedifa_updater_mapping.append((key_download_url, certificate, caddy_configuration['master-certificate'])) %}
-{%-   endif %}
-{#-   BBB: SlapOS Master non-zero knowledge END #}
 {#-   ########################################## #}
 {#-   Set Slave Configuration                    #}

--- a/software/caddy-frontend/instance.cfg.in
+++ b/software/caddy-frontend/instance.cfg.in
@@ -89,8 +89,6 @@ configuration.kedifa_port = 7879
 # Warning: Caucase takes also cacuase_port+1
 configuration.caucase_port = 8890
 configuration.caucase_backend_client_port = 8990
-configuration.apache-key =
-configuration.apache-certificate =
 configuration.open-port = 80 443
 configuration.disk-cache-size = 8G
 configuration.ram-cache-size = 1G

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -4911,838 +4911,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase,
    )
-class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
-  SlaveHttpFrontendTestCase, TestDataMixin):
-  @classmethod
-  def setUpMaster(cls):
-    parameter_dict = cls.requestDefaultInstance().getConnectionParameterDict()
-    cls._fetchKedifaCaucaseCaCertificateFile(parameter_dict)
-    # Do not upload certificates for the master partition
-  def _updateDataReplacementDict(self, data_replacement_dict):
-    local_replacement_dict = {
-      '@@certificate_pem@@': unicode_escape(self.certificate_pem.decode()),
-      '@@key_pem@@': unicode_escape(self.key_pem.decode()),
-    }
-    for key in list(local_replacement_dict.keys()):
-      new_key = ''.join([key[:-2], '_double', '@@'])
-      local_replacement_dict[new_key] = unicode_escape(
-        local_replacement_dict[key])
-    data_replacement_dict.update(**local_replacement_dict)
-  @classmethod
-  def getInstanceParameterDict(cls):
-    return {
-      'domain': 'example.com',
-      'apache-certificate': cls.certificate_pem,
-      'apache-key': cls.key_pem,
-      'port': HTTPS_PORT,
-      'plain_http_port': HTTP_PORT,
-      'kedifa_port': KEDIFA_PORT,
-      'caucase_port': CAUCASE_PORT,
-      'mpm-graceful-shutdown-timeout': 2,
-    }
-  @classmethod
-  def getSlaveParameterDictDict(cls):
-    return {
-      'ssl_from_master_kedifa_overrides_master_certificate': {
-        'url': cls.backend_url,
-        'enable_cache': True
-      },
-    }
-  def test_ssl_from_master_kedifa_overrides_master_certificate(self):
-    parameter_dict = self.assertSlaveBase(
-      'ssl_from_master_kedifa_overrides_master_certificate')
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-    _, key_pem, _, certificate_pem = \
-        createSelfSignedCertificate([parameter_dict['domain']])
-    master_parameter_dict = \
-        self.requestDefaultInstance().getConnectionParameterDict()
-    auth = requests.get(
-      master_parameter_dict['master-key-generate-auth-url'],
-      verify=self.kedifa_caucase_ca_certificate_file)
-    requests.put(
-      master_parameter_dict['master-key-upload-url'] + auth.text,
-      data=key_pem + certificate_pem,
-      verify=self.kedifa_caucase_ca_certificate_file)
-    self.runKedifaUpdater()
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-class TestSlaveSlapOSMasterCertificateCompatibility(
-  SlaveHttpFrontendTestCase, TestDataMixin):
-  def _updateDataReplacementDict(self, data_replacement_dict):
-    local_replacement_dict = {
-      '@@certificate_pem@@': unicode_escape(self.certificate_pem.decode()),
-      '@@key_pem@@': unicode_escape(self.key_pem.decode()),
-      '@@ssl_from_slave_certificate_pem@@': unicode_escape(
-        self.ssl_from_slave_certificate_pem.decode()),
-      '@@ssl_from_slave_key_pem@@': unicode_escape(
-        self.ssl_from_slave_key_pem.decode()),
-      '@@customdomain_certificate_pem@@': unicode_escape(
-        self.customdomain_certificate_pem.decode()),
-      '@@customdomain_key_pem@@': unicode_escape(
-        self.customdomain_key_pem.decode()),
-      '@@ssl_from_slave_kedifa_overrides_key_pem@@': unicode_escape(
-        self.ssl_from_slave_kedifa_overrides_key_pem.decode()),
-      '@@ssl_from_slave_kedifa_overrides_certificate_pem@@': unicode_escape(
-        self.ssl_from_slave_kedifa_overrides_certificate_pem.decode()),
-      '@@customdomain_ca_certificate_pem@@': unicode_escape(
-        self.customdomain_ca_certificate_pem.decode()),
-      '@@customdomain_ca_key_pem@@': unicode_escape(
-        self.customdomain_ca_key_pem.decode()),
-      '@@ca.certificate_pem@@': unicode_escape(
-        self.ca.certificate_pem.decode()),
-      '@@sslcacrtgarbage_ca_certificate_pem@@': unicode_escape(
-        self.sslcacrtgarbage_ca_certificate_pem.decode()),
-      '@@sslcacrtgarbage_ca_key_pem@@': unicode_escape(
-        self.sslcacrtgarbage_ca_key_pem.decode()),
-      '@@type_notebook_ssl_from_slave_certificate_pem@@': unicode_escape(
-        self.type_notebook_ssl_from_slave_certificate_pem.decode()),
-      '@@type_notebook_ssl_from_slave_key_pem@@': unicode_escape(
-        self.type_notebook_ssl_from_slave_key_pem.decode()),
-      '@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem@@':
-      unicode_escape(
-        self.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem
-        .decode()),
-      '@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem@@':
-      unicode_escape(
-        self.type_notebook_ssl_from_slave_kedifa_overrides_key_pem.decode()),
-    }
-    for key in list(local_replacement_dict.keys()):
-      new_key = ''.join([key[:-2], '_double', '@@'])
-      local_replacement_dict[new_key] = unicode_escape(
-        local_replacement_dict[key])
-    data_replacement_dict.update(**local_replacement_dict)
-  @classmethod
-  def setUpMaster(cls):
-    parameter_dict = cls.requestDefaultInstance().getConnectionParameterDict()
-    cls._fetchKedifaCaucaseCaCertificateFile(parameter_dict)
-    # Do not upload certificates for the master partition
-  @classmethod
-  def prepareCertificate(cls):
-    _, cls.ssl_from_slave_key_pem, _, cls.ssl_from_slave_certificate_pem = \
-      createSelfSignedCertificate(
-        [
-          'sslfromslave.example.com',
-        ])
-    _, cls.ssl_from_slave_kedifa_overrides_key_pem, _, \
-        cls.ssl_from_slave_kedifa_overrides_certificate_pem = \
-        createSelfSignedCertificate(
-          [
-            'sslfromslavekedifaoverrides.example.com',
-          ])
-    _, cls.type_notebook_ssl_from_slave_key_pem, _, \
-        cls.type_notebook_ssl_from_slave_certificate_pem = \
-        createSelfSignedCertificate(
-          [
-            'typenotebooksslfromslave.example.com',
-          ])
-    _, cls.type_notebook_ssl_from_slave_kedifa_overrides_key_pem, _, \
-        cls.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem = \
-        createSelfSignedCertificate(
-          [
-            'typenotebooksslfromslavekedifaoverrides.example.com',
-          ])
-    cls.ca = CertificateAuthority(
-      'TestSlaveSlapOSMasterCertificateCompatibility')
-    _, cls.customdomain_ca_key_pem, csr, _ = createCSR(
-      'customdomainsslcrtsslkeysslcacrt.example.com')
-    _, cls.customdomain_ca_certificate_pem = cls.ca.signCSR(csr)
-    _, cls.sslcacrtgarbage_ca_key_pem, csr, _ = createCSR(
-      'sslcacrtgarbage.example.com')
-    _, cls.sslcacrtgarbage_ca_certificate_pem = cls.ca.signCSR(csr)
-    _, cls.ssl_from_slave_ca_key_pem, csr, _ = createCSR(
-      'sslfromslave.example.com')
-    _, cls.ssl_from_slave_ca_certificate_pem = cls.ca.signCSR(csr)
-    _, cls.customdomain_key_pem, _, cls.customdomain_certificate_pem = \
-        createSelfSignedCertificate(['customdomainsslcrtsslkey.example.com'])
-    super(
-      TestSlaveSlapOSMasterCertificateCompatibility, cls).prepareCertificate()
-  @classmethod
-  def getInstanceParameterDict(cls):
-    return {
-      'domain': 'example.com',
-      'apache-certificate': cls.certificate_pem,
-      'apache-key': cls.key_pem,
-      'port': HTTPS_PORT,
-      'plain_http_port': HTTP_PORT,
-      'kedifa_port': KEDIFA_PORT,
-      'caucase_port': CAUCASE_PORT,
-      'mpm-graceful-shutdown-timeout': 2,
-    }
-  @classmethod
-  def getSlaveParameterDictDict(cls):
-    return {
-      'ssl_from_master': {
-        'url': cls.backend_url,
-        'enable_cache': True,
-      },
-      'ssl_from_master_kedifa_overrides': {
-        'url': cls.backend_url,
-      },
-      'ssl_from_slave': {
-        'url': cls.backend_url,
-        'ssl_crt': cls.ssl_from_slave_certificate_pem,
-        'ssl_key': cls.ssl_from_slave_key_pem,
-      },
-      'ssl_from_slave_kedifa_overrides': {
-        'url': cls.backend_url,
-        'ssl_crt': cls.ssl_from_slave_kedifa_overrides_certificate_pem,
-        'ssl_key': cls.ssl_from_slave_kedifa_overrides_key_pem,
-      },
-      'custom_domain_ssl_crt_ssl_key': {
-        'url': cls.backend_url,
-        'ssl_crt': cls.customdomain_certificate_pem,
-        'ssl_key': cls.customdomain_key_pem,
-        'custom_domain': 'customdomainsslcrtsslkey.example.com'
-      },
-      'custom_domain_ssl_crt_ssl_key_ssl_ca_crt': {
-        'url': cls.backend_url,
-        'ssl_crt': cls.customdomain_ca_certificate_pem,
-        'ssl_key': cls.customdomain_ca_key_pem,
-        'ssl_ca_crt': cls.ca.certificate_pem,
-        'custom_domain': 'customdomainsslcrtsslkeysslcacrt.example.com',
-      },
-      'ssl_ca_crt_garbage': {
-        'url': cls.backend_url,
-        'ssl_crt': cls.sslcacrtgarbage_ca_certificate_pem,
-        'ssl_key': cls.sslcacrtgarbage_ca_key_pem,
-        'ssl_ca_crt': 'some garbage',
-      },
-      'ssl_ca_crt_does_not_match': {
-        'url': cls.backend_url,
-        'ssl_crt': cls.certificate_pem,
-        'ssl_key': cls.key_pem,
-        'ssl_ca_crt': cls.ca.certificate_pem,
-      },
-      'type-notebook-ssl_from_master': {
-        'url': cls.backend_url,
-        'type': 'notebook',
-      },
-      'type-notebook-ssl_from_slave': {
-        'url': cls.backend_url,
-        'ssl_crt': cls.type_notebook_ssl_from_slave_certificate_pem,
-        'ssl_key': cls.type_notebook_ssl_from_slave_key_pem,
-        'type': 'notebook',
-      },
-      'type-notebook-ssl_from_master_kedifa_overrides': {
-        'url': cls.backend_url,
-        'type': 'notebook',
-      },
-      'type-notebook-ssl_from_slave_kedifa_overrides': {
-        'url': cls.backend_url,
-        'ssl_crt':
-        cls.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem,
-        'ssl_key':
-        cls.type_notebook_ssl_from_slave_kedifa_overrides_key_pem,
-        'type': 'notebook',
-      }
-    }
-  def test_master_partition_state(self):
-    parameter_dict = self.parseConnectionParameterDict()
-    self.assertKeyWithPop('monitor-setup-url', parameter_dict)
-    self.assertBackendHaproxyStatisticUrl(parameter_dict)
-    self.assertKedifaKeysWithPop(parameter_dict, 'master-')
-    self.assertNodeInformationWithPop(parameter_dict)
-    self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)
-    expected_parameter_dict = {
-      'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
-      'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
-      'domain': 'example.com',
-      'accepted-slave-amount': '12',
-      'rejected-slave-amount': '0',
-      'slave-amount': '12',
-      'rejected-slave-dict': {
-      },
-      'warning-list': [
-        'apache-certificate is obsolete, please use master-key-upload-url',
-        'apache-key is obsolete, please use master-key-upload-url',
-      ],
-      'warning-slave-dict': {
-        '_custom_domain_ssl_crt_ssl_key': [
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url'
-        ],
-        '_custom_domain_ssl_crt_ssl_key_ssl_ca_crt': [
-          'ssl_ca_crt is obsolete, please use key-upload-url',
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url'
-        ],
-        '_ssl_ca_crt_does_not_match': [
-          'ssl_ca_crt is obsolete, please use key-upload-url',
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url',
-        ],
-        '_ssl_ca_crt_garbage': [
-          'ssl_ca_crt is obsolete, please use key-upload-url',
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url',
-        ],
-        # u'_ssl_ca_crt_only': [
-        #   u'ssl_ca_crt is obsolete, please use key-upload-url',
-        # ],
-        '_ssl_from_slave': [
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url',
-        ],
-        '_ssl_from_slave_kedifa_overrides': [
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url',
-        ],
-        # u'_ssl_key-ssl_crt-unsafe': [
-        #   u'ssl_key is obsolete, please use key-upload-url',
-        #   u'ssl_crt is obsolete, please use key-upload-url',
-        # ],
-        '_type-notebook-ssl_from_slave': [
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url',
-        ],
-        '_type-notebook-ssl_from_slave_kedifa_overrides': [
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url',
-        ],
-      }
-    }
-    self.assertEqual(
-      expected_parameter_dict,
-      parameter_dict
-    )
-  def test_ssl_from_master(self):
-    parameter_dict = self.assertSlaveBase('ssl_from_master')
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-  def test_ssl_from_master_kedifa_overrides(self):
-    parameter_dict = self.assertSlaveBase('ssl_from_master_kedifa_overrides')
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-    _, key_pem, _, certificate_pem = \
-        createSelfSignedCertificate([parameter_dict['domain']])
-    # as now the place to put the key is known put the key there
-    auth = requests.get(
-      self.current_generate_auth,
-      verify=self.kedifa_caucase_ca_certificate_file)
-    self.assertEqual(http.client.CREATED, auth.status_code)
-    data = certificate_pem + key_pem
-    upload = requests.put(
-      self.current_upload_url + auth.text,
-      data=data,
-      verify=self.kedifa_caucase_ca_certificate_file)
-    self.assertEqual(http.client.CREATED, upload.status_code)
-    self.runKedifaUpdater()
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-  def test_ssl_from_slave(self):
-    parameter_dict = self.assertSlaveBase(
-      'ssl_from_slave',
-      expected_parameter_dict={
-        'warning-list': [
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url',
-         ]
-      })
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      self.ssl_from_slave_certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-  def test_ssl_from_slave_kedifa_overrides(self):
-    parameter_dict = self.assertSlaveBase(
-      'ssl_from_slave_kedifa_overrides',
-      expected_parameter_dict={
-        'warning-list': ['ssl_crt is obsolete, please use key-upload-url',
-                         'ssl_key is obsolete, please use key-upload-url']
-      })
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      self.ssl_from_slave_kedifa_overrides_certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-    _, key_pem, _, certificate_pem = \
-        createSelfSignedCertificate([parameter_dict['domain']])
-    # as now the place to put the key is known put the key there
-    auth = requests.get(
-      self.current_generate_auth,
-      verify=self.kedifa_caucase_ca_certificate_file)
-    self.assertEqual(http.client.CREATED, auth.status_code)
-    data = certificate_pem + key_pem
-    upload = requests.put(
-      self.current_upload_url + auth.text,
-      data=data,
-      verify=self.kedifa_caucase_ca_certificate_file)
-    self.assertEqual(http.client.CREATED, upload.status_code)
-    self.runKedifaUpdater()
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-  def test_type_notebook_ssl_from_master(self):
-    parameter_dict = self.assertSlaveBase('type-notebook-ssl_from_master')
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path',
-      HTTPS_PORT)
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-  def test_type_notebook_ssl_from_master_kedifa_overrides(self):
-    parameter_dict = self.assertSlaveBase(
-      'type-notebook-ssl_from_master_kedifa_overrides')
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path',
-      HTTPS_PORT)
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-    _, key_pem, _, certificate_pem = \
-        createSelfSignedCertificate([parameter_dict['domain']])
-    # as now the place to put the key is known put the key there
-    auth = requests.get(
-      self.current_generate_auth,
-      verify=self.kedifa_caucase_ca_certificate_file)
-    self.assertEqual(http.client.CREATED, auth.status_code)
-    data = certificate_pem + key_pem
-    upload = requests.put(
-      self.current_upload_url + auth.text,
-      data=data,
-      verify=self.kedifa_caucase_ca_certificate_file)
-    self.assertEqual(http.client.CREATED, upload.status_code)
-    self.runKedifaUpdater()
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path',
-      HTTPS_PORT)
-    self.assertEqual(
-      certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-  def test_type_notebook_ssl_from_slave(self):
-    parameter_dict = self.assertSlaveBase(
-      'type-notebook-ssl_from_slave',
-      expected_parameter_dict={
-        'warning-list': [
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url',
-         ]
-      })
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path',
-      HTTPS_PORT)
-    self.assertEqual(
-      self.type_notebook_ssl_from_slave_certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-  def test_type_notebook_ssl_from_slave_kedifa_overrides(self):
-    parameter_dict = self.assertSlaveBase(
-      'type-notebook-ssl_from_slave_kedifa_overrides',
-      expected_parameter_dict={
-        'warning-list': ['ssl_crt is obsolete, please use key-upload-url',
-                         'ssl_key is obsolete, please use key-upload-url']
-      })
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path',
-      HTTPS_PORT)
-    self.assertEqual(
-      self.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-    _, key_pem, _, certificate_pem = \
-        createSelfSignedCertificate([parameter_dict['domain']])
-    # as now the place to put the key is known put the key there
-    auth = requests.get(
-      self.current_generate_auth,
-      verify=self.kedifa_caucase_ca_certificate_file)
-    self.assertEqual(http.client.CREATED, auth.status_code)
-    data = certificate_pem + key_pem
-    upload = requests.put(
-      self.current_upload_url + auth.text,
-      data=data,
-      verify=self.kedifa_caucase_ca_certificate_file)
-    self.assertEqual(http.client.CREATED, upload.status_code)
-    self.runKedifaUpdater()
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path',
-      HTTPS_PORT)
-    self.assertEqual(
-      certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-  @skip('Not implemented in new test system')
-  def test_custom_domain_ssl_crt_ssl_key(self):
-    parameter_dict = self.assertSlaveBase(
-      'custom_domain_ssl_crt_ssl_key',
-      expected_parameter_dict={
-        'warning-list': ['ssl_key is obsolete, please use key-upload-url',
-                         'ssl_crt is obsolete, please use key-upload-url']
-      })
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      self.customdomain_certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-  def test_ssl_ca_crt(self):
-    parameter_dict = self.assertSlaveBase(
-      'custom_domain_ssl_crt_ssl_key_ssl_ca_crt',
-      expected_parameter_dict={
-        'warning-list': [
-          'ssl_ca_crt is obsolete, please use key-upload-url',
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url'
-        ]
-      })
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      self.customdomain_ca_certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-    certificate_file_list = glob.glob(os.path.join(
-      self.instance_path, '*', 'srv', 'bbb-ssl',
-      '_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.crt'))
-    self.assertEqual(1, len(certificate_file_list))
-    certificate_file = certificate_file_list[0]
-    with open(certificate_file) as out:
-      expected = \
-        self.customdomain_ca_certificate_pem.decode() + '\n' + \
-        self.ca.certificate_pem.decode() + '\n' + \
-        self.customdomain_ca_key_pem.decode()
-      self.assertEqual(
-        expected,
-        out.read()
-      )
-    ca = CertificateAuthority(
-      'TestSlaveSlapOSMasterCertificateCompatibility')
-    _, customdomain_ca_key_pem, csr, _ = createCSR(
-      'customdomainsslcrtsslkeysslcacrt.example.com')
-    _, customdomain_ca_certificate_pem = ca.signCSR(csr)
-    slave_parameter_dict = self.getSlaveParameterDictDict()[
-      'custom_domain_ssl_crt_ssl_key_ssl_ca_crt'].copy()
-    slave_parameter_dict.update(
-      ssl_crt=customdomain_ca_certificate_pem,
-      ssl_key=customdomain_ca_key_pem,
-      ssl_ca_crt=ca.certificate_pem,
-    )
-    self.requestSlaveInstance(
-        partition_reference='custom_domain_ssl_crt_ssl_key_ssl_ca_crt',
-        partition_parameter_kw=slave_parameter_dict,
-    )
-    self.slap.waitForInstance()
-    self.runKedifaUpdater()
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      customdomain_ca_certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-    certificate_file_list = glob.glob(os.path.join(
-      self.instance_path, '*', 'srv', 'bbb-ssl',
-      '_custom_domain_ssl_crt_ssl_key_ssl_ca_crt.crt'))
-    self.assertEqual(1, len(certificate_file_list))
-    certificate_file = certificate_file_list[0]
-    with open(certificate_file) as out:
-      expected = customdomain_ca_certificate_pem.decode() + '\n' + \
-        ca.certificate_pem.decode() + '\n' + \
-        customdomain_ca_key_pem.decode()
-      self.assertEqual(
-        expected,
-        out.read()
-      )
-  def test_ssl_ca_crt_garbage(self):
-    parameter_dict = self.assertSlaveBase(
-      'ssl_ca_crt_garbage',
-      expected_parameter_dict={
-        'warning-list': [
-          'ssl_ca_crt is obsolete, please use key-upload-url',
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url']
-      })
-    result = fakeHTTPSResult(
-        parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      self.sslcacrtgarbage_ca_certificate_pem,
-      der2pem(result.peercert)
-    )
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-  def test_ssl_ca_crt_does_not_match(self):
-    parameter_dict = self.assertSlaveBase(
-      'ssl_ca_crt_does_not_match',
-      expected_parameter_dict={
-        'warning-list': [
-          'ssl_ca_crt is obsolete, please use key-upload-url',
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url'
-        ]
-      })
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-    certificate_file_list = glob.glob(os.path.join(
-      self.instance_path, '*', 'srv', 'bbb-ssl',
-      '_ssl_ca_crt_does_not_match.crt'))
-    self.assertEqual(1, len(certificate_file_list))
-    certificate_file = certificate_file_list[0]
-    with open(certificate_file) as out:
-      expected = self.certificate_pem.decode() + '\n' + \
-        self.ca.certificate_pem.decode() + '\n' + \
-        self.key_pem.decode()
-      self.assertEqual(
-        expected,
-        out.read()
-      )
-class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
-  SlaveHttpFrontendTestCase, TestDataMixin):
-  @classmethod
-  def setUpMaster(cls):
-    parameter_dict = cls.requestDefaultInstance().getConnectionParameterDict()
-    cls._fetchKedifaCaucaseCaCertificateFile(parameter_dict)
-    # Do not upload certificates for the master partition
-  def _updateDataReplacementDict(self, data_replacement_dict):
-    local_replacement_dict = {
-      '@@certificate_pem@@': unicode_escape(self.certificate_pem.decode()),
-      '@@key_pem@@': unicode_escape(self.key_pem.decode()),
-    }
-    for key in list(local_replacement_dict.keys()):
-      new_key = ''.join([key[:-2], '_double', '@@'])
-      local_replacement_dict[new_key] = unicode_escape(
-        local_replacement_dict[key])
-    data_replacement_dict.update(**local_replacement_dict)
-  instance_parameter_dict = {
-    'domain': 'example.com',
-    'port': HTTPS_PORT,
-    'plain_http_port': HTTP_PORT,
-    'kedifa_port': KEDIFA_PORT,
-    'caucase_port': CAUCASE_PORT,
-    'mpm-graceful-shutdown-timeout': 2,
-  }
-  @classmethod
-  def getInstanceParameterDict(cls):
-    if 'apache-certificate' not in cls.instance_parameter_dict:
-      cls.instance_parameter_dict.update(**{
-        'apache-certificate': cls.certificate_pem,
-        'apache-key': cls.key_pem,
-      })
-    return cls.instance_parameter_dict
-  @classmethod
-  def getSlaveParameterDictDict(cls):
-    return {
-      'ssl_from_master': {
-        'url': cls.backend_url,
-        'enable_cache': True,
-      },
-    }
-  def test_master_partition_state(self):
-    parameter_dict = self.parseConnectionParameterDict()
-    self.assertKeyWithPop('monitor-setup-url', parameter_dict)
-    self.assertBackendHaproxyStatisticUrl(parameter_dict)
-    self.assertKedifaKeysWithPop(parameter_dict, 'master-')
-    self.assertNodeInformationWithPop(parameter_dict)
-    self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)
-    expected_parameter_dict = {
-      'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
-      'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
-      'domain': 'example.com',
-      'accepted-slave-amount': '1',
-      'rejected-slave-amount': '0',
-      'rejected-slave-dict': {},
-      'slave-amount': '1',
-      'warning-list': [
-        'apache-certificate is obsolete, please use master-key-upload-url',
-        'apache-key is obsolete, please use master-key-upload-url',
-      ],
-    }
-    self.assertEqual(
-      expected_parameter_dict,
-      parameter_dict
-    )
-  def test_apache_key_apache_certificate_update(self):
-    parameter_dict = self.assertSlaveBase('ssl_from_master')
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-    _, key_pem, _, certificate_pem = createSelfSignedCertificate(
-      [
-        '*.customdomain.example.com',
-        '*.example.com',
-        '*.alias1.example.com',
-      ])
-    self.instance_parameter_dict.update(**{
-      'apache-certificate': certificate_pem,
-      'apache-key': key_pem,
-    })
-    self.requestDefaultInstance()
-    self.slap.waitForInstance()
-    self.runKedifaUpdater()
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], 'test-path')
-    self.assertEqual(
-      certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
 class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
  @classmethod
  def getInstanceParameterDict(cls):
@@ -5964,14 +5132,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
        'custom_domain': 'duplicate.example.com',
        'server-alias': 'duplicate.example.com',
      },
-      'SSL_CA_CRT_ONLY': {
-        'url': cls.backend_url,
-        'ssl_ca_crt': cls.ca.certificate_pem,
-      },
-      'SSL_KEY-SSL_CRT-UNSAFE': {
-        'ssl_key': '${section:option}ssl_keyunsafe\nunsafe',
-        'ssl_crt': '${section:option}ssl_crtunsafe\nunsafe',
-      },
      'health-check-http-method': {
        'health-check': True,
        'health-check-http-method': 'WRONG',
@@ -6050,8 +5210,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
      'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
      'domain': 'example.com',
      'accepted-slave-amount': '5',
-      'rejected-slave-amount': '28',
+      'rejected-slave-amount': '26',
-      'slave-amount': '33',
+      'slave-amount': '31',
      'rejected-slave-dict': {
        '_HTTPS-URL': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
                       ' invalid'],
@@ -6076,10 +5236,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
        '_SITE_2': ["custom_domain 'duplicate.example.com' clashes"],
        '_SITE_3': ["server-alias 'duplicate.example.com' clashes"],
        '_SITE_4': ["custom_domain 'duplicate.example.com' clashes"],
-        '_SSL_CA_CRT_ONLY': [
-          "ssl_ca_crt is present, so ssl_crt and ssl_key are required"],
-        '_SSL_KEY-SSL_CRT-UNSAFE': [
-          "slave ssl_key and ssl_crt does not match"],
        '_BAD-BACKEND': [
          "slave https-url 'http://host.domain:badport' invalid",
          "slave url 'http://1:2:3:4' invalid"],
@@ -6117,12 +5273,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
        '_health-check-timeout-negative': [
          'Wrong health-check-timeout -2'],
      },
-      'warning-slave-dict': {
-        '_SSL_CA_CRT_ONLY': [
-          'ssl_ca_crt is obsolete, please use key-upload-url'],
-        '_SSL_KEY-SSL_CRT-UNSAFE': [
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url']}
    }
    self.assertEqual(
@@ -6398,33 +5548,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
      parameter_dict
    )
-  def test_ssl_ca_crt_only(self):
-    parameter_dict = self.parseSlaveParameterDict('SSL_CA_CRT_ONLY')
-    self.assertNodeInformationWithPop(parameter_dict)
-    self.assertEqual(
-      parameter_dict,
-      {
-        'request-error-list': [
-          "ssl_ca_crt is present, so ssl_crt and ssl_key are required"],
-        'warning-list': [
-          'ssl_ca_crt is obsolete, please use key-upload-url',
-        ],
-      }
-    )
-  def test_ssl_key_ssl_crt_unsafe(self):
-    parameter_dict = self.parseSlaveParameterDict('SSL_KEY-SSL_CRT-UNSAFE')
-    self.assertNodeInformationWithPop(parameter_dict)
-    self.assertEqual(
-      {
-        'request-error-list': ["slave ssl_key and ssl_crt does not match"],
-        'warning-list': [
-          'ssl_crt is obsolete, please use key-upload-url',
-          'ssl_key is obsolete, please use key-upload-url']
-      },
-      parameter_dict
-    )
  def test_bad_backend(self):
    parameter_dict = self.parseSlaveParameterDict('BAD-BACKEND')
    self.assertNodeInformationWithPop(parameter_dict)
@@ -6558,8 +5681,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
      'automatic-internal-kedifa-caucase-csr': False,
      'automatic-internal-backend-client-caucase-csr': False,
      # all nodes partition parameters
-      'apache-certificate': self.certificate_pem,
-      'apache-key': self.key_pem,
      'domain': 'example.com',
      'enable-http2-by-default': True,
      'mpm-graceful-shutdown-timeout': 2,
@@ -6643,8 +5764,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
    expected_partition_parameter_dict_dict = {
      'caddy-frontend-1': {
        'X-software_release_url': base_software_url,
-        'apache-certificate': self.certificate_pem.decode(),
-        'apache-key': self.key_pem.decode(),
        'authenticate-to-backend': 'True',
        'backend-client-caucase-url': backend_client_caucase_url,
        'backend-connect-retries': '1',
@@ -6669,8 +5788,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
      },
      'caddy-frontend-2': {
        'X-software_release_url': self.frontend_2_sr,
-        'apache-certificate': self.certificate_pem.decode(),
-        'apache-key': self.key_pem.decode(),
        'authenticate-to-backend': 'True',
        'backend-client-caucase-url': backend_client_caucase_url,
        'backend-connect-retries': '1',
@@ -6695,8 +5812,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
      },
      'caddy-frontend-3': {
        'X-software_release_url': self.frontend_3_sr,
-        'apache-certificate': self.certificate_pem.decode(),
-        'apache-key': self.key_pem.decode(),
        'authenticate-to-backend': 'True',
        'backend-client-caucase-url': backend_client_caucase_url,
        'backend-connect-retries': '1',
@@ -6740,8 +5855,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        '-sla-2-computer_guid': 'local',
        '-sla-3-computer_guid': 'local',
        'X-software_release_url': base_software_url,
-        'apache-certificate': self.certificate_pem.decode(),
-        'apache-key': self.key_pem.decode(),
        'authenticate-to-backend': 'True',
        'automatic-internal-backend-client-caucase-csr': 'False',
        'automatic-internal-kedifa-caucase-csr': 'False',

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00cluster_request_instance_parameter_dict.txt
-[
-  {
-    "apache-certificate": "@@certificate_pem@@",
-    "apache-key": "@@key_pem@@",
-    "caucase_port": "15090",
-    "domain": "example.com",
-    "full_address_list": [],
-    "instance_title": "testing partition 0",
-    "ip_list": [
-      [
-        "T-0",
-        "@@_ipv4_address@@"
-      ],
-      [
-        "T-0",
-        "@@_ipv6_address@@"
-      ]
-    ],
-    "kedifa_port": "15080",
-    "mpm-graceful-shutdown-timeout": "2",
-    "plain_http_port": "11080",
-    "port": "11443",
-    "root_instance_title": "testing partition 0",
-    "slap_computer_id": "local",
-    "slap_computer_partition_id": "T-0",
-    "slap_software_release_url": "@@00getSoftwareURL@@",
-    "slap_software_type": "RootSoftwareInstance",
-    "slave_instance_list": [
-      {
-        "enable_cache": true,
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_ssl_from_master",
-        "slave_title": "_ssl_from_master",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_ssl_from_master_kedifa_overrides",
-        "slave_title": "_ssl_from_master_kedifa_overrides",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_ssl_from_slave",
-        "slave_title": "_ssl_from_slave",
-        "ssl_crt": "@@ssl_from_slave_certificate_pem@@",
-        "ssl_key": "@@ssl_from_slave_key_pem@@",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_ssl_from_slave_kedifa_overrides",
-        "slave_title": "_ssl_from_slave_kedifa_overrides",
-        "ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
-        "ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "custom_domain": "customdomainsslcrtsslkey.example.com",
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_custom_domain_ssl_crt_ssl_key",
-        "slave_title": "_custom_domain_ssl_crt_ssl_key",
-        "ssl_crt": "@@customdomain_certificate_pem@@",
-        "ssl_key": "@@customdomain_key_pem@@",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "custom_domain": "customdomainsslcrtsslkeysslcacrt.example.com",
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_custom_domain_ssl_crt_ssl_key_ssl_ca_crt",
-        "slave_title": "_custom_domain_ssl_crt_ssl_key_ssl_ca_crt",
-        "ssl_ca_crt": "@@ca.certificate_pem@@",
-        "ssl_crt": "@@customdomain_ca_certificate_pem@@",
-        "ssl_key": "@@customdomain_ca_key_pem@@",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_ssl_ca_crt_garbage",
-        "slave_title": "_ssl_ca_crt_garbage",
-        "ssl_ca_crt": "some garbage",
-        "ssl_crt": "@@sslcacrtgarbage_ca_certificate_pem@@",
-        "ssl_key": "@@sslcacrtgarbage_ca_key_pem@@",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_ssl_ca_crt_does_not_match",
-        "slave_title": "_ssl_ca_crt_does_not_match",
-        "ssl_ca_crt": "@@ca.certificate_pem@@",
-        "ssl_crt": "@@certificate_pem@@",
-        "ssl_key": "@@key_pem@@",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_type-notebook-ssl_from_master",
-        "slave_title": "_type-notebook-ssl_from_master",
-        "type": "notebook",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_type-notebook-ssl_from_slave",
-        "slave_title": "_type-notebook-ssl_from_slave",
-        "ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
-        "ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
-        "type": "notebook",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
-        "slave_title": "_type-notebook-ssl_from_master_kedifa_overrides",
-        "type": "notebook",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      },
-      {
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_type-notebook-ssl_from_slave_kedifa_overrides",
-        "slave_title": "_type-notebook-ssl_from_slave_kedifa_overrides",
-        "ssl_crt": "@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem@@",
-        "ssl_key": "@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem@@",
-        "type": "notebook",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      }
-    ],
-    "timestamp": "@@TIMESTAMP@@"
-  },
-  {
-    "_": {
-      "caucase_port": "15090",
-      "cluster-identification": "testing partition 0",
-      "kedifa_port": "15080",
-      "monitor-cors-domains": "monitor.app.officejs.com",
-      "monitor-httpd-port": "8402",
-      "monitor-password": "@@monitor-password@@",
-      "monitor-username": "admin",
-      "slave-list": [
-        {
-          "custom_domain": "customdomainsslcrtsslkey.example.com",
-          "slave_reference": "_custom_domain_ssl_crt_ssl_key",
-          "ssl_crt": "@@customdomain_certificate_pem@@",
-          "ssl_key": "@@customdomain_key_pem@@",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "custom_domain": "customdomainsslcrtsslkeysslcacrt.example.com",
-          "slave_reference": "_custom_domain_ssl_crt_ssl_key_ssl_ca_crt",
-          "ssl_ca_crt": "@@ca.certificate_pem@@",
-          "ssl_crt": "@@customdomain_ca_certificate_pem@@",
-          "ssl_key": "@@customdomain_ca_key_pem@@",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "slave_reference": "_ssl_ca_crt_does_not_match",
-          "ssl_ca_crt": "@@ca.certificate_pem@@",
-          "ssl_crt": "@@certificate_pem@@",
-          "ssl_key": "@@key_pem@@",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "slave_reference": "_ssl_ca_crt_garbage",
-          "ssl_ca_crt": "some garbage",
-          "ssl_crt": "@@sslcacrtgarbage_ca_certificate_pem@@",
-          "ssl_key": "@@sslcacrtgarbage_ca_key_pem@@",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "enable_cache": true,
-          "slave_reference": "_ssl_from_master",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "slave_reference": "_ssl_from_master_kedifa_overrides",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "slave_reference": "_ssl_from_slave",
-          "ssl_crt": "@@ssl_from_slave_certificate_pem@@",
-          "ssl_key": "@@ssl_from_slave_key_pem@@",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "slave_reference": "_ssl_from_slave_kedifa_overrides",
-          "ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
-          "ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "slave_reference": "_type-notebook-ssl_from_master",
-          "type": "notebook",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
-          "type": "notebook",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "slave_reference": "_type-notebook-ssl_from_slave",
-          "ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
-          "ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
-          "type": "notebook",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        },
-        {
-          "slave_reference": "_type-notebook-ssl_from_slave_kedifa_overrides",
-          "ssl_crt": "@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem@@",
-          "ssl_key": "@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem@@",
-          "type": "notebook",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        }
-      ]
-    },
-    "full_address_list": [],
-    "instance_title": "kedifa",
-    "ip_list": [
-      [
-        "T-1",
-        "@@_ipv4_address@@"
-      ],
-      [
-        "T-1",
-        "@@_ipv6_address@@"
-      ]
-    ],
-    "root_instance_title": "testing partition 0",
-    "slap_computer_id": "local",
-    "slap_computer_partition_id": "T-1",
-    "slap_software_release_url": "@@00getSoftwareURL@@",
-    "slap_software_type": "kedifa",
-    "slave_instance_list": [],
-    "timestamp": "@@TIMESTAMP@@"
-  },
-  {
-    "_": {
-      "apache-certificate": "@@certificate_pem@@",
-      "apache-key": "@@key_pem@@",
-      "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
-      "cluster-identification": "testing partition 0",
-      "domain": "example.com",
-      "extra_slave_instance_list": "[{\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"ssl_crt\": \"@@customdomain_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@customdomain_ca_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@certificate_pem_double@@\", \"ssl_key\": \"@@key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"ssl_ca_crt\": \"some garbage\", \"ssl_crt\": \"@@sslcacrtgarbage_ca_certificate_pem_double@@\", \"ssl_key\": \"@@sslcacrtgarbage_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_master_kedifa_overrides\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave\", \"ssl_crt\": \"@@ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master_kedifa_overrides\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
-      "frontend-name": "caddy-frontend-1",
-      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
-      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
-      "monitor-cors-domains": "monitor.app.officejs.com",
-      "monitor-httpd-port": 8411,
-      "monitor-password": "@@monitor-password@@",
-      "monitor-username": "admin",
-      "mpm-graceful-shutdown-timeout": "2",
-      "plain_http_port": "11080",
-      "port": "11443",
-      "slave-kedifa-information": "{\"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}}"
-    },
-    "full_address_list": [],
-    "instance_title": "caddy-frontend-1",
-    "ip_list": [
-      [
-        "T-2",
-        "@@_ipv4_address@@"
-      ],
-      [
-        "T-2",
-        "@@_ipv6_address@@"
-      ]
-    ],
-    "root_instance_title": "testing partition 0",
-    "slap_computer_id": "local",
-    "slap_computer_partition_id": "T-2",
-    "slap_software_release_url": "@@00getSoftwareURL@@",
-    "slap_software_type": "single-custom-personal",
-    "slave_instance_list": [],
-    "timestamp": "@@TIMESTAMP@@"
-  }
-]
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_etc_cron_d.txt
-T-0/etc/cron.d/logrotate
-T-0/etc/cron.d/monitor-configurator
-T-0/etc/cron.d/monitor-globalstate
-T-0/etc/cron.d/monitor_collect
-T-1/etc/cron.d/logrotate
-T-1/etc/cron.d/monitor-configurator
-T-1/etc/cron.d/monitor-globalstate
-T-1/etc/cron.d/monitor_collect
-T-2/etc/cron.d/logrotate
-T-2/etc/cron.d/monitor-configurator
-T-2/etc/cron.d/monitor-globalstate
-T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin.txt
-T-0/etc/plugin/__init__.py
-T-0/etc/plugin/aibcc-sign-promise.py
-T-0/etc/plugin/aibcc-user-caucase-updater.py
-T-0/etc/plugin/aikc-sign-promise.py
-T-0/etc/plugin/aikc-user-caucase-updater.py
-T-0/etc/plugin/buildout-T-0-status.py
-T-0/etc/plugin/caucased-backend-client.py
-T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
-T-0/etc/plugin/check-free-disk-space.py
-T-0/etc/plugin/master-key-download-url-ready-promise.py
-T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
-T-0/etc/plugin/master-key-upload-url-ready-promise.py
-T-0/etc/plugin/monitor-bootstrap-status.py
-T-0/etc/plugin/monitor-http-frontend.py
-T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
-T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
-T-0/etc/plugin/rejected-slave.py
-T-1/etc/plugin/__init__.py
-T-1/etc/plugin/buildout-T-1-status.py
-T-1/etc/plugin/caucased.py
-T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr-ip-port-listening.py
-T-1/etc/plugin/kedifa-http-reply.py
-T-1/etc/plugin/monitor-bootstrap-status.py
-T-1/etc/plugin/monitor-http-frontend.py
-T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
-T-1/etc/plugin/promise-kedifa-auth-ready.py
-T-1/etc/plugin/promise-logrotate-setup.py
-T-2/etc/plugin/__init__.py
-T-2/etc/plugin/backend-client-caucase-updater.py
-T-2/etc/plugin/backend-haproxy-configuration.py
-T-2/etc/plugin/backend-haproxy-statistic-frontend.py
-T-2/etc/plugin/backend_haproxy_http.py
-T-2/etc/plugin/backend_haproxy_https.py
-T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caucase-updater.py
-T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
-T-2/etc/plugin/monitor-bootstrap-status.py
-T-2/etc/plugin/monitor-http-frontend.py
-T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
-T-2/etc/plugin/promise-key-download-url-ready.py
-T-2/etc/plugin/promise-logrotate-setup.py
-T-2/etc/plugin/re6st-connectivity.py
-T-2/etc/plugin/slave-introspection-configuration.py
-T-2/etc/plugin/slave_introspection_https.py
-T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_run.txt
-T-0/var/run/monitor-httpd.pid
-T-1/var/run/kedifa.pid
-T-1/var/run/monitor-httpd.pid
-T-2/var/run/backend-haproxy-rsyslogd.pid
-T-2/var/run/backend-haproxy.pid
-T-2/var/run/backend_haproxy_configuration_last_state
-T-2/var/run/backend_haproxy_graceful_configuration_state_signature
-T-2/var/run/bhlog.sck
-T-2/var/run/graceful_configuration_state_signature
-T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
-T-2/var/run/slave-introspection.pid
-T-2/var/run/slave_introspection_configuration_last_state
-T-2/var/run/slave_introspection_graceful_configuration_state_signature
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_supervisor_state.txt
-T-0:aibcc-user-caucase-updater-on-watch RUNNING
-T-0:aikc-user-caucase-updater-on-watch RUNNING
-T-0:bootstrap-monitor EXITED
-T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
-T-0:certificate_authority-{hash-generic}-on-watch RUNNING
-T-0:crond-{hash-generic}-on-watch RUNNING
-T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
-T-0:monitor-httpd-graceful EXITED
-T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
-T-1:bootstrap-monitor EXITED
-T-1:caucase-updater-on-watch RUNNING
-T-1:caucased-{hash-generic}-on-watch RUNNING
-T-1:certificate_authority-{hash-generic}-on-watch RUNNING
-T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr-{hash-generic}-on-watch RUNNING
-T-1:kedifa-{hash-generic}-on-watch RUNNING
-T-1:kedifa-reloader EXITED
-T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
-T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
-T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
-T-2:backend-haproxy-safe-graceful EXITED
-T-2:bootstrap-monitor EXITED
-T-2:certificate_authority-{hash-generic}-on-watch RUNNING
-T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
-T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
-T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
-T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
-T-2:monitor-httpd-graceful EXITED
-T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
-T-2:slave-introspection-safe-graceful EXITED
-T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.zz_test_file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.zz_test_file_list_log.txt
-T-0/var/log/monitor-httpd-access.log
-T-0/var/log/monitor-httpd-error.log
-T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr.log
-T-1/var/log/kedifa.log
-T-1/var/log/monitor-httpd-access.log
-T-1/var/log/monitor-httpd-error.log
-T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
-T-2/var/log/frontend-error.log
-T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
-T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log
-T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
-T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
-T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log
-T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
-T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
-T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log
-T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
-T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
-T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log
-T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
-T-2/var/log/httpd/_ssl_from_master_access_log
-T-2/var/log/httpd/_ssl_from_master_backend_log
-T-2/var/log/httpd/_ssl_from_master_error_log
-T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_access_log
-T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_backend_log
-T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_error_log
-T-2/var/log/httpd/_ssl_from_slave_access_log
-T-2/var/log/httpd/_ssl_from_slave_backend_log
-T-2/var/log/httpd/_ssl_from_slave_error_log
-T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_access_log
-T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_backend_log
-T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_error_log
-T-2/var/log/httpd/_type-notebook-ssl_from_master_access_log
-T-2/var/log/httpd/_type-notebook-ssl_from_master_backend_log
-T-2/var/log/httpd/_type-notebook-ssl_from_master_error_log
-T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_access_log
-T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_backend_log
-T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_error_log
-T-2/var/log/httpd/_type-notebook-ssl_from_slave_access_log
-T-2/var/log/httpd/_type-notebook-ssl_from_slave_backend_log
-T-2/var/log/httpd/_type-notebook-ssl_from_slave_error_log
-T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_access_log
-T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_backend_log
-T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_error_log
-T-2/var/log/monitor-httpd-access.log
-T-2/var/log/monitor-httpd-error.log
-T-2/var/log/slave-introspection-access.log
-T-2/var/log/slave-introspection-error.log
-T-2/var/log/trafficserver/manager.log
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00cluster_request_instance_parameter_dict.txt
-[
-  {
-    "apache-certificate": "@@certificate_pem@@",
-    "apache-key": "@@key_pem@@",
-    "caucase_port": "15090",
-    "domain": "example.com",
-    "full_address_list": [],
-    "instance_title": "testing partition 0",
-    "ip_list": [
-      [
-        "T-0",
-        "@@_ipv4_address@@"
-      ],
-      [
-        "T-0",
-        "@@_ipv6_address@@"
-      ]
-    ],
-    "kedifa_port": "15080",
-    "mpm-graceful-shutdown-timeout": "2",
-    "plain_http_port": "11080",
-    "port": "11443",
-    "root_instance_title": "testing partition 0",
-    "slap_computer_id": "local",
-    "slap_computer_partition_id": "T-0",
-    "slap_software_release_url": "@@00getSoftwareURL@@",
-    "slap_software_type": "RootSoftwareInstance",
-    "slave_instance_list": [
-      {
-        "enable_cache": true,
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_ssl_from_master_kedifa_overrides_master_certificate",
-        "slave_title": "_ssl_from_master_kedifa_overrides_master_certificate",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      }
-    ],
-    "timestamp": "@@TIMESTAMP@@"
-  },
-  {
-    "_": {
-      "caucase_port": "15090",
-      "cluster-identification": "testing partition 0",
-      "kedifa_port": "15080",
-      "monitor-cors-domains": "monitor.app.officejs.com",
-      "monitor-httpd-port": "8402",
-      "monitor-password": "@@monitor-password@@",
-      "monitor-username": "admin",
-      "slave-list": [
-        {
-          "enable_cache": true,
-          "slave_reference": "_ssl_from_master_kedifa_overrides_master_certificate",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        }
-      ]
-    },
-    "full_address_list": [],
-    "instance_title": "kedifa",
-    "ip_list": [
-      [
-        "T-1",
-        "@@_ipv4_address@@"
-      ],
-      [
-        "T-1",
-        "@@_ipv6_address@@"
-      ]
-    ],
-    "root_instance_title": "testing partition 0",
-    "slap_computer_id": "local",
-    "slap_computer_partition_id": "T-1",
-    "slap_software_release_url": "@@00getSoftwareURL@@",
-    "slap_software_type": "kedifa",
-    "slave_instance_list": [],
-    "timestamp": "@@TIMESTAMP@@"
-  },
-  {
-    "_": {
-      "apache-certificate": "@@certificate_pem@@",
-      "apache-key": "@@key_pem@@",
-      "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
-      "cluster-identification": "testing partition 0",
-      "domain": "example.com",
-      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
-      "frontend-name": "caddy-frontend-1",
-      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
-      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
-      "monitor-cors-domains": "monitor.app.officejs.com",
-      "monitor-httpd-port": 8411,
-      "monitor-password": "@@monitor-password@@",
-      "monitor-username": "admin",
-      "mpm-graceful-shutdown-timeout": "2",
-      "plain_http_port": "11080",
-      "port": "11443",
-      "slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}"
-    },
-    "full_address_list": [],
-    "instance_title": "caddy-frontend-1",
-    "ip_list": [
-      [
-        "T-2",
-        "@@_ipv4_address@@"
-      ],
-      [
-        "T-2",
-        "@@_ipv6_address@@"
-      ]
-    ],
-    "root_instance_title": "testing partition 0",
-    "slap_computer_id": "local",
-    "slap_computer_partition_id": "T-2",
-    "slap_software_release_url": "@@00getSoftwareURL@@",
-    "slap_software_type": "single-custom-personal",
-    "slave_instance_list": [],
-    "timestamp": "@@TIMESTAMP@@"
-  }
-]
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_etc_cron_d.txt
-T-0/etc/cron.d/logrotate
-T-0/etc/cron.d/monitor-configurator
-T-0/etc/cron.d/monitor-globalstate
-T-0/etc/cron.d/monitor_collect
-T-1/etc/cron.d/logrotate
-T-1/etc/cron.d/monitor-configurator
-T-1/etc/cron.d/monitor-globalstate
-T-1/etc/cron.d/monitor_collect
-T-2/etc/cron.d/logrotate
-T-2/etc/cron.d/monitor-configurator
-T-2/etc/cron.d/monitor-globalstate
-T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin.txt
-T-0/etc/plugin/__init__.py
-T-0/etc/plugin/aibcc-sign-promise.py
-T-0/etc/plugin/aibcc-user-caucase-updater.py
-T-0/etc/plugin/aikc-sign-promise.py
-T-0/etc/plugin/aikc-user-caucase-updater.py
-T-0/etc/plugin/buildout-T-0-status.py
-T-0/etc/plugin/caucased-backend-client.py
-T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
-T-0/etc/plugin/check-free-disk-space.py
-T-0/etc/plugin/master-key-download-url-ready-promise.py
-T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
-T-0/etc/plugin/master-key-upload-url-ready-promise.py
-T-0/etc/plugin/monitor-bootstrap-status.py
-T-0/etc/plugin/monitor-http-frontend.py
-T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
-T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
-T-0/etc/plugin/rejected-slave.py
-T-1/etc/plugin/__init__.py
-T-1/etc/plugin/buildout-T-1-status.py
-T-1/etc/plugin/caucased.py
-T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr-ip-port-listening.py
-T-1/etc/plugin/kedifa-http-reply.py
-T-1/etc/plugin/monitor-bootstrap-status.py
-T-1/etc/plugin/monitor-http-frontend.py
-T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
-T-1/etc/plugin/promise-kedifa-auth-ready.py
-T-1/etc/plugin/promise-logrotate-setup.py
-T-2/etc/plugin/__init__.py
-T-2/etc/plugin/backend-client-caucase-updater.py
-T-2/etc/plugin/backend-haproxy-configuration.py
-T-2/etc/plugin/backend-haproxy-statistic-frontend.py
-T-2/etc/plugin/backend_haproxy_http.py
-T-2/etc/plugin/backend_haproxy_https.py
-T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caucase-updater.py
-T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
-T-2/etc/plugin/monitor-bootstrap-status.py
-T-2/etc/plugin/monitor-http-frontend.py
-T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
-T-2/etc/plugin/promise-key-download-url-ready.py
-T-2/etc/plugin/promise-logrotate-setup.py
-T-2/etc/plugin/re6st-connectivity.py
-T-2/etc/plugin/slave-introspection-configuration.py
-T-2/etc/plugin/slave_introspection_https.py
-T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_run.txt
-T-0/var/run/monitor-httpd.pid
-T-1/var/run/kedifa.pid
-T-1/var/run/monitor-httpd.pid
-T-2/var/run/backend-haproxy-rsyslogd.pid
-T-2/var/run/backend-haproxy.pid
-T-2/var/run/backend_haproxy_configuration_last_state
-T-2/var/run/backend_haproxy_graceful_configuration_state_signature
-T-2/var/run/bhlog.sck
-T-2/var/run/graceful_configuration_state_signature
-T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
-T-2/var/run/slave-introspection.pid
-T-2/var/run/slave_introspection_configuration_last_state
-T-2/var/run/slave_introspection_graceful_configuration_state_signature
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_supervisor_state.txt
-T-0:aibcc-user-caucase-updater-on-watch RUNNING
-T-0:aikc-user-caucase-updater-on-watch RUNNING
-T-0:bootstrap-monitor EXITED
-T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
-T-0:certificate_authority-{hash-generic}-on-watch RUNNING
-T-0:crond-{hash-generic}-on-watch RUNNING
-T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
-T-0:monitor-httpd-graceful EXITED
-T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
-T-1:bootstrap-monitor EXITED
-T-1:caucase-updater-on-watch RUNNING
-T-1:caucased-{hash-generic}-on-watch RUNNING
-T-1:certificate_authority-{hash-generic}-on-watch RUNNING
-T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr-{hash-generic}-on-watch RUNNING
-T-1:kedifa-{hash-generic}-on-watch RUNNING
-T-1:kedifa-reloader EXITED
-T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
-T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
-T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
-T-2:backend-haproxy-safe-graceful EXITED
-T-2:bootstrap-monitor EXITED
-T-2:certificate_authority-{hash-generic}-on-watch RUNNING
-T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
-T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
-T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
-T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
-T-2:monitor-httpd-graceful EXITED
-T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
-T-2:slave-introspection-safe-graceful EXITED
-T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.zz_test_file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.zz_test_file_list_log.txt
-T-0/var/log/monitor-httpd-access.log
-T-0/var/log/monitor-httpd-error.log
-T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr.log
-T-1/var/log/kedifa.log
-T-1/var/log/monitor-httpd-access.log
-T-1/var/log/monitor-httpd-error.log
-T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
-T-2/var/log/frontend-error.log
-T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log
-T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_backend_log
-T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log
-T-2/var/log/monitor-httpd-access.log
-T-2/var/log/monitor-httpd-error.log
-T-2/var/log/slave-introspection-access.log
-T-2/var/log/slave-introspection-error.log
-T-2/var/log/trafficserver/manager.log
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00cluster_request_instance_parameter_dict.txt
-[
-  {
-    "apache-certificate": "@@certificate_pem@@",
-    "apache-key": "@@key_pem@@",
-    "caucase_port": "15090",
-    "domain": "example.com",
-    "full_address_list": [],
-    "instance_title": "testing partition 0",
-    "ip_list": [
-      [
-        "T-0",
-        "@@_ipv4_address@@"
-      ],
-      [
-        "T-0",
-        "@@_ipv6_address@@"
-      ]
-    ],
-    "kedifa_port": "15080",
-    "mpm-graceful-shutdown-timeout": "2",
-    "plain_http_port": "11080",
-    "port": "11443",
-    "root_instance_title": "testing partition 0",
-    "slap_computer_id": "local",
-    "slap_computer_partition_id": "T-0",
-    "slap_software_release_url": "@@00getSoftwareURL@@",
-    "slap_software_type": "RootSoftwareInstance",
-    "slave_instance_list": [
-      {
-        "enable_cache": true,
-        "slap_software_type": "RootSoftwareInstance",
-        "slave_reference": "_ssl_from_master",
-        "slave_title": "_ssl_from_master",
-        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-      }
-    ],
-    "timestamp": "@@TIMESTAMP@@"
-  },
-  {
-    "_": {
-      "caucase_port": "15090",
-      "cluster-identification": "testing partition 0",
-      "kedifa_port": "15080",
-      "monitor-cors-domains": "monitor.app.officejs.com",
-      "monitor-httpd-port": "8402",
-      "monitor-password": "@@monitor-password@@",
-      "monitor-username": "admin",
-      "slave-list": [
-        {
-          "enable_cache": true,
-          "slave_reference": "_ssl_from_master",
-          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
-        }
-      ]
-    },
-    "full_address_list": [],
-    "instance_title": "kedifa",
-    "ip_list": [
-      [
-        "T-1",
-        "@@_ipv4_address@@"
-      ],
-      [
-        "T-1",
-        "@@_ipv6_address@@"
-      ]
-    ],
-    "root_instance_title": "testing partition 0",
-    "slap_computer_id": "local",
-    "slap_computer_partition_id": "T-1",
-    "slap_software_release_url": "@@00getSoftwareURL@@",
-    "slap_software_type": "kedifa",
-    "slave_instance_list": [],
-    "timestamp": "@@TIMESTAMP@@"
-  },
-  {
-    "_": {
-      "apache-certificate": "@@certificate_pem@@",
-      "apache-key": "@@key_pem@@",
-      "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
-      "cluster-identification": "testing partition 0",
-      "domain": "example.com",
-      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
-      "frontend-name": "caddy-frontend-1",
-      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
-      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
-      "monitor-cors-domains": "monitor.app.officejs.com",
-      "monitor-httpd-port": 8411,
-      "monitor-password": "@@monitor-password@@",
-      "monitor-username": "admin",
-      "mpm-graceful-shutdown-timeout": "2",
-      "plain_http_port": "11080",
-      "port": "11443",
-      "slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}"
-    },
-    "full_address_list": [],
-    "instance_title": "caddy-frontend-1",
-    "ip_list": [
-      [
-        "T-2",
-        "@@_ipv4_address@@"
-      ],
-      [
-        "T-2",
-        "@@_ipv6_address@@"
-      ]
-    ],
-    "root_instance_title": "testing partition 0",
-    "slap_computer_id": "local",
-    "slap_computer_partition_id": "T-2",
-    "slap_software_release_url": "@@00getSoftwareURL@@",
-    "slap_software_type": "single-custom-personal",
-    "slave_instance_list": [],
-    "timestamp": "@@TIMESTAMP@@"
-  }
-]
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_etc_cron_d.txt
-T-0/etc/cron.d/logrotate
-T-0/etc/cron.d/monitor-configurator
-T-0/etc/cron.d/monitor-globalstate
-T-0/etc/cron.d/monitor_collect
-T-1/etc/cron.d/logrotate
-T-1/etc/cron.d/monitor-configurator
-T-1/etc/cron.d/monitor-globalstate
-T-1/etc/cron.d/monitor_collect
-T-2/etc/cron.d/logrotate
-T-2/etc/cron.d/monitor-configurator
-T-2/etc/cron.d/monitor-globalstate
-T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin.txt
-T-0/etc/plugin/__init__.py
-T-0/etc/plugin/aibcc-sign-promise.py
-T-0/etc/plugin/aibcc-user-caucase-updater.py
-T-0/etc/plugin/aikc-sign-promise.py
-T-0/etc/plugin/aikc-user-caucase-updater.py
-T-0/etc/plugin/buildout-T-0-status.py
-T-0/etc/plugin/caucased-backend-client.py
-T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
-T-0/etc/plugin/check-free-disk-space.py
-T-0/etc/plugin/master-key-download-url-ready-promise.py
-T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
-T-0/etc/plugin/master-key-upload-url-ready-promise.py
-T-0/etc/plugin/monitor-bootstrap-status.py
-T-0/etc/plugin/monitor-http-frontend.py
-T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
-T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
-T-0/etc/plugin/rejected-slave.py
-T-1/etc/plugin/__init__.py
-T-1/etc/plugin/buildout-T-1-status.py
-T-1/etc/plugin/caucased.py
-T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr-ip-port-listening.py
-T-1/etc/plugin/kedifa-http-reply.py
-T-1/etc/plugin/monitor-bootstrap-status.py
-T-1/etc/plugin/monitor-http-frontend.py
-T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
-T-1/etc/plugin/promise-kedifa-auth-ready.py
-T-1/etc/plugin/promise-logrotate-setup.py
-T-2/etc/plugin/__init__.py
-T-2/etc/plugin/backend-client-caucase-updater.py
-T-2/etc/plugin/backend-haproxy-configuration.py
-T-2/etc/plugin/backend-haproxy-statistic-frontend.py
-T-2/etc/plugin/backend_haproxy_http.py
-T-2/etc/plugin/backend_haproxy_https.py
-T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caucase-updater.py
-T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
-T-2/etc/plugin/monitor-bootstrap-status.py
-T-2/etc/plugin/monitor-http-frontend.py
-T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
-T-2/etc/plugin/promise-key-download-url-ready.py
-T-2/etc/plugin/promise-logrotate-setup.py
-T-2/etc/plugin/re6st-connectivity.py
-T-2/etc/plugin/slave-introspection-configuration.py
-T-2/etc/plugin/slave_introspection_https.py
-T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_run.txt
-T-0/var/run/monitor-httpd.pid
-T-1/var/run/kedifa.pid
-T-1/var/run/monitor-httpd.pid
-T-2/var/run/backend-haproxy-rsyslogd.pid
-T-2/var/run/backend-haproxy.pid
-T-2/var/run/backend_haproxy_configuration_last_state
-T-2/var/run/backend_haproxy_graceful_configuration_state_signature
-T-2/var/run/bhlog.sck
-T-2/var/run/graceful_configuration_state_signature
-T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
-T-2/var/run/slave-introspection.pid
-T-2/var/run/slave_introspection_configuration_last_state
-T-2/var/run/slave_introspection_graceful_configuration_state_signature
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_supervisor_state.txt
-T-0:aibcc-user-caucase-updater-on-watch RUNNING
-T-0:aikc-user-caucase-updater-on-watch RUNNING
-T-0:bootstrap-monitor EXITED
-T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
-T-0:certificate_authority-{hash-generic}-on-watch RUNNING
-T-0:crond-{hash-generic}-on-watch RUNNING
-T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
-T-0:monitor-httpd-graceful EXITED
-T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
-T-1:bootstrap-monitor EXITED
-T-1:caucase-updater-on-watch RUNNING
-T-1:caucased-{hash-generic}-on-watch RUNNING
-T-1:certificate_authority-{hash-generic}-on-watch RUNNING
-T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr-{hash-generic}-on-watch RUNNING
-T-1:kedifa-{hash-generic}-on-watch RUNNING
-T-1:kedifa-reloader EXITED
-T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
-T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
-T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
-T-2:backend-haproxy-safe-graceful EXITED
-T-2:bootstrap-monitor EXITED
-T-2:certificate_authority-{hash-generic}-on-watch RUNNING
-T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
-T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
-T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
-T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
-T-2:monitor-httpd-graceful EXITED
-T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
-T-2:slave-introspection-safe-graceful EXITED
-T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.zz_test_file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.zz_test_file_list_log.txt
-T-0/var/log/monitor-httpd-access.log
-T-0/var/log/monitor-httpd-error.log
-T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr.log
-T-1/var/log/kedifa.log
-T-1/var/log/monitor-httpd-access.log
-T-1/var/log/monitor-httpd-error.log
-T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
-T-2/var/log/frontend-error.log
-T-2/var/log/httpd/_ssl_from_master_access_log
-T-2/var/log/httpd/_ssl_from_master_backend_log
-T-2/var/log/httpd/_ssl_from_master_error_log
-T-2/var/log/monitor-httpd-access.log
-T-2/var/log/monitor-httpd-error.log
-T-2/var/log/slave-introspection-access.log
-T-2/var/log/slave-introspection-error.log
-T-2/var/log/trafficserver/manager.log