Commit a039c8cf authored by Łukasz Nowak's avatar Łukasz Nowak

rapid-cdn: Handle correctly wildcard domains

While generating haproxy configuration (including it's CRT list) the specific
order of entries is used, so that wildcard domains end up last. Thanks to this
they work as a catch-all and allow specific domain to take precedence. Care
is taken to support *.example.example.com and *.example.com situation - so
tree like possibility of wildcards.

Anonymous in-place ACL are used per each domain, instead of per-shared
instance grouping in order to avoid situation like *.example.com and
example.com having single ACL, thus resulting with catch-all kicking in too
fast.

For the precision in the haproxy configuration and simplifcation of the regular
expressions the -m reg is used, so that host_only can be applied, which also
lowercases the hostname.

Notes:
 * test00cluster_request_instance_parameter_dict changed due to sorting slaves
   in test's requestSlaves
 * the test infrastructure has been improved to assure repetition of the
   situation
 * tests in TestSlaveHostHaproxyClash are asserting that correct domain AND
   that specific certificate have been used while serving given frontend
   configuration
parent cfd38dbe
Pipeline #30253 passed with stage
in 0 seconds
...@@ -30,7 +30,7 @@ md5sum = 3006197ddce87bd92866b76b5ce8ce08 ...@@ -30,7 +30,7 @@ md5sum = 3006197ddce87bd92866b76b5ce8ce08
[profile-slave-list] [profile-slave-list]
filename = instance-slave-list.cfg.in filename = instance-slave-list.cfg.in
md5sum = 8289620cb32dbdfcca6ba112c7ec7b2b md5sum = b75e42233c1b7bdd5f21971ed8907efc
[profile-master-publish-slave-information] [profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in filename = instance-master-publish-slave-information.cfg.in
...@@ -38,11 +38,11 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181 ...@@ -38,11 +38,11 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-frontend-haproxy-configuration] [template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in _update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = eef9712c6fe4d62b570b9059157c67ea md5sum = fc68a825c656bde0ae69a936936b0478
[template-frontend-haproxy-crt-list] [template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in _update_hash_filename_ = templates/frontend-haproxy-crt-list.in
md5sum = 238760d48d2875f087ad2d784e2a8fcd md5sum = 2f3f75773eb879b97d1ff5e04486591c
[template-not-found-html] [template-not-found-html]
_update_hash_filename_ = templates/notfound.html _update_hash_filename_ = templates/notfound.html
...@@ -50,7 +50,7 @@ md5sum = d56e2cfab274cbbbe5b387f2f6e417df ...@@ -50,7 +50,7 @@ md5sum = d56e2cfab274cbbbe5b387f2f6e417df
[template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in _update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = b4b55d931249f11e4e1256afeb74b503 md5sum = 6457064905f818f21e3733eb4278a580
[template-empty] [template-empty]
_update_hash_filename_ = templates/empty.in _update_hash_filename_ = templates/empty.in
......
{%- set kedifa_updater_mapping = [] %} {%- set kedifa_updater_mapping = [] %}
{%- set cached_server_dict = {} %} {%- set cached_server_dict = {} %}
{%- set backend_slave_list = [] %} {%- set backend_slave_dict = {} %}
{%- set frontend_slave_list = [] %} {%- set frontend_slave_dict = {} %}
{%- set part_list = [] %} {%- set part_list = [] %}
{%- set cache_port = frontend_haproxy_configuration.get('cache-port') %} {%- set cache_port = frontend_haproxy_configuration.get('cache-port') %}
{%- set cache_access = "http://%s:%s/HTTP" % (instance_parameter_dict['ipv4-random'], cache_port) %} {%- set cache_access = "http://%s:%s/HTTP" % (instance_parameter_dict['ipv4-random'], cache_port) %}
...@@ -228,7 +228,8 @@ context = ...@@ -228,7 +228,8 @@ context =
{%- do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %} {%- do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{%- do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %} {%- do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{%- do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %} {%- do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{%- set host_list = slave_instance.get('server-alias', '').split() %} {%- do slave_instance.__setitem__('server-alias', slave_instance.get('server-alias', '').split()) %}
{%- set host_list = slave_instance['server-alias'] %}
{%- if slave_instance.get('custom_domain') not in host_list %} {%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %} {%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %} {%- endif %}
...@@ -385,9 +386,9 @@ local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }} ...@@ -385,9 +386,9 @@ local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
{#- ############################### #} {#- ############################### #}
{#- Prepare Slave Information #} {#- Prepare Slave Information #}
{%- do slave_instance_information_list.append(slave_publish_dict) %} {%- do slave_instance_information_list.append(slave_publish_dict) %}
{%- do frontend_slave_list.append(slave_instance) %} {%- do frontend_slave_dict.__setitem__(slave_instance['slave_reference'], slave_instance) %}
{%- if slave_type != 'redirect' %} {%- if slave_type != 'redirect' %}
{%- do backend_slave_list.append(slave_instance) %} {%- do backend_slave_dict.__setitem__(slave_instance['slave_reference'], slave_instance) %}
{%- endif %} {%- endif %}
{%- endfor %} {# Slave iteration ends for slave_instance in slave_instance_list #} {%- endfor %} {# Slave iteration ends for slave_instance in slave_instance_list #}
...@@ -477,14 +478,30 @@ output = ${:file} ...@@ -477,14 +478,30 @@ output = ${:file}
##<Frontend haproxy> ##<Frontend haproxy>
[frontend-haproxy-slave-list] [frontend-haproxy-slave-list]
list = {{ dumps(sorted(frontend_slave_list, key=operator_module.itemgetter('slave_reference'))) }} dict = {{ dumps(frontend_slave_dict) }}
{%- set slave_instance_hostname_frontend_order = [] %}
{%- for slave_instance in frontend_slave_dict.values() %}
{%- for hostname in slave_instance['host_list'] %}
{%- if '*' in hostname %}
{%- set order_value = hostname.count('.') %}
{%- else %}
{%- set order_value = 1000 %}
{%- endif %}
{%- do slave_instance_hostname_frontend_order.append({
'index': order_value,
'hostname': hostname,
'slave_reference': slave_instance['slave_reference']}) %}
{%- endfor %}
{%- endfor %}
order = {{ dumps(slave_instance_hostname_frontend_order) }}
[frontend-haproxy-crt-list] [frontend-haproxy-crt-list]
<= jinja2-template-base <= jinja2-template-base
template = {{ template_frontend_haproxy_crt_list }} template = {{ template_frontend_haproxy_crt_list }}
rendered = ${frontend-haproxy-config:crt-list} rendered = ${frontend-haproxy-config:crt-list}
extra-context = extra-context =
key frontend_slave_list frontend-haproxy-slave-list:list key frontend_slave_dict frontend-haproxy-slave-list:dict
key frontend_slave_order frontend-haproxy-slave-list:order
section configuration frontend-haproxy-config section configuration frontend-haproxy-config
[frontend-haproxy-configuration] [frontend-haproxy-configuration]
...@@ -492,7 +509,8 @@ extra-context = ...@@ -492,7 +509,8 @@ extra-context =
template = {{ template_frontend_haproxy_configuration }} template = {{ template_frontend_haproxy_configuration }}
rendered = ${frontend-haproxy-config:file} rendered = ${frontend-haproxy-config:file}
extra-context = extra-context =
key frontend_slave_list frontend-haproxy-slave-list:list key frontend_slave_dict frontend-haproxy-slave-list:dict
key frontend_slave_order frontend-haproxy-slave-list:order
key crt_list frontend-haproxy-crt-list:rendered key crt_list frontend-haproxy-crt-list:rendered
section configuration frontend-haproxy-config section configuration frontend-haproxy-config
...@@ -512,9 +530,25 @@ autocert-directory = {{ frontend_directory['autocert'] }} ...@@ -512,9 +530,25 @@ autocert-directory = {{ frontend_directory['autocert'] }}
< = jinja2-template-base < = jinja2-template-base
url = {{ template_backend_haproxy_configuration }} url = {{ template_backend_haproxy_configuration }}
output = ${backend-haproxy-config:file} output = ${backend-haproxy-config:file}
backend_slave_list = {{ dumps(sorted(backend_slave_list, key=operator_module.itemgetter('slave_reference'))) }} backend_slave_dict = {{ dumps(backend_slave_dict) }}
{%- set slave_instance_hostname_backend_order = [] %}
{%- for slave_instance in backend_slave_dict.values() %}
{%- for hostname in slave_instance['host_list'] %}
{%- if '*' in hostname %}
{%- set order_value = hostname.count('.') %}
{%- else %}
{%- set order_value = 1000 %}
{%- endif %}
{%- do slave_instance_hostname_backend_order.append({
'index': order_value,
'hostname': hostname,
'slave_reference': slave_instance['slave_reference']}) %}
{%- endfor %}
{%- endfor %}
order = {{ dumps(slave_instance_hostname_backend_order) }}
extra-context = extra-context =
key backend_slave_list :backend_slave_list key backend_slave_dict :backend_slave_dict
key backend_slave_order :order
section configuration backend-haproxy-config section configuration backend-haproxy-config
[backend-haproxy-config] [backend-haproxy-config]
......
...@@ -17,30 +17,20 @@ defaults ...@@ -17,30 +17,20 @@ defaults
default-server init-addr last,libc,none default-server init-addr last,libc,none
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'http_backend', 'https': 'https_backend'} %} {%- set SCHEME_PREFIX_MAPPING = { 'http': 'http_backend', 'https': 'https_backend'} %}
{%- macro frontend_entry(slave_instance, scheme, wildcard) %} {%- macro frontend_entry(slave_reference, hostname, slave_instance, scheme) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
{%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %} {%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
{%- set matched = {'count': 0} %} {%- if hostname.startswith('*') %}
{%- for host in slave_instance['host_list'] %} {%- set matcher = '' ~ hostname[2:] ~ '$' %}
{#- Match up to the end or optional port (starting with ':') #} {%- else %}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #} {%- set matcher = '^' ~ hostname ~ '$' %}
{%- if wildcard and host.startswith('*.') %} {%- endif %}
{%- do matched.__setitem__('count', matched['count'] + 1) %} {%- set acl = '{ req.hdr(host),host_only -m reg ' ~ matcher ~ ' }' %}
# match wildcard {{ host }} {%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['health-check-failover-hostname'] %}
acl is_{{ slave_instance['slave_reference'] }}_{{ scheme }} hdr_reg(host) -i {{ host[2:] }}($|:.*) acl is_failover_{{ slave_reference }}_{{ scheme }} nbsrv({{ slave_reference }}-{{ scheme }}) eq 0
{%- elif not wildcard and not host.startswith('*.') %} use_backend {{ slave_reference }}-{{ scheme }} if {{ acl }} ! is_failover_{{ slave_reference }}_{{ scheme }}
{%- do matched.__setitem__('count', matched['count'] + 1) %} use_backend {{ slave_reference }}-{{ scheme }}-failover if {{ acl }} is_failover_{{ slave_reference }}_{{ scheme }}
acl is_{{ slave_instance['slave_reference'] }}_{{ scheme }} hdr_reg(host) -i ^{{ host }}($|:.*) {%- else %}
{%- endif %} use_backend {{ slave_reference }}-{{ scheme }} if {{ acl }}
{%- endfor %}
{%- if matched['count'] > 0 %}
{%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['health-check-failover-hostname'] %}
acl is_failover_{{ slave_instance['slave_reference'] }}_{{ scheme }} nbsrv({{ slave_instance['slave_reference'] }}-{{ scheme }}) eq 0
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}_{{ scheme }} ! is_failover_{{ slave_instance['slave_reference'] }}_{{ scheme }}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover if is_{{ slave_instance['slave_reference'] }}_{{ scheme }} is_failover_{{ slave_instance['slave_reference'] }}_{{ scheme }}
{%- else %}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}_{{ scheme }}
{%- endif %}
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
{%- endmacro %} {%- endmacro %}
...@@ -62,11 +52,8 @@ frontend http-backend ...@@ -62,11 +52,8 @@ frontend http-backend
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}" http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date # setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found } http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%} {%- for entry in backend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{ frontend_entry(slave_instance, 'http', False) }} {{- frontend_entry(entry['slave_reference'], entry['hostname'], backend_slave_dict[entry['slave_reference']], 'http') -}}
{%- endfor %}
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', True) }}
{%- endfor %} {%- endfor %}
frontend https-backend frontend https-backend
...@@ -75,14 +62,12 @@ frontend https-backend ...@@ -75,14 +62,12 @@ frontend https-backend
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}" http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date # setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found } http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%} {%- for entry in backend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{ frontend_entry(slave_instance, 'https', False) }} {{- frontend_entry(entry['slave_reference'], entry['hostname'], backend_slave_dict[entry['slave_reference']], 'https') -}}
{%- endfor %} {%- endfor %}
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }}
{% endfor %}
{%- for slave_instance in backend_slave_list %} {%- for slave_reference in sorted(backend_slave_dict) %}
{%- set slave_instance = backend_slave_dict[slave_reference] %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %} {%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance[prefix] %} {%- set info_dict = slave_instance[prefix] %}
{%- if info_dict['hostname'] and info_dict['port'] %} {%- if info_dict['hostname'] and info_dict['port'] %}
......
{%- for slave in frontend_slave_list %} {%- for entry in frontend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{%- set slave = frontend_slave_dict[entry['slave_reference']] %}
{%- set entry_list = [] %} {%- set entry_list = [] %}
{%- set sslbindconf = [] %} {%- set sslbindconf = [] %}
{#- <crtfile> #} {#- <crtfile> #}
...@@ -9,7 +10,7 @@ ...@@ -9,7 +10,7 @@
{%- do sslbindconf.append(slave['alpn']) %} {%- do sslbindconf.append(slave['alpn']) %}
{%- do entry_list.append('[' + ' '.join(sslbindconf) + ']') %} {%- do entry_list.append('[' + ' '.join(sslbindconf) + ']') %}
{#- <snifilter> #} {#- <snifilter> #}
{%- do entry_list.extend(slave['host_list']) %} {%- do entry_list.append(entry['hostname']) %}
{{- ' '.join(entry_list) }} {{- ' '.join(entry_list) }}
{% endfor -%} {% endfor -%}
# Fallback to default certificate # Fallback to default certificate
......
...@@ -23,30 +23,14 @@ defaults ...@@ -23,30 +23,14 @@ defaults
default-server init-addr last,libc,none default-server init-addr last,libc,none
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'backend-http-info', 'https': 'backend-https-info'} %} {%- set SCHEME_PREFIX_MAPPING = { 'http': 'backend-http-info', 'https': 'backend-https-info'} %}
{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #} {%- macro frontend_entry(slave_reference, hostname, scheme) %}
{#- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] #} {%- if hostname.startswith('*') %}
{%- set host_list = (slave_instance.get('server-alias') or '').split() %} {%- set matcher = hostname[2:] %}
{%- if slave_instance.get('custom_domain') not in host_list %} {%- else %}
{%- do host_list.append(slave_instance.get('custom_domain')) %} {%- set matcher = '^' ~ hostname %}
{%- endif %} {%- endif %}
{%- set matched = {'count': 0} %} use_backend {{ slave_reference }}-{{ scheme }} if { req.hdr(host),host_only -m reg {{ matcher }}$ }
{%- for host in host_list %}
{#- Match up to the end or optional port (starting with ':') #}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
{%- if wildcard and host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
# match wildcard {{ host }}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
{%- elif not wildcard and not host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
{%- endif %}
{%- endfor %}
{%- if matched['count'] > 0 %}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
{%- endif %}
{#- endif #}
{%- endmacro %} {%- endmacro %}
{%- macro frontend_common() %} {%- macro frontend_common() %}
...@@ -68,11 +52,8 @@ frontend http-frontend ...@@ -68,11 +52,8 @@ frontend http-frontend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }} bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
bind {{ configuration['global-ipv6'] }}:{{ configuration['http-port'] }} bind {{ configuration['global-ipv6'] }}:{{ configuration['http-port'] }}
{{ frontend_common() }} {{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%} {%- for entry in frontend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{ frontend_entry(slave_instance, 'http', False) }} {{- frontend_entry(entry['slave_reference'], entry['hostname'], 'http') -}}
{%- endfor %}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', True) }}
{%- endfor %} {%- endfor %}
default_backend BACKEND_NOT_FOUND default_backend BACKEND_NOT_FOUND
...@@ -84,16 +65,14 @@ frontend https-frontend ...@@ -84,16 +65,14 @@ frontend https-frontend
bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3 bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
{%- endif %} {%- endif %}
{{ frontend_common() }} {{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%} {%- for entry in frontend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{ frontend_entry(slave_instance, 'https', False) }} {{- frontend_entry(entry['slave_reference'], entry['hostname'], 'https') -}}
{%- endfor %}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }}
{%- endfor %} {%- endfor %}
default_backend BACKEND_NOT_FOUND default_backend BACKEND_NOT_FOUND
# Backends # Backends
{%- for slave_instance in frontend_slave_list %} {%- for slave_reference in sorted(frontend_slave_dict) %}
{%- set slave_instance = frontend_slave_dict[slave_reference] %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %} {%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %} {%- set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %}
backend {{ slave_instance['slave_reference'] }}-{{ scheme }} backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
...@@ -189,7 +168,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }} ...@@ -189,7 +168,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- endif %} {# if 'hostname' in info_dict and 'port' in info_dict #} {%- endif %} {# if 'hostname' in info_dict and 'port' in info_dict #}
{%- endif %} {# if scheme == 'http' and slave_instance['https-only'] #} {%- endif %} {# if scheme == 'http' and slave_instance['https-only'] #}
{%- endfor %} {# for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() #} {%- endfor %} {# for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() #}
{%- endfor %} {# for slave_instance in frontend_slave_list #} {%- endfor %} {# for slave_reference in sorted(frontend_slave_dict) #}
backend BACKEND_NOT_FOUND backend BACKEND_NOT_FOUND
{#- a bit hacky but working way to provide default CDN's 404 #} {#- a bit hacky but working way to provide default CDN's 404 #}
......
...@@ -1292,7 +1292,9 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -1292,7 +1292,9 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
@classmethod @classmethod
def requestSlaves(cls): def requestSlaves(cls):
for slave_reference, partition_parameter_kw in list( # Note: List is sorted here, so that tests which want slaves
# ordered by their slave_reference are stable
for slave_reference, partition_parameter_kw in sorted(
cls.getSlaveParameterDictDict().items()): cls.getSlaveParameterDictDict().items()):
software_url = cls.getSoftwareURL() software_url = cls.getSoftwareURL()
software_type = cls.getInstanceSoftwareType() software_type = cls.getInstanceSoftwareType()
...@@ -6577,49 +6579,83 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -6577,49 +6579,83 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod @classmethod
def getSlaveParameterDictDict(cls): def getSlaveParameterDictDict(cls):
# Note: The slaves are specifically constructed to have an order which # Note: Slave list is ordered by it's reference, so that requestSlaves
# is triggering the problem. Slave list is sorted in many places, # will result in an order, which will hit the bugs covered here:
# and such slave configuration will result with them begin seen # * the most wildcard domain is requested first
# by backend haproxy configuration in exactly the way seen below # * then the more specific wildcard comes
# Ordering it here will not help at all. # * in the end specific slaves are there
return { return {
'wildcard': { '01wildcard': {
'url': cls.backend_url + 'wildcard', 'url': cls.backend_url + '01wildcard',
'custom_domain': '*.example.com',
'server-alias': 'example.com',
},
'02wildcard': {
'url': cls.backend_url + '02wildcard',
'custom_domain': '*.alias1.example.com', 'custom_domain': '*.alias1.example.com',
'server-alias': 'alias1.example.com',
},
'03zspecific': {
'url': cls.backend_url + '03zspecific',
'custom_domain': 'zspecific.example.com',
}, },
'zspecific': { '04zspecific': {
'url': cls.backend_url + 'zspecific', 'url': cls.backend_url + '04zspecific',
'custom_domain': 'zspecific.alias1.example.com', 'custom_domain': 'zspecific.alias1.example.com',
}, },
} }
def test(self): def test(self):
_, wildcard_key, _, wildcard_crt = createSelfSignedCertificate([
'*.example.com'])
_, wildcard_alias1_key, _, wildcard_alias1_crt = \
createSelfSignedCertificate([
'*.alias1.example.com'])
_, zspecific_key, _, zspecific_crt = createSelfSignedCertificate([
'zspecific.example.com'])
_, zspecific_alias1_key, _, zspecific_alias1_crt = \
createSelfSignedCertificate([
'zspecific.alias1.example.com'])
def uploadCertificate(key, certificate):
auth = mimikra.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate + key
upload = mimikra.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.assertSlaveBase( self.assertSlaveBase(
'wildcard', hostname='*.alias1') '01wildcard', hostname='*')
uploadCertificate(wildcard_key, wildcard_crt)
self.assertSlaveBase( self.assertSlaveBase(
'zspecific', hostname='zspecific.alias1') '02wildcard', hostname='*.alias1')
uploadCertificate(wildcard_alias1_key, wildcard_alias1_crt)
result_wildcard = fakeHTTPSResult( self.assertSlaveBase(
'other.alias1.example.com', '03zspecific', hostname='zspecific')
'test-path', uploadCertificate(zspecific_key, zspecific_crt)
headers={ self.assertSlaveBase(
'Timeout': '10', # more than default backend-connect-timeout == 5 '04zspecific', hostname='zspecific.alias1')
'Accept-Encoding': 'gzip', uploadCertificate(zspecific_alias1_key, zspecific_alias1_crt)
} self.runKedifaUpdater()
)
self.assertEqual(self.certificate_pem, result_wildcard.certificate)
self.assertEqualResultJson(result_wildcard, 'Path', '/wildcard/test-path')
result_specific = fakeHTTPSResult( def assertResult(hostname, path, certificate):
'zspecific.alias1.example.com', result_wildcard = fakeHTTPSResult(
'test-path', hostname,
headers={ 'test-path',
'Timeout': '10', # more than default backend-connect-timeout == 5 )
'Accept-Encoding': 'gzip', self.assertEqual(certificate, result_wildcard.certificate)
} self.assertEqualResultJson(
) result_wildcard, 'Path', '/%s/test-path' % (path,))
self.assertEqual(self.certificate_pem, result_specific.certificate) assertResult('www.example.com', '01wildcard', wildcard_crt)
self.assertEqualResultJson(result_specific, 'Path', '/zspecific/test-path') assertResult('www.alias1.example.com', '02wildcard', wildcard_alias1_crt)
assertResult('zspecific.example.com', '03zspecific', zspecific_crt)
assertResult(
'zspecific.alias1.example.com', '04zspecific', zspecific_alias1_crt)
class TestPassedRequestParameter(HttpFrontendTestCase): class TestPassedRequestParameter(HttpFrontendTestCase):
......
...@@ -14,19 +14,6 @@ ...@@ -14,19 +14,6 @@
"slap_software_release_url": "@@00getSoftwareURL@@", "slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [ "slave_instance_list": [
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-disabled",
"slave_title": "_health-check-disabled",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"health-check": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-default",
"slave_title": "_health-check-default",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{ {
"health-check": true, "health-check": true,
"health-check-http-method": "CONNECT", "health-check-http-method": "CONNECT",
...@@ -49,6 +36,19 @@ ...@@ -49,6 +36,19 @@
"slave_title": "_health-check-custom", "slave_title": "_health-check-custom",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}, },
{
"health-check": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-default",
"slave_title": "_health-check-default",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-disabled",
"slave_title": "_health-check-disabled",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{ {
"enable_cache": true, "enable_cache": true,
"health-check": true, "health-check": true,
...@@ -66,32 +66,32 @@ ...@@ -66,32 +66,32 @@
}, },
{ {
"health-check": true, "health-check": true,
"health-check-failover-https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=", "health-check-authenticate-to-failover-backend": true,
"health-check-failover-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=", "health-check-failover-https-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=",
"health-check-failover-url-netloc-list": "@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@", "health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=",
"health-check-http-path": "/health-check-failover-url", "health-check-http-path": "/health-check-failover-url-auth-to-backend",
"health-check-interval": 1, "health-check-interval": 1,
"health-check-timeout": 1, "health-check-timeout": 1,
"https-only": false, "https-only": false,
"https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/https-url", "https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/https-url",
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-netloc-list", "slave_reference": "_health-check-failover-url-auth-to-backend",
"slave_title": "_health-check-failover-url-netloc-list", "slave_title": "_health-check-failover-url-auth-to-backend",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/url" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/url"
}, },
{ {
"health-check": true, "health-check": true,
"health-check-authenticate-to-failover-backend": true, "health-check-failover-https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=",
"health-check-failover-https-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=", "health-check-failover-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=",
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=", "health-check-failover-url-netloc-list": "@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@",
"health-check-http-path": "/health-check-failover-url-auth-to-backend", "health-check-http-path": "/health-check-failover-url",
"health-check-interval": 1, "health-check-interval": 1,
"health-check-timeout": 1, "health-check-timeout": 1,
"https-only": false, "https-only": false,
"https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/https-url", "https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/https-url",
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-auth-to-backend", "slave_reference": "_health-check-failover-url-netloc-list",
"slave_title": "_health-check-failover-url-auth-to-backend", "slave_title": "_health-check-failover-url-netloc-list",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/url" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/url"
}, },
{ {
...@@ -109,27 +109,27 @@ ...@@ -109,27 +109,27 @@
}, },
{ {
"health-check": true, "health-check": true,
"health-check-failover-ssl-proxy-ca-crt": "@@another_server_ca.certificate_pem@@",
"health-check-failover-ssl-proxy-verify": true, "health-check-failover-ssl-proxy-verify": true,
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_port@@/", "health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_port@@/",
"health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-unverified", "health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-missing",
"health-check-interval": 1, "health-check-interval": 1,
"health-check-timeout": 1, "health-check-timeout": 1,
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-ssl-proxy-verify-unverified", "slave_reference": "_health-check-failover-url-ssl-proxy-verify-missing",
"slave_title": "_health-check-failover-url-ssl-proxy-verify-unverified", "slave_title": "_health-check-failover-url-ssl-proxy-verify-missing",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}, },
{ {
"health-check": true, "health-check": true,
"health-check-failover-ssl-proxy-ca-crt": "@@another_server_ca.certificate_pem@@",
"health-check-failover-ssl-proxy-verify": true, "health-check-failover-ssl-proxy-verify": true,
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_port@@/", "health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_port@@/",
"health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-missing", "health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-unverified",
"health-check-interval": 1, "health-check-interval": 1,
"health-check-timeout": 1, "health-check-timeout": 1,
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-ssl-proxy-verify-missing", "slave_reference": "_health-check-failover-url-ssl-proxy-verify-unverified",
"slave_title": "_health-check-failover-url-ssl-proxy-verify-missing", "slave_title": "_health-check-failover-url-ssl-proxy-verify-unverified",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
} }
], ],
......
...@@ -14,19 +14,35 @@ ...@@ -14,19 +14,35 @@
"slap_software_release_url": "@@00getSoftwareURL@@", "slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [ "slave_instance_list": [
{
"custom_domain": "*.example.com",
"server-alias": "example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_01wildcard",
"slave_title": "_01wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard"
},
{ {
"custom_domain": "*.alias1.example.com", "custom_domain": "*.alias1.example.com",
"server-alias": "alias1.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_02wildcard",
"slave_title": "_02wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard"
},
{
"custom_domain": "zspecific.example.com",
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_wildcard", "slave_reference": "_03zspecific",
"slave_title": "_wildcard", "slave_title": "_03zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/wildcard" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific"
}, },
{ {
"custom_domain": "zspecific.alias1.example.com", "custom_domain": "zspecific.alias1.example.com",
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_zspecific", "slave_reference": "_04zspecific",
"slave_title": "_zspecific", "slave_title": "_04zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/zspecific" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific"
} }
], ],
"timestamp": "@@TIMESTAMP@@" "timestamp": "@@TIMESTAMP@@"
...@@ -41,15 +57,27 @@ ...@@ -41,15 +57,27 @@
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"slave-list": [ "slave-list": [
{
"custom_domain": "*.example.com",
"server-alias": "example.com",
"slave_reference": "_01wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard"
},
{ {
"custom_domain": "*.alias1.example.com", "custom_domain": "*.alias1.example.com",
"slave_reference": "_wildcard", "server-alias": "alias1.example.com",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/wildcard" "slave_reference": "_02wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard"
},
{
"custom_domain": "zspecific.example.com",
"slave_reference": "_03zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific"
}, },
{ {
"custom_domain": "zspecific.alias1.example.com", "custom_domain": "zspecific.alias1.example.com",
"slave_reference": "_zspecific", "slave_reference": "_04zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/zspecific" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific"
} }
] ]
}, },
...@@ -69,7 +97,7 @@ ...@@ -69,7 +97,7 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"enable-http3": "false", "enable-http3": "false",
"extra_slave_instance_list": "[{\"custom_domain\": \"*.alias1.example.com\", \"slave_reference\": \"_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/wildcard\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/zspecific\"}]", "extra_slave_instance_list": "[{\"custom_domain\": \"*.example.com\", \"server-alias\": \"example.com\", \"slave_reference\": \"_01wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard\"}, {\"custom_domain\": \"*.alias1.example.com\", \"server-alias\": \"alias1.example.com\", \"slave_reference\": \"_02wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard\"}, {\"custom_domain\": \"zspecific.example.com\", \"slave_reference\": \"_03zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_04zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific\"}]",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"http3-port": "443", "http3-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
...@@ -81,7 +109,7 @@ ...@@ -81,7 +109,7 @@
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"request-timeout": "12", "request-timeout": "12",
"slave-kedifa-information": "{\"_wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@wildcard_key-generate-auth-url@@/@@wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@wildcard_key-generate-auth-url@@?auth=\"}, \"_zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@zspecific_key-generate-auth-url@@/@@wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@zspecific_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_01wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@?auth=\"}, \"_02wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@?auth=\"}, \"_03zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@?auth=\"}, \"_04zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@?auth=\"}}"
}, },
"full_address_list": [], "full_address_list": [],
"instance_title": "caddy-frontend-1", "instance_title": "caddy-frontend-1",
......
...@@ -8,12 +8,18 @@ T-1/var/log/monitor-httpd-error.log ...@@ -8,12 +8,18 @@ T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-haproxy.log T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_wildcard_access_log T-2/var/log/httpd/_01wildcard_access_log
T-2/var/log/httpd/_wildcard_backend_log T-2/var/log/httpd/_01wildcard_backend_log
T-2/var/log/httpd/_wildcard_frontend_log T-2/var/log/httpd/_01wildcard_frontend_log
T-2/var/log/httpd/_zspecific_access_log T-2/var/log/httpd/_02wildcard_access_log
T-2/var/log/httpd/_zspecific_backend_log T-2/var/log/httpd/_02wildcard_backend_log
T-2/var/log/httpd/_zspecific_frontend_log T-2/var/log/httpd/_02wildcard_frontend_log
T-2/var/log/httpd/_03zspecific_access_log
T-2/var/log/httpd/_03zspecific_backend_log
T-2/var/log/httpd/_03zspecific_frontend_log
T-2/var/log/httpd/_04zspecific_access_log
T-2/var/log/httpd/_04zspecific_backend_log
T-2/var/log/httpd/_04zspecific_frontend_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -15,35 +15,6 @@ ...@@ -15,35 +15,6 @@
"slap_software_release_url": "@@00getSoftwareURL@@", "slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [ "slave_instance_list": [
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master",
"slave_title": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master_kedifa_overrides",
"slave_title": "_ssl_from_master_kedifa_overrides",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave",
"slave_title": "_ssl_from_slave",
"ssl_crt": "@@ssl_from_slave_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave_kedifa_overrides",
"slave_title": "_ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{ {
"custom_domain": "customdomainsslcrtsslkey.example.com", "custom_domain": "customdomainsslcrtsslkey.example.com",
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
...@@ -63,6 +34,15 @@ ...@@ -63,6 +34,15 @@
"ssl_key": "@@customdomain_ca_key_pem@@", "ssl_key": "@@customdomain_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}, },
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_does_not_match",
"slave_title": "_ssl_ca_crt_does_not_match",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@certificate_pem@@",
"ssl_key": "@@key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{ {
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_garbage", "slave_reference": "_ssl_ca_crt_garbage",
...@@ -73,12 +53,32 @@ ...@@ -73,12 +53,32 @@
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}, },
{ {
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_does_not_match", "slave_reference": "_ssl_from_master",
"slave_title": "_ssl_ca_crt_does_not_match", "slave_title": "_ssl_from_master",
"ssl_ca_crt": "@@ca.certificate_pem@@", "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
"ssl_crt": "@@certificate_pem@@", },
"ssl_key": "@@key_pem@@", {
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master_kedifa_overrides",
"slave_title": "_ssl_from_master_kedifa_overrides",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave",
"slave_title": "_ssl_from_slave",
"ssl_crt": "@@ssl_from_slave_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave_kedifa_overrides",
"slave_title": "_ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}, },
{ {
...@@ -90,17 +90,17 @@ ...@@ -90,17 +90,17 @@
}, },
{ {
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_slave", "slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
"slave_title": "_type-notebook-ssl_from_slave", "slave_title": "_type-notebook-ssl_from_master_kedifa_overrides",
"ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
"type": "notebook", "type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}, },
{ {
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides", "slave_reference": "_type-notebook-ssl_from_slave",
"slave_title": "_type-notebook-ssl_from_master_kedifa_overrides", "slave_title": "_type-notebook-ssl_from_slave",
"ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
"type": "notebook", "type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/" "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}, },
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment