Commit 5bcb5a7e by Łukasz Nowak

software/kvm: Simply fetch monitor password

publish-early does not work in this case, and monitor password is stored
in buildout elsewhere anyway.
1 parent 745285ea
......@@ -23,7 +23,7 @@ md5sum = 857237f3de9fb42da919a7164a355e4f
[template-kvm-cluster]
filename = instance-kvm-cluster.cfg.jinja2.in
md5sum = f8d00d8e18b6c1c32f8a7bffaee1cb30
md5sum = 69ed177fc30f9b5ca8ae497d840a888d
[template-kvm-resilient]
filename = instance-kvm-resilient.cfg.jinja2
......
......@@ -100,7 +100,7 @@ config-httpd-port = {{ dumps(kvm_parameter_dict.get('httpd-port', 8081)) }}
config-disable-ansible-promise = {{ dumps(kvm_parameter_dict.get('disable-ansible-promise', False)) }}
config-monitor-cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
config-monitor-username = ${monitor-instance-parameter:username}
config-monitor-password = ${publish-early:monitor-password}
config-monitor-password = ${monitor-htpasswd:passwd}
# Enable disk wipe options
{% if kvm_parameter_dict.get('wipe-disk-ondestroy', False) -%}
config-wipe-disk-ondestroy = True
......@@ -256,11 +256,6 @@ mode = {{ mode }}
{{ writefile('cluster-data-content', '${directory:webroot}/${hash-code:passwd}/data', slapparameter_dict.get('cluster-data', ''), '700') }}
{% endif -%}
[publish-early]
recipe = slapos.cookbook:publish-early
-init =
monitor-password monitor-htpasswd:passwd
[monitor-instance-parameter]
monitor-httpd-port = 8060
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
......
  • Is this sure to be OK ? From this commit: https://lab.node.vifib.com/nexedi/slapos/commit/8d4b54457112d96b8d7c834580a950829161a6cc it seems there was a problem with using simply the password

  • It works for me, in many cases. The publish early here, just does not work (kvm-cluster was not tested, is not working currently on master). Thanks for pointing this commit, I'll get deeper into this issue.

  • mentioned in commit 57b91f48

    Toggle commit list
  • For reference this is the error with this change reverted:

    INFO While:
    INFO  Installing.
    INFO  Getting section publish-connection-information.
    INFO  Initializing section publish-connection-information.
    INFO  Getting option publish-connection-information:kvm0-backend-url.
    INFO  Getting section request-KVM0.
    INFO  Initializing section request-KVM0.
    INFO  Getting option request-KVM0:config-monitor-username.
    INFO  Getting section monitor-instance-parameter.
    INFO  Initializing section monitor-instance-parameter.
    INFO  Getting option monitor-instance-parameter:monitor-base-url.
    INFO  Getting section monitor-frontend-promise.
    INFO  Initializing section monitor-frontend-promise.
    INFO  Getting option monitor-frontend-promise:config-url.
    INFO  Getting option monitor-frontend-promise:url.
    INFO  Getting section monitor-frontend.
    INFO  Initializing section monitor-frontend.
    INFO  Getting option monitor-frontend:config-url.
    INFO  Getting section monitor-httpd-conf-parameter.
    INFO  Initializing section monitor-httpd-conf-parameter.
    INFO  Getting option monitor-httpd-conf-parameter:htpasswd-file.
    INFO  Getting section httpd-monitor-htpasswd.
    INFO  Initializing section httpd-monitor-htpasswd.
    INFO  Getting option httpd-monitor-htpasswd:command.
    INFO  Getting option monitor-instance-parameter:password.
    INFO Error: Referenced option does not exist: monitor-htpasswd passwd
    
  • Is this sure to be OK ? From this commit: https://lab.node.vifib.com/nexedi/slapos/commit/8d4b54457112d96b8d7c834580a950829161a6cc it seems there was a problem with using simply the password

    So it works without publish-early this in caddy-frontend in same situation in [replicate] section. Frankly I saw only such usage provided in nexedi/slapos!370, other SRs, like software/neoppod/root-common.cfg.in just directly pass the password. I belive that some recent changes in stack/monitor made simple access possible.

    I'll add test that the password access to monitor works as expected, so this shall conclude that it works.

  • could you give access to your repo to @alain.takoudjou so that he can confirm this ?

    Also if the test is working fine, I'm OK to merge !

  • could you give access to your repo to @alain.takoudjou so that he can confirm this ?

    Bizarre, that he has no access. I added nexedi group as reporter.

    Also if the test is working fine, I'm OK to merge !

    I am improving the test now, to cover all cases, lets see.

  • It sometime happen that buildout reinstall the section monitor-htpasswd which change published password (the problem is present in some webrunner resilient or kvm resilient). The password should not change after it's generated. The change to publish-early was to fix that problem, to always use and publish the good password to user.

    I belive that some recent changes in stack/monitor made simple access possible.

    Nothing changed in monitor stack, simple access to password is possible but will be simply unstable.

  • publish-early does not work in this case

    I don't see why publish-early is not working in the case of kvm cluster

  • I don't see why publish-early is not working in the case of kvm cluster

    Also I see it does not work in other SRs.

    So my fix is wrong here, thank you for explaining. Are you sure that resilient webrunner which uses publish-early is possible to instantiate now?

Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!