software/kvm: Simply fetch monitor password

publish-early does not work in this case, and monitor password is stored
in buildout elsewhere anyway.

software/kvm/buildout.hash.cfg

@@ -23,7 +23,7 @@ md5sum = 857237f3de9fb42da919a7164a355e4f
 
 [template-kvm-cluster]
 filename = instance-kvm-cluster.cfg.jinja2.in
-md5sum = f8d00d8e18b6c1c32f8a7bffaee1cb30
+md5sum = 69ed177fc30f9b5ca8ae497d840a888d
 
 [template-kvm-resilient]
 filename = instance-kvm-resilient.cfg.jinja2

software/kvm/instance-kvm-cluster.cfg.jinja2.in

@@ -100,7 +100,7 @@ config-httpd-port = {{ dumps(kvm_parameter_dict.get('httpd-port', 8081)) }}
 config-disable-ansible-promise = {{ dumps(kvm_parameter_dict.get('disable-ansible-promise', False)) }}
 config-monitor-cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
 config-monitor-username = ${monitor-instance-parameter:username}
-config-monitor-password = ${publish-early:monitor-password}
+config-monitor-password = ${monitor-htpasswd:passwd}
 # Enable disk wipe options
 {% if kvm_parameter_dict.get('wipe-disk-ondestroy', False) -%}
 config-wipe-disk-ondestroy = True
@@ -256,11 +256,6 @@ mode = {{ mode }}
 {{ writefile('cluster-data-content', '${directory:webroot}/${hash-code:passwd}/data', slapparameter_dict.get('cluster-data', ''), '700') }}
 {% endif -%}
 
-[publish-early]
-recipe = slapos.cookbook:publish-early
--init =
-  monitor-password monitor-htpasswd:passwd
-
 [monitor-instance-parameter]
 monitor-httpd-port = 8060
 cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}

[Thomas Gambier]

Is this sure to be OK ? From this commit: https://lab.node.vifib.com/nexedi/slapos/commit/8d4b54457112d96b8d7c834580a950829161a6cc it seems there was a problem with using simply the password

[Łukasz Nowak]

It works for me, in many cases. The publish early here, just does not work (kvm-cluster was not tested, is not working currently on master). Thanks for pointing this commit, I'll get deeper into this issue.

[Łukasz Nowak]

For reference this is the error with this change reverted:

INFO While:
INFO  Installing.
INFO  Getting section publish-connection-information.
INFO  Initializing section publish-connection-information.
INFO  Getting option publish-connection-information:kvm0-backend-url.
INFO  Getting section request-KVM0.
INFO  Initializing section request-KVM0.
INFO  Getting option request-KVM0:config-monitor-username.
INFO  Getting section monitor-instance-parameter.
INFO  Initializing section monitor-instance-parameter.
INFO  Getting option monitor-instance-parameter:monitor-base-url.
INFO  Getting section monitor-frontend-promise.
INFO  Initializing section monitor-frontend-promise.
INFO  Getting option monitor-frontend-promise:config-url.
INFO  Getting option monitor-frontend-promise:url.
INFO  Getting section monitor-frontend.
INFO  Initializing section monitor-frontend.
INFO  Getting option monitor-frontend:config-url.
INFO  Getting section monitor-httpd-conf-parameter.
INFO  Initializing section monitor-httpd-conf-parameter.
INFO  Getting option monitor-httpd-conf-parameter:htpasswd-file.
INFO  Getting section httpd-monitor-htpasswd.
INFO  Initializing section httpd-monitor-htpasswd.
INFO  Getting option httpd-monitor-htpasswd:command.
INFO  Getting option monitor-instance-parameter:password.
INFO Error: Referenced option does not exist: monitor-htpasswd passwd

[Łukasz Nowak]

Is this sure to be OK ? From this commit: https://lab.node.vifib.com/nexedi/slapos/commit/8d4b54457112d96b8d7c834580a950829161a6cc it seems there was a problem with using simply the password

So it works without publish-early this in caddy-frontend in same situation in [replicate] section. Frankly I saw only such usage provided in nexedi/slapos!370 (merged), other SRs, like software/neoppod/root-common.cfg.in just directly pass the password. I belive that some recent changes in stack/monitor made simple access possible.

I'll add test that the password access to monitor works as expected, so this shall conclude that it works.

[Thomas Gambier]

could you give access to your repo to @alain.takoudjou so that he can confirm this ?

Also if the test is working fine, I'm OK to merge !

[Łukasz Nowak]

could you give access to your repo to @alain.takoudjou so that he can confirm this ?

Bizarre, that he has no access. I added nexedi group as reporter.

Also if the test is working fine, I'm OK to merge !

I am improving the test now, to cover all cases, lets see.

[Łukasz Nowak]

/cc @alain.takoudjou

[Alain Takoudjou]

It sometime happen that buildout reinstall the section monitor-htpasswd which change published password (the problem is present in some webrunner resilient or kvm resilient). The password should not change after it's generated. The change to publish-early was to fix that problem, to always use and publish the good password to user.

I belive that some recent changes in stack/monitor made simple access possible.

Nothing changed in monitor stack, simple access to password is possible but will be simply unstable.

[Alain Takoudjou]

publish-early does not work in this case

I don't see why publish-early is not working in the case of kvm cluster

[Łukasz Nowak]

I don't see why publish-early is not working in the case of kvm cluster

Also I see it does not work in other SRs.

So my fix is wrong here, thank you for explaining. Are you sure that resilient webrunner which uses publish-early is possible to instantiate now?