Skip to content

slapos
slapos
Commit d1334b4b authored by Łukasz Nowak's avatar Łukasz Nowak
Browse files
Options

Feature/caddy frontend improvement 202010 

See merge request !836
parents 7f8cd116 ff9a04e2
Pipeline #11964 failed with stage
    Hide whitespace changes
    Inline Side-by-side
    Showing with 927 additions and 720 deletions
    software/caddy-frontend/README.caddy_frontend.rst
    View file @ d1334b4b
    ...@@ -448,6 +448,15 @@ This allows backends to: ...@@ -448,6 +448,15 @@ This allows backends to:
    Technical notes Technical notes
    =============== ===============
    Profile development guidelines
    ------------------------------
    Keep the naming in instance profiles:
    * ``software_parameter_dict`` for values coming from software
    * ``instance_parameter_dict`` for **local** values generated by the instance, except ``configuration``
    * ``slapparameter_dict`` for values coming from SlapOS Master
    Instantiated cluster structure Instantiated cluster structure
    ------------------------------ ------------------------------
    ......
    software/caddy-frontend/buildout.hash.cfg
    View file @ d1334b4b
    ...@@ -14,29 +14,29 @@ ...@@ -14,29 +14,29 @@
    # not need these here). # not need these here).
    [template] [template]
    filename = instance.cfg.in filename = instance.cfg.in
    md5sum = bfb647325103640c19c38e7b7f6e2833 md5sum = 28bf0c4c75c028bed79fc38786831b3e
    [template-common] [profile-common]
    filename = instance-common.cfg.in filename = instance-common.cfg.in
    md5sum = 5784bea3bd608913769ff9a8afcccb68 md5sum = 5784bea3bd608913769ff9a8afcccb68
    [template-apache-frontend] [profile-caddy-frontend]
    filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
    md5sum = 02aac183352a6fd6ddd336d2e3757405 md5sum = e7d7e1448b6420657e953026573311ca
    [template-caddy-replicate] [profile-caddy-replicate]
    filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
    md5sum = 54c0648c8593699dae0c565bc7dd8629 md5sum = 59f3a67999f5fb3e595486e2b801af08
    [template-slave-list] [profile-slave-list]
    _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
    md5sum = 2690fb2b5b6cefb7de53f35c214bdd52 md5sum = 64d57678c12f539247fe2532c5b8d6b8
    [template-replicate-publish-slave-information] [profile-replicate-publish-slave-information]
    _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
    md5sum = 7e3ee70c447f8203273d78f66ab519c3 md5sum = de268251dafa5ad83ebf5b20636365d9
    [template-caddy-frontend-configuration] [profile-caddy-frontend-configuration]
    _update_hash_filename_ = templates/Caddyfile.in _update_hash_filename_ = templates/Caddyfile.in
    md5sum = 2503056e35463e045db3329bb8b6fae8 md5sum = 2503056e35463e045db3329bb8b6fae8
    ...@@ -54,7 +54,7 @@ md5sum = 266f175dbdfc588af7a86b0b1884fe73 ...@@ -54,7 +54,7 @@ md5sum = 266f175dbdfc588af7a86b0b1884fe73
    [template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
    _update_hash_filename_ = templates/backend-haproxy.cfg.in _update_hash_filename_ = templates/backend-haproxy.cfg.in
    md5sum = 80081a7ded0029bb24b4fe2d06b6ae95 md5sum = bf40f8d0a049a8dd924ccc731956c87e
    [template-log-access] [template-log-access]
    _update_hash_filename_ = templates/template-log-access.conf.in _update_hash_filename_ = templates/template-log-access.conf.in
    ...@@ -112,13 +112,13 @@ md5sum = 8e1c6c06c09beb921965b3ce98c67c9e ...@@ -112,13 +112,13 @@ md5sum = 8e1c6c06c09beb921965b3ce98c67c9e
    filename = caddyprofiledummy.py filename = caddyprofiledummy.py
    md5sum = 38792c2dceae38ab411592ec36fff6a8 md5sum = 38792c2dceae38ab411592ec36fff6a8
    [template-kedifa] [profile-kedifa]
    filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
    md5sum = d76fe7bf062410eda7049446ed06a736 md5sum = 3daebc4b37088fa01183a853920d4143
    [template-backend-haproxy-rsyslogd-conf] [template-backend-haproxy-rsyslogd-conf]
    _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
    md5sum = be899b04e1aa652ed510f20d4ea523dd md5sum = 3ec9e088817f6a0e3b3b71919590e6b3
    [template-slave-introspection-httpd-nginx] [template-slave-introspection-httpd-nginx]
    _update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in _update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in
    ......
    software/caddy-frontend/common.cfg deleted 100644 → 0
    View file @ 7f8cd116
    [buildout]
    extends =
    buildout.hash.cfg
    ../../stack/slapos.cfg
    ../../component/dash/buildout.cfg
    ../../component/caddy/buildout.cfg
    ../../component/gzip/buildout.cfg
    ../../component/logrotate/buildout.cfg
    ../../component/rdiff-backup/buildout.cfg
    ../../component/trafficserver/buildout.cfg
    ../../component/6tunnel/buildout.cfg
    ../../component/xz-utils/buildout.cfg
    ../../component/rsyslogd/buildout.cfg
    ../../component/haproxy/buildout.cfg
    ../../component/nginx/buildout.cfg
    ../../stack/caucase/buildout.cfg
    # Monitoring stack (keep on bottom)
    ../../stack/monitor/buildout.cfg
    parts +=
    caucase-eggs
    template
    template-caddy-frontend
    template-caddy-replicate
    caddy
    logrotate
    rdiff-backup
    caddyprofiledeps
    kedifa-develop
    kedifa
    [kedifa-repository]
    recipe = slapos.recipe.build:gitclone
    repository = https://lab.nexedi.com/nexedi/kedifa.git
    git-executable = ${git:location}/bin/git
    revision = d6bbd7db215e12871c1536f22a8fbf994227270c
    [kedifa-develop]
    recipe = zc.recipe.egg:develop
    setup = ${kedifa-repository:location}
    [kedifa]
    recipe = zc.recipe.egg
    eggs =
    ${python-cryptography:egg}
    kedifa
    [caddyprofiledeps-setup]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/setup.py
    [caddyprofiledeps-dummy]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/caddyprofiledummy.py
    [caddyprofiledeps-prepare]
    recipe = plone.recipe.command
    stop-on-error = True
    location = ${buildout:parts-directory}/${:_buildout_section_name_}
    update-command = ${:command}
    command =
    rm -fr ${:location} &&
    mkdir -p ${:location} &&
    cp ${caddyprofiledeps-setup:target} ${:location}/ &&
    cp ${caddyprofiledeps-dummy:target} ${:location}/
    [caddyprofiledeps-develop]
    recipe = zc.recipe.egg:develop
    setup = ${caddyprofiledeps-prepare:location}
    [caddyprofiledeps]
    depends = ${caddyprofiledeps-develop:recipe}
    recipe = zc.recipe.egg
    eggs =
    caddyprofiledeps
    websockify
    collective.recipe.shelloutput
    [template-common]
    recipe = slapos.recipe.template:jinja2
    template = ${:_profile_base_location_}/instance-common.cfg.in
    rendered = ${buildout:directory}/instance-common.cfg
    mode = 0644
    context =
    key develop_eggs_directory buildout:develop-eggs-directory
    key eggs_directory buildout:eggs-directory
    [template-frontend-parameter-section]
    common_profile = ${template-common:rendered}
    logrotate_base_instance = ${template-logrotate-base:rendered}
    bin_directory = ${buildout:bin-directory}
    sixtunnel = ${6tunnel:location}
    nginx = ${nginx-output:nginx}
    nginx_mime = ${nginx-output:mime}
    caddy = ${caddy:output}
    caddy_location = ${caddy:location}
    haproxy_executable = ${haproxy:location}/sbin/haproxy
    rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
    curl = ${curl:location}
    dash = ${dash:location}
    gzip = ${gzip:location}
    logrotate = ${logrotate:location}
    openssl = ${openssl:location}/bin/openssl
    openssl_cnf = ${openssl:location}/etc/ssl/openssl.cnf
    trafficserver = ${trafficserver:location}
    sha256sum = ${coreutils:location}/bin/sha256sum
    kedifa = ${:bin_directory}/kedifa
    kedifa-updater = ${:bin_directory}/kedifa-updater
    kedifa-csr = ${:bin_directory}/kedifa-csr
    xz_location = ${xz-utils:location}
    htpasswd = ${:bin_directory}/htpasswd
    monitor_template = ${monitor-template:output}
    template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
    template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target}
    template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target}
    template_graceful_script = ${template-graceful-script:target}
    template_validate_script = ${template-validate-script:target}
    template_rotate_script = ${template-rotate-script:target}
    template_configuration_state_script = ${template-configuration-state-script:target}
    template_caddy_lazy_script_call = ${template-caddy-lazy-script-call:target}
    template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
    template_empty = ${template-empty:target}
    template_log_access = ${template-log-access:target}
    template_not_found_html = ${template-not-found-html:target}
    template_slave_list = ${template-slave-list:target}
    template_trafficserver_records_config = ${template-trafficserver-records-config:target}
    template_trafficserver_storage_config = ${template-trafficserver-storage-config:target}
    template_trafficserver_logging_yaml = ${template-trafficserver-logging-yaml:target}
    template_wrapper = ${template-wrapper:output}
    template_slave_introspection_httpd_nginx = ${template-slave-introspection-httpd-nginx:target}
    [template]
    recipe = slapos.recipe.template:jinja2
    template = ${:_profile_base_location_}/instance.cfg.in
    rendered = ${buildout:directory}/template.cfg
    mode = 0644
    context =
    key common_profile template-common:rendered
    key monitor2_template monitor2-template:rendered
    key template_caddy_frontend template-caddy-frontend:target
    key template_caddy_replicate template-caddy-replicate:target
    key template_kedifa template-kedifa:target
    key template_replicate_publish_slave_information template-replicate-publish-slave-information:target
    key caddy_backend_url_validator caddy-backend-url-validator:output
    section template_frontend_parameter_dict template-frontend-parameter-section
    key caucase_jinja2_library caucase-jinja2-library:target
    [template-caddy-frontend]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/instance-apache-frontend.cfg.in
    mode = 0644
    [caddy-backend-url-validator]
    recipe = slapos.recipe.template
    url = ${:_profile_base_location_}/${:filename}
    output = ${buildout:directory}/caddy-backend-url-validator
    mode = 0750
    [template-caddy-replicate]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
    mode = 0644
    [template-kedifa]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/instance-kedifa.cfg.in
    mode = 0644
    [download-template]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/${:_update_hash_filename_}
    mode = 640
    [template-slave-list]
    <=download-template
    [template-replicate-publish-slave-information]
    <=download-template
    [template-caddy-frontend-configuration]
    <=download-template
    [template-not-found-html]
    <=download-template
    [template-default-slave-virtualhost]
    <=download-template
    [template-backend-haproxy-configuration]
    <=download-template
    [template-log-access]
    <=download-template
    [template-empty]
    <=download-template
    [template-slave-introspection-httpd-nginx]
    <=download-template
    [template-wrapper]
    recipe = slapos.recipe.template
    url = ${:_profile_base_location_}/templates/wrapper.in
    output = ${buildout:directory}/template-wrapper.cfg
    mode = 0644
    [template-trafficserver-records-config]
    <=download-template
    [template-trafficserver-storage-config]
    <=download-template
    [template-trafficserver-logging-yaml]
    <=download-template
    [template-rotate-script]
    <=download-template
    [template-caddy-lazy-script-call]
    <=download-template
    [template-graceful-script]
    <=download-template
    [template-validate-script]
    <=download-template
    [template-configuration-state-script]
    <=download-template
    [template-backend-haproxy-rsyslogd-conf]
    <=download-template
    software/caddy-frontend/development.cfg deleted 100644 → 0
    View file @ 7f8cd116
    # Development profile of caddy-frontend.
    # Exactly the same as software.cfg, but fetch the slapos.cookbook
    # from git repository instead of fetching stable version,
    # allowing to play with bleeding edge environment.
    # You'll need to run buildout twice for this profile.
    [buildout]
    extends =
    # Extend in this order, otherwise "parts" will be taken from git profile
    common.cfg
    parts +=
    slapos.toolbox-dev
    [slapos.toolbox-dev]
    recipe = zc.recipe.egg:develop
    egg = slapos.toolbox
    setup = ${slapos.toolbox-repository:location}
    software/caddy-frontend/instance-apache-frontend.cfg.in
    View file @ d1334b4b
    {%- if slap_software_type == software_type -%} {%- if instance_parameter_dict['slap-software-type'] == software_type -%}
    {% import "caucase" as caucase with context %} {% import "caucase" as caucase with context %}
    {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
    [buildout] [buildout]
    extends = extends =
    {{ parameter_dict['common_profile'] }} {{ software_parameter_dict['profile_common'] }}
    {{ parameter_dict['monitor_template'] }} {{ software_parameter_dict['profile_monitor'] }}
    {{ parameter_dict['logrotate_base_instance'] }} {{ software_parameter_dict['profile_logrotate_base'] }}
    parts = parts =
    directory directory
    ...@@ -98,20 +98,14 @@ slave-introspection-var = ${:var}/slave-introspection ...@@ -98,20 +98,14 @@ slave-introspection-var = ${:var}/slave-introspection
    [switch-caddy-softwaretype] [switch-caddy-softwaretype]
    recipe = slapos.cookbook:softwaretype recipe = slapos.cookbook:softwaretype
    single-default = ${dynamic-custom-personal-template-slave-list:rendered} single-default = ${dynamic-custom-personal-profile-slave-list:rendered}
    single-custom-personal = ${dynamic-custom-personal-template-slave-list:rendered} single-custom-personal = ${dynamic-custom-personal-profile-slave-list:rendered}
    [frontend-configuration] [frontend-configuration]
    template-log-access = {{ parameter_dict['template_log_access'] }}
    log-access-configuration = ${directory:etc}/log-access.conf log-access-configuration = ${directory:etc}/log-access.conf
    ip-access-certificate = ${self-signed-ip-access:certificate} ip-access-certificate = ${self-signed-ip-access:certificate}
    caddy-directory = {{ parameter_dict['caddy_location'] }} caddy-ipv6 = {{ instance_parameter_dict['ipv6-random'] }}
    caddy-ipv6 = {{ instance_parameter['ipv6-random'] }}
    caddy-https-port = ${configuration:port} caddy-https-port = ${configuration:port}
    nginx = {{ parameter_dict['nginx'] }}
    nginx_mime = {{ parameter_dict['nginx_mime'] }}
    htpasswd = {{ parameter_dict['htpasswd'] }}
    slave-introspection-template = {{ parameter_dict['template_slave_introspection_httpd_nginx'] }}
    slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf
    slave-introspection-https-port = ${configuration:slave-introspection-https-port} slave-introspection-https-port = ${configuration:slave-introspection-https-port}
    slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access} slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access}
    ...@@ -122,21 +116,22 @@ slave-introspection-domain = ${slave-introspection-frontend:connection-domain} ...@@ -122,21 +116,22 @@ slave-introspection-domain = ${slave-introspection-frontend:connection-domain}
    recipe = plone.recipe.command recipe = plone.recipe.command
    update-command = ${:command} update-command = ${:command}
    ipv6 = ${slap-network-information:global-ipv6} ipv6 = ${slap-network-information:global-ipv6}
    ipv4 = {{instance_parameter['ipv4-random']}} ipv4 = {{instance_parameter_dict['ipv4-random']}}
    certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    command = command =
    [ -f ${:certificate} ] && exit 0 [ -f ${:certificate} ] && exit 0
    rm -f ${:certificate} rm -f ${:certificate}
    /bin/bash -c ' \ /bin/bash -c ' \
    {{ parameter_dict['openssl'] }} req \ {{ software_parameter_dict['openssl'] }} req \
    -new -newkey rsa:2048 -sha256 \ -new -newkey rsa:2048 -sha256 \
    -nodes -x509 -days 36500 \ -nodes -x509 -days 36500 \
    -keyout ${:certificate} \ -keyout ${:certificate} \
    -subj "/CN=Self Signed IP Access" \ -subj "/CN=Self Signed IP Access" \
    -reqexts SAN \ -reqexts SAN \
    -extensions SAN \ -extensions SAN \
    -config <(cat {{ parameter_dict['openssl_cnf'] }} \ -config <(cat {{ software_parameter_dict['openssl_cnf'] }} \
    <(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \ <(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \
    -out ${:certificate}' -out ${:certificate}'
    ...@@ -145,18 +140,19 @@ command = ...@@ -145,18 +140,19 @@ command =
    recipe = plone.recipe.command recipe = plone.recipe.command
    update-command = ${:command} update-command = ${:command}
    ipv6 = ${slap-network-information:global-ipv6} ipv6 = ${slap-network-information:global-ipv6}
    ipv4 = {{instance_parameter['ipv4-random']}} ipv4 = {{instance_parameter_dict['ipv4-random']}}
    certificate = ${caddy-directory:master-autocert-dir}/fallback-access.crt certificate = ${caddy-directory:master-autocert-dir}/fallback-access.crt
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    command = command =
    [ -f ${:certificate} ] && exit 0 [ -f ${:certificate} ] && exit 0
    rm -f ${:certificate} rm -f ${:certificate}
    /bin/bash -c ' \ /bin/bash -c ' \
    {{ parameter_dict['openssl'] }} req \ {{ software_parameter_dict['openssl'] }} req \
    -new -newkey rsa:2048 -sha256 \ -new -newkey rsa:2048 -sha256 \
    -nodes -x509 -days 36500 \ -nodes -x509 -days 36500 \
    -keyout ${:certificate} \ -keyout ${:certificate} \
    -subj "/CN=Fallback certificate/OU={{ instance_parameter['configuration.frontend-name'] }}" \ -subj "/CN=Fallback certificate/OU={{ instance_parameter_dict['configuration.frontend-name'] }}" \
    -out ${:certificate}' -out ${:certificate}'
    [jinja2-template-base] [jinja2-template-base]
    ...@@ -164,24 +160,23 @@ recipe = slapos.recipe.template:jinja2 ...@@ -164,24 +160,23 @@ recipe = slapos.recipe.template:jinja2
    rendered = ${buildout:directory}/${:filename} rendered = ${buildout:directory}/${:filename}
    extensions = jinja2.ext.do extensions = jinja2.ext.do
    extra-context = extra-context =
    slapparameter_dict = {{ dumps(instance_parameter['configuration']) }} slapparameter_dict = {{ dumps(slapparameter_dict) }}
    slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }} slap_software_type = {{ dumps(instance_parameter_dict['slap-software-type']) }}
    context = context =
    import json_module json import json_module json
    raw common_profile {{ parameter_dict['common_profile'] }} raw profile_common {{ software_parameter_dict['profile_common'] }}
    raw logrotate_base_instance {{ parameter_dict['logrotate_base_instance'] }} raw profile_logrotate_base {{ software_parameter_dict['profile_logrotate_base'] }}
    raw monitor_template {{ parameter_dict['monitor_template'] }} raw profile_monitor {{ software_parameter_dict['profile_monitor'] }}
    key slap_software_type :slap_software_type key slap_software_type :slap_software_type
    key slapparameter_dict :slapparameter_dict key slapparameter_dict :slapparameter_dict
    section directory directory section directory directory
    ${:extra-context} ${:extra-context}
    [software-release-path] [software-release-path]
    template-empty = {{ parameter_dict['template_empty'] }} template-empty = {{ software_parameter_dict['template_empty'] }}
    template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }} template-default-slave-virtualhost = {{ software_parameter_dict['template_default_slave_virtualhost'] }}
    template-backend-haproxy-configuration = {{ parameter_dict['template_backend_haproxy_configuration'] }} template-backend-haproxy-configuration = {{ software_parameter_dict['template_backend_haproxy_configuration'] }}
    template-backend-haproxy-rsyslogd-conf = {{ parameter_dict['template_backend_haproxy_rsyslogd_conf'] }} template-backend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_backend_haproxy_rsyslogd_conf'] }}
    caddy-location = {{ parameter_dict['caddy_location'] }}
    [kedifa-login-config] [kedifa-login-config]
    d = ${directory:ca-dir} d = ${directory:ca-dir}
    ...@@ -195,11 +190,11 @@ crl = ${:d}/kedifa-login-crl.pem ...@@ -195,11 +190,11 @@ crl = ${:d}/kedifa-login-crl.pem
    [kedifa-login-csr] [kedifa-login-csr]
    recipe = plone.recipe.command recipe = plone.recipe.command
    organization = {{ slapparameter_dict['cluster-identification'] }} organization = {{ slapparameter_dict['cluster-identification'] }}
    organizational_unit = {{ instance_parameter['configuration.frontend-name'] }} organizational_unit = {{ instance_parameter_dict['configuration.frontend-name'] }}
    command = command =
    {% if slapparameter_dict['kedifa-caucase-url'] %} {% if slapparameter_dict['kedifa-caucase-url'] %}
    if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
    {{ parameter_dict['openssl'] }} req -new -sha256 \ {{ software_parameter_dict['openssl'] }} req -new -sha256 \
    -newkey rsa:2048 -nodes -keyout ${:key} \ -newkey rsa:2048 -nodes -keyout ${:key} \
    -subj "/O=${:organization}/OU=${:organizational_unit}" \ -subj "/O=${:organization}/OU=${:organizational_unit}" \
    -out ${:template-csr} -out ${:template-csr}
    ...@@ -209,11 +204,12 @@ command = ...@@ -209,11 +204,12 @@ command =
    update-command = ${:command} update-command = ${:command}
    template-csr = ${kedifa-login-config:template-csr} template-csr = ${kedifa-login-config:template-csr}
    key = ${kedifa-login-config:key} key = ${kedifa-login-config:key}
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    {{ caucase.updater( {{ caucase.updater(
    prefix='caucase-updater', prefix='caucase-updater',
    buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
    updater_path='${directory:service}/kedifa-login-certificate-caucase-updater', updater_path='${directory:service}/kedifa-login-certificate-caucase-updater',
    url=slapparameter_dict['kedifa-caucase-url'], url=slapparameter_dict['kedifa-caucase-url'],
    data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
    ...@@ -231,7 +227,6 @@ certificate = ${kedifa-login-config:certificate} ...@@ -231,7 +227,6 @@ certificate = ${kedifa-login-config:certificate}
    cas-ca-certificate = ${kedifa-login-config:cas-ca-certificate} cas-ca-certificate = ${kedifa-login-config:cas-ca-certificate}
    csr = ${caucase-updater-csr:csr} csr = ${caucase-updater-csr:csr}
    crl = ${kedifa-login-config:crl} crl = ${kedifa-login-config:crl}
    kedifa-updater = {{ parameter_dict['kedifa-updater'] }}
    kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt
    kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json
    slave_kedifa_information = {{ dumps(slapparameter_dict['slave-kedifa-information']) }} slave_kedifa_information = {{ dumps(slapparameter_dict['slave-kedifa-information']) }}
    ...@@ -248,11 +243,11 @@ crl = ${:d}/crl.pem ...@@ -248,11 +243,11 @@ crl = ${:d}/crl.pem
    [backend-client-login-csr] [backend-client-login-csr]
    recipe = plone.recipe.command recipe = plone.recipe.command
    organization = {{ slapparameter_dict['cluster-identification'] }} organization = {{ slapparameter_dict['cluster-identification'] }}
    organizational_unit = {{ instance_parameter['configuration.frontend-name'] }} organizational_unit = {{ instance_parameter_dict['configuration.frontend-name'] }}
    command = command =
    {% if slapparameter_dict['backend-client-caucase-url'] %} {% if slapparameter_dict['backend-client-caucase-url'] %}
    if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
    {{ parameter_dict['openssl'] }} req -new -sha256 \ {{ software_parameter_dict['openssl'] }} req -new -sha256 \
    -newkey rsa:2048 -nodes -keyout ${:key} \ -newkey rsa:2048 -nodes -keyout ${:key} \
    -subj "/O=${:organization}/OU=${:organizational_unit}" \ -subj "/O=${:organization}/OU=${:organizational_unit}" \
    -out ${:template-csr} -out ${:template-csr}
    ...@@ -262,11 +257,12 @@ command = ...@@ -262,11 +257,12 @@ command =
    update-command = ${:command} update-command = ${:command}
    template-csr = ${backend-client-login-config:template-csr} template-csr = ${backend-client-login-config:template-csr}
    key = ${backend-client-login-config:key} key = ${backend-client-login-config:key}
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    {{ caucase.updater( {{ caucase.updater(
    prefix='backend-client-caucase-updater', prefix='backend-client-caucase-updater',
    buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
    updater_path='${directory:service}/backend-client-login-certificate-caucase-updater', updater_path='${directory:service}/backend-client-login-certificate-caucase-updater',
    url=slapparameter_dict['backend-client-caucase-url'], url=slapparameter_dict['backend-client-caucase-url'],
    data_dir='${directory:srv}/backend-client-caucase-updater', data_dir='${directory:srv}/backend-client-caucase-updater',
    ...@@ -277,79 +273,54 @@ stop-on-error = True ...@@ -277,79 +273,54 @@ stop-on-error = True
    template_csr='${backend-client-login-csr:template-csr}' template_csr='${backend-client-login-csr:template-csr}'
    )}} )}}
    [dynamic-custom-personal-template-slave-list] [dynamic-custom-personal-profile-slave-list]
    < = jinja2-template-base < = jinja2-template-base
    depends = ${caddyprofiledeps:recipe} depends = ${caddyprofiledeps:recipe}
    template = {{ parameter_dict['template_slave_list'] }} template = {{ software_parameter_dict['profile_slave_list'] }}
    filename = custom-personal-instance-slave-list.cfg filename = custom-personal-instance-slave-list.cfg
    slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }}
    extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }}
    master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }} master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }}
    local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }}
    local_ipv6 = {{ dumps(instance_parameter['ipv6-random']) }}
    software_type = single-custom-personal software_type = single-custom-personal
    bin_directory = {{ parameter_dict['bin_directory'] }}
    caddy_executable = {{ parameter_dict['caddy'] }}
    sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel
    organization = {{ slapparameter_dict['cluster-identification'] }} organization = {{ slapparameter_dict['cluster-identification'] }}
    organizational-unit = {{ instance_parameter['configuration.frontend-name'] }} organizational-unit = {{ instance_parameter_dict['configuration.frontend-name'] }}
    backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] }} backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] }}
    extra-context = extra-context =
    key caddy_configuration_directory caddy-directory:slave-configuration key caddy_configuration_directory caddy-directory:slave-configuration
    key backend_client_caucase_url :backend-client-caucase-url key backend_client_caucase_url :backend-client-caucase-url
    import urlparse_module urlparse import urlparse_module urlparse
    import furl_module furl import furl_module furl
    key caddy_executable :caddy_executable
    key http_port configuration:plain_http_port
    key https_port configuration:port
    key public_ipv4 configuration:public-ipv4
    key slave_instance_list :slave_instance_list
    key extra_slave_instance_list :extra_slave_instance_list
    key master_key_download_url :master_key_download_url key master_key_download_url :master_key_download_url
    key autocert caddy-directory:autocert key autocert caddy-directory:autocert
    key master_certificate caddy-configuration:master-certificate
    key caddy_log_directory caddy-directory:slave-log key caddy_log_directory caddy-directory:slave-log
    key expose_csr_id_organization :organization key expose_csr_id_organization :organization
    key expose_csr_id_organizational_unit :organizational-unit key expose_csr_id_organizational_unit :organizational-unit
    key local_ipv4 :local_ipv4
    key local_ipv6 :local_ipv6
    key global_ipv6 slap-network-information:global-ipv6 key global_ipv6 slap-network-information:global-ipv6
    key empty_template software-release-path:template-empty key empty_template software-release-path:template-empty
    key template_default_slave_configuration software-release-path:template-default-slave-virtualhost key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
    key software_type :software_type key software_type :software_type
    key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
    key frontend_graceful_reload caddy-configuration:frontend-graceful-command
    section frontend_configuration frontend-configuration
    section caddy_configuration caddy-configuration
    key monitor_base_url monitor-instance-parameter:monitor-base-url key monitor_base_url monitor-instance-parameter:monitor-base-url
    key bin_directory :bin_directory
    key enable_http2_by_default configuration:enable-http2-by-default
    key global_disable_http2 configuration:global-disable-http2
    key ciphers configuration:ciphers
    key access_log caddy-configuration:access-log
    key error_log caddy-configuration:error-log
    key sixtunnel_executable :sixtunnel_executable
    key not_found_file caddy-configuration:not-found-file
    key custom_ssl_directory caddy-directory:custom-ssl-directory key custom_ssl_directory caddy-directory:custom-ssl-directory
    section kedifa_configuration kedifa-configuration
    # BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
    key apache_certificate apache-certificate:rendered key apache_certificate apache-certificate:rendered
    # BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
    ## backend haproxy ## backend haproxy
    key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration
    section backend_haproxy_configuration backend-haproxy-configuration ## Configuration passed by section
    ## full configuration
    section configuration configuration section configuration configuration
    section backend_haproxy_configuration backend-haproxy-configuration
    section instance_parameter_dict instance-parameter-section
    section frontend_configuration frontend-configuration
    section caddy_configuration caddy-configuration
    section kedifa_configuration kedifa-configuration
    section software_parameter_dict software-parameter-section
    # Deploy Caddy Frontend with Jinja power # Deploy Caddy Frontend with Jinja power
    [dynamic-caddy-frontend-template] [dynamic-caddy-frontend-template]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_caddy_frontend_configuration'] }} template = {{ software_parameter_dict['template_caddy_frontend_configuration'] }}
    rendered = ${caddy-configuration:frontend-configuration} rendered = ${caddy-configuration:frontend-configuration}
    local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }} local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
    extra-context = extra-context =
    key httpd_home software-release-path:caddy-location
    key httpd_mod_ssl_cache_directory caddy-directory:mod-ssl
    key instance_home buildout:directory key instance_home buildout:directory
    key master_certificate caddy-configuration:master-certificate key master_certificate caddy-configuration:master-certificate
    key access_log caddy-configuration:access-log key access_log caddy-configuration:access-log
    ...@@ -373,16 +344,16 @@ template = inline: ...@@ -373,16 +344,16 @@ template = inline:
    #!/bin/sh #!/bin/sh
    export CADDYPATH=${directory:frontend_cluster} export CADDYPATH=${directory:frontend_cluster}
    ulimit -n $(ulimit -Hn) ulimit -n $(ulimit -Hn)
    exec {{ parameter_dict['caddy'] }} \ exec {{ software_parameter_dict['caddy'] }} \
    -conf ${dynamic-caddy-frontend-template:rendered} \ -conf ${dynamic-caddy-frontend-template:rendered} \
    -log ${caddy-configuration:error-log} \ -log ${caddy-configuration:error-log} \
    -log-roll-mb 0 \ -log-roll-mb 0 \
    {% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %} {% if instance_parameter_dict['configuration.global-disable-http2'].lower() in TRUE_VALUES %}
    -http2=false \ -http2=false \
    {% else %} {% else %}
    -http2=true \ -http2=true \
    {% endif %} {% endif %}
    -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s \ -grace {{ instance_parameter_dict['configuration.mpm-graceful-shutdown-timeout'] }}s \
    -disable-http-challenge \ -disable-http-challenge \
    -disable-tls-alpn-challenge \ -disable-tls-alpn-challenge \
    "$@" "$@"
    ...@@ -400,14 +371,12 @@ hash-files = ${caddy-wrapper:rendered} ...@@ -400,14 +371,12 @@ hash-files = ${caddy-wrapper:rendered}
    recipe = plone.recipe.command recipe = plone.recipe.command
    update-command = ${:command} update-command = ${:command}
    filename = notfound.html filename = notfound.html
    command = ln -sf {{ parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename} command = ln -sf {{ software_parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename}
    [caddy-directory] [caddy-directory]
    recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
    document-root = ${directory:srv}/htdocs document-root = ${directory:srv}/htdocs
    slave-configuration = ${directory:etc}/caddy-slave-conf.d/ slave-configuration = ${directory:etc}/caddy-slave-conf.d/
    cache = ${directory:var}/cache
    mod-ssl = ${:cache}/httpd_mod_ssl
    slave-log = ${directory:log}/httpd slave-log = ${directory:log}/httpd
    autocert = ${directory:srv}/autocert autocert = ${directory:srv}/autocert
    master-autocert-dir = ${:autocert}/master-autocert master-autocert-dir = ${:autocert}/master-autocert
    ...@@ -469,7 +438,7 @@ delaycompress = ...@@ -469,7 +438,7 @@ delaycompress =
    recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
    configuration = ${directory:etc}/trafficserver configuration = ${directory:etc}/trafficserver
    local-state = ${directory:var}/trafficserver local-state = ${directory:var}/trafficserver
    bin_path = {{ parameter_dict['trafficserver'] }}/bin bin_path = {{ software_parameter_dict['trafficserver'] }}/bin
    log = ${directory:log}/trafficserver log = ${directory:log}/trafficserver
    cache-path = ${directory:srv}/ats_cache cache-path = ${directory:srv}/ats_cache
    logrotate-backup = ${logrotate-directory:logrotate-backup}/trafficserver logrotate-backup = ${logrotate-directory:logrotate-backup}/trafficserver
    ...@@ -477,7 +446,7 @@ logrotate-backup = ${logrotate-directory:logrotate-backup}/trafficserver ...@@ -477,7 +446,7 @@ logrotate-backup = ${logrotate-directory:logrotate-backup}/trafficserver
    [trafficserver-variable] [trafficserver-variable]
    wrapper-path = ${directory:service}/trafficserver wrapper-path = ${directory:service}/trafficserver
    reload-path = ${directory:etc-run}/trafficserver-reload reload-path = ${directory:etc-run}/trafficserver-reload
    local-ip = {{ instance_parameter['ipv4-random'] }} local-ip = {{ instance_parameter_dict['ipv4-random'] }}
    input-port = 23432 input-port = 23432
    hostname = ${configuration:frontend-name} hostname = ${configuration:frontend-name}
    plugin-config = plugin-config =
    ...@@ -485,24 +454,24 @@ ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow ...@@ -485,24 +454,24 @@ ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow
    cache-path = ${trafficserver-directory:cache-path} cache-path = ${trafficserver-directory:cache-path}
    disk-cache-size = ${configuration:disk-cache-size} disk-cache-size = ${configuration:disk-cache-size}
    ram-cache-size = ${configuration:ram-cache-size} ram-cache-size = ${configuration:ram-cache-size}
    templates-dir = {{ parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory templates-dir = {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory
    request-timeout = ${configuration:request-timeout} request-timeout = ${configuration:request-timeout}
    [trafficserver-configuration-directory] [trafficserver-configuration-directory]
    recipe = plone.recipe.command recipe = plone.recipe.command
    command = cp -rn {{ parameter_dict['trafficserver'] }}/etc/trafficserver/* ${:target} command = cp -rn {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/* ${:target}
    target = ${trafficserver-directory:configuration} target = ${trafficserver-directory:configuration}
    [trafficserver-launcher] [trafficserver-launcher]
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_manager command-line = {{ software_parameter_dict['trafficserver'] }}/bin/traffic_manager
    wrapper-path = ${trafficserver-variable:wrapper-path} wrapper-path = ${trafficserver-variable:wrapper-path}
    environment = TS_ROOT=${buildout:directory} environment = TS_ROOT=${buildout:directory}
    hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    [trafficserver-reload] [trafficserver-reload]
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_ctl config reload command-line = {{ software_parameter_dict['trafficserver'] }}/bin/traffic_ctl config reload
    wrapper-path = ${trafficserver-variable:reload-path} wrapper-path = ${trafficserver-variable:reload-path}
    environment = TS_ROOT=${buildout:directory} environment = TS_ROOT=${buildout:directory}
    ...@@ -519,19 +488,19 @@ context = ...@@ -519,19 +488,19 @@ context =
    [trafficserver-records-config] [trafficserver-records-config]
    < = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
    template = {{ parameter_dict['template_trafficserver_records_config'] }} template = {{ software_parameter_dict['template_trafficserver_records_config'] }}
    filename = records.config filename = records.config
    extra-context = extra-context =
    import os_module os import os_module os
    [trafficserver-storage-config] [trafficserver-storage-config]
    < = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
    template = {{ parameter_dict['template_trafficserver_storage_config'] }} template = {{ software_parameter_dict['template_trafficserver_storage_config'] }}
    filename = storage.config filename = storage.config
    [trafficserver-logging-yaml] [trafficserver-logging-yaml]
    < = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
    template = {{ parameter_dict['template_trafficserver_logging_yaml'] }} template = {{ software_parameter_dict['template_trafficserver_logging_yaml'] }}
    filename = logging.yaml filename = logging.yaml
    [trafficserver-remap-config] [trafficserver-remap-config]
    ...@@ -542,7 +511,7 @@ template = inline: ...@@ -542,7 +511,7 @@ template = inline:
    map / http://{{ ipv4 }}:{{ http_port }} map / http://{{ ipv4 }}:{{ http_port }}
    {%- endraw %} {%- endraw %}
    extra-context = extra-context =
    raw ipv4 {{ instance_parameter['ipv4-random'] }} raw ipv4 {{ instance_parameter_dict['ipv4-random'] }}
    key https_port backend-haproxy-configuration:https-port key https_port backend-haproxy-configuration:https-port
    key http_port backend-haproxy-configuration:http-port key http_port backend-haproxy-configuration:http-port
    ...@@ -550,14 +519,14 @@ filename = remap.config ...@@ -550,14 +519,14 @@ filename = remap.config
    [trafficserver-plugin-config] [trafficserver-plugin-config]
    < = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
    template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
    filename = plugin.config filename = plugin.config
    context = context =
    key content trafficserver-variable:plugin-config key content trafficserver-variable:plugin-config
    [trafficserver-ip-allow-config] [trafficserver-ip-allow-config]
    < = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
    template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
    filename = ip_allow.config filename = ip_allow.config
    context = context =
    key content trafficserver-variable:ip-allow-config key content trafficserver-variable:ip-allow-config
    ...@@ -571,7 +540,7 @@ config-port = ${trafficserver-variable:input-port} ...@@ -571,7 +540,7 @@ config-port = ${trafficserver-variable:input-port}
    [trafficserver-ctl] [trafficserver-ctl]
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_ctl command-line = {{ software_parameter_dict['trafficserver'] }}/bin/traffic_ctl
    wrapper-path = ${directory:bin}/traffic_ctl wrapper-path = ${directory:bin}/traffic_ctl
    environment = TS_ROOT=${buildout:directory} environment = TS_ROOT=${buildout:directory}
    ...@@ -583,10 +552,10 @@ config-wrapper-path = ${trafficserver-ctl:wrapper-path} ...@@ -583,10 +552,10 @@ config-wrapper-path = ${trafficserver-ctl:wrapper-path}
    [trafficserver-rotate-script] [trafficserver-rotate-script]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_rotate_script'] }} template = {{ software_parameter_dict['template_rotate_script'] }}
    rendered = ${directory:bin}/trafficserver-rotate rendered = ${directory:bin}/trafficserver-rotate
    mode = 0700 mode = 0700
    xz_binary = {{ parameter_dict['xz_location'] ~ '/bin/xz' }} xz_binary = {{ software_parameter_dict['xz_location'] ~ '/bin/xz' }}
    pattern = *.old pattern = *.old
    # days to keep log files # days to keep log files
    keep_days = 365 keep_days = 365
    ...@@ -610,12 +579,12 @@ command = ${trafficserver-rotate-script:rendered} ...@@ -610,12 +579,12 @@ command = ${trafficserver-rotate-script:rendered}
    ### Caddy Graceful and promises ### Caddy Graceful and promises
    [frontend-caddy-configuration-state] [frontend-caddy-configuration-state]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_configuration_state_script'] }} template = {{ software_parameter_dict['template_configuration_state_script'] }}
    rendered = ${directory:bin}/${:_buildout_section_name_} rendered = ${directory:bin}/${:_buildout_section_name_}
    mode = 0700 mode = 0700
    path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
    sha256sum = {{ parameter_dict['sha256sum'] }} sha256sum = {{ software_parameter_dict['sha256sum'] }}
    extra-context = extra-context =
    key path_list :path_list key path_list :path_list
    ...@@ -632,7 +601,7 @@ signature_file = ${directory:run}/validate_configuration_state_signature ...@@ -632,7 +601,7 @@ signature_file = ${directory:run}/validate_configuration_state_signature
    [frontend-caddy-graceful] [frontend-caddy-graceful]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_graceful_script'] }} template = {{ software_parameter_dict['template_graceful_script'] }}
    rendered = ${directory:etc-run}/frontend-caddy-safe-graceful rendered = ${directory:etc-run}/frontend-caddy-safe-graceful
    mode = 0700 mode = 0700
    ...@@ -642,7 +611,7 @@ extra-context = ...@@ -642,7 +611,7 @@ extra-context =
    [frontend-caddy-validate] [frontend-caddy-validate]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_validate_script'] }} template = {{ software_parameter_dict['template_validate_script'] }}
    rendered = ${directory:bin}/frontend-caddy-validate rendered = ${directory:bin}/frontend-caddy-validate
    mode = 0700 mode = 0700
    last_state_file = ${directory:run}/caddy_configuration_last_state last_state_file = ${directory:run}/caddy_configuration_last_state
    ...@@ -654,7 +623,7 @@ extra-context = ...@@ -654,7 +623,7 @@ extra-context =
    [frontend-caddy-lazy-graceful] [frontend-caddy-lazy-graceful]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_caddy_lazy_script_call'] }} template = {{ software_parameter_dict['template_caddy_lazy_script_call'] }}
    rendered = ${directory:bin}/frontend-caddy-lazy-graceful rendered = ${directory:bin}/frontend-caddy-lazy-graceful
    mode = 0700 mode = 0700
    pid-file = ${directory:run}/lazy-graceful.pid pid-file = ${directory:run}/lazy-graceful.pid
    ...@@ -667,7 +636,7 @@ extra-context = ...@@ -667,7 +636,7 @@ extra-context =
    # Promises checking configuration: # Promises checking configuration:
    [promise-helper-last-configuration-state] [promise-helper-last-configuration-state]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
    rendered = ${directory:bin}/frontend-read-last-configuration-state rendered = ${directory:bin}/frontend-read-last-configuration-state
    mode = 0700 mode = 0700
    content = content =
    ...@@ -686,42 +655,42 @@ config-verification-script = ${promise-helper-last-configuration-state:rendered} ...@@ -686,42 +655,42 @@ config-verification-script = ${promise-helper-last-configuration-state:rendered}
    <= monitor-promise-base <= monitor-promise-base
    module = check_port_listening module = check_port_listening
    name = caddy_frontend_ipv4_https.py name = caddy_frontend_ipv4_https.py
    config-hostname = {{ instance_parameter['ipv4-random'] }} config-hostname = {{ instance_parameter_dict['ipv4-random'] }}
    config-port = ${configuration:port} config-port = ${configuration:port}
    [promise-caddy-frontend-v4-http] [promise-caddy-frontend-v4-http]
    <= monitor-promise-base <= monitor-promise-base
    module = check_port_listening module = check_port_listening
    name = caddy_frontend_ipv4_http.py name = caddy_frontend_ipv4_http.py
    config-hostname = {{ instance_parameter['ipv4-random'] }} config-hostname = {{ instance_parameter_dict['ipv4-random'] }}
    config-port = ${configuration:plain_http_port} config-port = ${configuration:plain_http_port}
    [promise-caddy-frontend-v6-https] [promise-caddy-frontend-v6-https]
    <= monitor-promise-base <= monitor-promise-base
    module = check_port_listening module = check_port_listening
    name = caddy_frontend_ipv6_https.py name = caddy_frontend_ipv6_https.py
    config-hostname = {{ instance_parameter['ipv6-random'] }} config-hostname = {{ instance_parameter_dict['ipv6-random'] }}
    config-port = ${configuration:port} config-port = ${configuration:port}
    [promise-caddy-frontend-v6-http] [promise-caddy-frontend-v6-http]
    <= monitor-promise-base <= monitor-promise-base
    module = check_port_listening module = check_port_listening
    name = caddy_frontend_ipv6_http.py name = caddy_frontend_ipv6_http.py
    config-hostname = {{ instance_parameter['ipv6-random'] }} config-hostname = {{ instance_parameter_dict['ipv6-random'] }}
    config-port = ${configuration:plain_http_port} config-port = ${configuration:plain_http_port}
    [promise-backend-haproxy-http] [promise-backend-haproxy-http]
    <= monitor-promise-base <= monitor-promise-base
    module = check_port_listening module = check_port_listening
    name = backend_haproxy_http.py name = backend_haproxy_http.py
    config-hostname = {{ instance_parameter['ipv4-random'] }} config-hostname = {{ instance_parameter_dict['ipv4-random'] }}
    config-port = ${backend-haproxy-configuration:http-port} config-port = ${backend-haproxy-configuration:http-port}
    [promise-backend-haproxy-https] [promise-backend-haproxy-https]
    <= monitor-promise-base <= monitor-promise-base
    module = check_port_listening module = check_port_listening
    name = backend_haproxy_https.py name = backend_haproxy_https.py
    config-hostname = {{ instance_parameter['ipv4-random'] }} config-hostname = {{ instance_parameter_dict['ipv4-random'] }}
    config-port = ${backend-haproxy-configuration:https-port} config-port = ${backend-haproxy-configuration:https-port}
    [backend-haproxy-configuration] [backend-haproxy-configuration]
    ...@@ -748,13 +717,13 @@ statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connecti ...@@ -748,13 +717,13 @@ statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connecti
    [backend-haproxy] [backend-haproxy]
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} command-line = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file}
    wrapper-path = ${directory:service}/backend-haproxy wrapper-path = ${directory:service}/backend-haproxy
    hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    [backend-haproxy-rsyslogd-lazy-graceful] [backend-haproxy-rsyslogd-lazy-graceful]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_caddy_lazy_script_call'] }} template = {{ software_parameter_dict['template_caddy_lazy_script_call'] }}
    rendered = ${directory:bin}/backend-haproxy-rsyslogd-lazy-graceful rendered = ${directory:bin}/backend-haproxy-rsyslogd-lazy-graceful
    mode = 0700 mode = 0700
    pid-file = ${directory:run}/backend-haproxy-rsyslogd-lazy-graceful.pid pid-file = ${directory:run}/backend-haproxy-rsyslogd-lazy-graceful.pid
    ...@@ -779,12 +748,12 @@ delaycompress = ...@@ -779,12 +748,12 @@ delaycompress =
    [backend-haproxy-configuration-state] [backend-haproxy-configuration-state]
    <= jinja2-template-base <= jinja2-template-base
    template = {{ parameter_dict['template_configuration_state_script'] }} template = {{ software_parameter_dict['template_configuration_state_script'] }}
    rendered = ${directory:bin}/${:_buildout_section_name_} rendered = ${directory:bin}/${:_buildout_section_name_}
    mode = 0700 mode = 0700
    path_list = ${backend-haproxy-configuration:file} ${backend-client-login-config:certificate} path_list = ${backend-haproxy-configuration:file} ${backend-client-login-config:certificate}
    sha256sum = {{ parameter_dict['sha256sum'] }} sha256sum = {{ software_parameter_dict['sha256sum'] }}
    extra-context = extra-context =
    key path_list :path_list key path_list :path_list
    ...@@ -801,7 +770,7 @@ signature_file = ${directory:run}/backend_haproxy_validate_configuration_state_s ...@@ -801,7 +770,7 @@ signature_file = ${directory:run}/backend_haproxy_validate_configuration_state_s
    [backend-haproxy-graceful] [backend-haproxy-graceful]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_graceful_script'] }} template = {{ software_parameter_dict['template_graceful_script'] }}
    rendered = ${directory:etc-run}/backend-haproxy-safe-graceful rendered = ${directory:etc-run}/backend-haproxy-safe-graceful
    mode = 0700 mode = 0700
    ...@@ -811,11 +780,11 @@ extra-context = ...@@ -811,11 +780,11 @@ extra-context =
    [backend-haproxy-validate] [backend-haproxy-validate]
    <= jinja2-template-base <= jinja2-template-base
    template = {{ parameter_dict['template_validate_script'] }} template = {{ software_parameter_dict['template_validate_script'] }}
    rendered = ${directory:bin}/backend-haproxy-validate rendered = ${directory:bin}/backend-haproxy-validate
    mode = 0700 mode = 0700
    last_state_file = ${directory:run}/backend_haproxy_configuration_last_state last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
    validate_command = {{ parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c
    extra-context = extra-context =
    key validate_command :validate_command key validate_command :validate_command
    key configuration_state_command backend-haproxy-configuration-state-validate:rendered key configuration_state_command backend-haproxy-configuration-state-validate:rendered
    ...@@ -829,7 +798,7 @@ config-verification-script = ${promise-backend-haproxy-configuration-helper:rend ...@@ -829,7 +798,7 @@ config-verification-script = ${promise-backend-haproxy-configuration-helper:rend
    [promise-backend-haproxy-configuration-helper] [promise-backend-haproxy-configuration-helper]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
    rendered = ${directory:bin}/backend-haproxy-read-last-configuration-state rendered = ${directory:bin}/backend-haproxy-read-last-configuration-state
    mode = 0700 mode = 0700
    content = content =
    ...@@ -855,7 +824,7 @@ extra-context = ...@@ -855,7 +824,7 @@ extra-context =
    [backend-haproxy-rsyslogd] [backend-haproxy-rsyslogd]
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ parameter_dict['rsyslogd_executable'] }} -i ${backend-haproxy-rsyslogd-config:pid-file} -n -f ${backend-haproxy-rsyslogd-configuration:rendered} command-line = {{ software_parameter_dict['rsyslogd_executable'] }} -i ${backend-haproxy-rsyslogd-config:pid-file} -n -f ${backend-haproxy-rsyslogd-configuration:rendered}
    wrapper-path = ${directory:service}/backend-haproxy-rsyslogd wrapper-path = ${directory:service}/backend-haproxy-rsyslogd
    hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    ...@@ -867,8 +836,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -867,8 +836,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
    # directly, and in our case it can come from the network, thus resulting # directly, and in our case it can come from the network, thus resulting
    # with need to strip !py!'u' # with need to strip !py!'u'
    monitor-httpd-port = {{ instance_parameter['configuration.monitor-httpd-port'] | int }} monitor-httpd-port = {{ instance_parameter_dict['configuration.monitor-httpd-port'] | int }}
    password = {{ instance_parameter['configuration.monitor-password'] | string }} password = {{ instance_parameter_dict['configuration.monitor-password'] | string }}
    [monitor-conf-parameters] [monitor-conf-parameters]
    private-path-list += private-path-list +=
    ...@@ -877,35 +846,35 @@ private-path-list += ...@@ -877,35 +846,35 @@ private-path-list +=
    [monitor-traffic-summary-last-stats-wrapper] [monitor-traffic-summary-last-stats-wrapper]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_wrapper'] }} template = {{ software_parameter_dict['template_wrapper'] }}
    rendered = ${directory:bin}/traffic-summary-last-stats_every_1_hour rendered = ${directory:bin}/traffic-summary-last-stats_every_1_hour
    mode = 0700 mode = 0700
    command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ parameter_dict['trafficserver'] }}/bin/traffic_logstats -f ${trafficserver-directory:log}/squid.blog)</pre>" command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ software_parameter_dict['trafficserver'] }}/bin/traffic_logstats -f ${trafficserver-directory:log}/squid.blog)</pre>"
    extra-context = extra-context =
    key content monitor-traffic-summary-last-stats-wrapper:command key content monitor-traffic-summary-last-stats-wrapper:command
    # Produce ATS Cache stats # Produce ATS Cache stats
    [monitor-ats-cache-stats-wrapper] [monitor-ats-cache-stats-wrapper]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_wrapper'] }} template = {{ software_parameter_dict['template_wrapper'] }}
    rendered = ${directory:bin}/ats-cache-stats_every_1_hour rendered = ${directory:bin}/ats-cache-stats_every_1_hour
    mode = 0700 mode = 0700
    command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ parameter_dict['trafficserver'] }}/bin/traffic_shell ${monitor-ats-cache-stats-config:rendered})</pre>" command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ software_parameter_dict['trafficserver'] }}/bin/traffic_shell ${monitor-ats-cache-stats-config:rendered})</pre>"
    extra-context = extra-context =
    key content monitor-ats-cache-stats-wrapper:command key content monitor-ats-cache-stats-wrapper:command
    [monitor-caddy-server-status-wrapper] [monitor-caddy-server-status-wrapper]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_wrapper'] }} template = {{ software_parameter_dict['template_wrapper'] }}
    rendered = ${directory:bin}/monitor-caddy-server-status-wrapper rendered = ${directory:bin}/monitor-caddy-server-status-wrapper
    mode = 0700 mode = 0700
    command = {{ parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1 command = {{ software_parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter_dict['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1
    extra-context = extra-context =
    key content monitor-caddy-server-status-wrapper:command key content monitor-caddy-server-status-wrapper:command
    [monitor-ats-cache-stats-config] [monitor-ats-cache-stats-config]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
    rendered = ${trafficserver-configuration-directory:target}/cache-config.stats rendered = ${trafficserver-configuration-directory:target}/cache-config.stats
    mode = 644 mode = 644
    context = context =
    ...@@ -930,31 +899,31 @@ extra-context = ...@@ -930,31 +899,31 @@ extra-context =
    [slave-introspection-frontend] [slave-introspection-frontend]
    <= slap-connection <= slap-connection
    recipe = slapos.cookbook:requestoptional recipe = slapos.cookbook:requestoptional
    name = Slave Introspection Frontend {{ instance_parameter['configuration.frontend-name'] }} name = Slave Introspection Frontend {{ instance_parameter_dict['configuration.frontend-name'] }}
    software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
    slave = true slave = true
    config-url = https://[${slap-network-information:global-ipv6}]:{{ instance_parameter['configuration.slave-introspection-https-port'] }}/ config-url = https://[${slap-network-information:global-ipv6}]:{{ instance_parameter_dict['configuration.slave-introspection-https-port'] }}/
    config-https-only = true config-https-only = true
    return = domain secure_access return = domain secure_access
    [backend-haproxy-statistic-frontend] [backend-haproxy-statistic-frontend]
    <= slap-connection <= slap-connection
    recipe = slapos.cookbook:requestoptional recipe = slapos.cookbook:requestoptional
    name = Backend Haproxy Statistic Frontend {{ instance_parameter['configuration.frontend-name'] }} name = Backend Haproxy Statistic Frontend {{ instance_parameter_dict['configuration.frontend-name'] }}
    software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
    slave = true slave = true
    config-url = https://[${slap-network-information:global-ipv6}]:{{ instance_parameter['configuration.backend-haproxy-statistic-port'] }}/ config-url = https://[${slap-network-information:global-ipv6}]:{{ instance_parameter_dict['configuration.backend-haproxy-statistic-port'] }}/
    config-https-only = true config-https-only = true
    return = domain secure_access return = domain secure_access
    [slave-introspection-configuration-state] [slave-introspection-configuration-state]
    <= jinja2-template-base <= jinja2-template-base
    template = {{ parameter_dict['template_configuration_state_script'] }} template = {{ software_parameter_dict['template_configuration_state_script'] }}
    rendered = ${directory:bin}/${:_buildout_section_name_} rendered = ${directory:bin}/${:_buildout_section_name_}
    mode = 0700 mode = 0700
    path_list = ${frontend-configuration:slave-introspection-configuration} ${frontend-configuration:ip-access-certificate} path_list = ${frontend-configuration:slave-introspection-configuration} ${frontend-configuration:ip-access-certificate}
    sha256sum = {{ parameter_dict['sha256sum'] }} sha256sum = {{ software_parameter_dict['sha256sum'] }}
    extra-context = extra-context =
    key path_list :path_list key path_list :path_list
    ...@@ -971,7 +940,7 @@ signature_file = ${directory:run}/slave_introspection_validate_configuration_sta ...@@ -971,7 +940,7 @@ signature_file = ${directory:run}/slave_introspection_validate_configuration_sta
    [slave-introspection-graceful] [slave-introspection-graceful]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_graceful_script'] }} template = {{ software_parameter_dict['template_graceful_script'] }}
    rendered = ${directory:etc-run}/slave-introspection-safe-graceful rendered = ${directory:etc-run}/slave-introspection-safe-graceful
    mode = 0700 mode = 0700
    ...@@ -981,11 +950,11 @@ extra-context = ...@@ -981,11 +950,11 @@ extra-context =
    [slave-introspection-validate] [slave-introspection-validate]
    <= jinja2-template-base <= jinja2-template-base
    template = {{ parameter_dict['template_validate_script'] }} template = {{ software_parameter_dict['template_validate_script'] }}
    rendered = ${directory:bin}/slave-introspection-validate rendered = ${directory:bin}/slave-introspection-validate
    mode = 0700 mode = 0700
    last_state_file = ${directory:run}/slave_introspection_configuration_last_state last_state_file = ${directory:run}/slave_introspection_configuration_last_state
    validate_command = {{ parameter_dict['nginx'] }} -c ${frontend-configuration:slave-introspection-configuration} -t validate_command = {{ software_parameter_dict['nginx'] }} -c ${frontend-configuration:slave-introspection-configuration} -t
    extra-context = extra-context =
    key validate_command :validate_command key validate_command :validate_command
    key configuration_state_command slave-introspection-configuration-state-validate:rendered key configuration_state_command slave-introspection-configuration-state-validate:rendered
    ...@@ -999,7 +968,7 @@ config-verification-script = ${promise-slave-introspection-configuration-helper: ...@@ -999,7 +968,7 @@ config-verification-script = ${promise-slave-introspection-configuration-helper:
    [promise-slave-introspection-configuration-helper] [promise-slave-introspection-configuration-helper]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
    rendered = ${directory:bin}/slave-introspection-read-last-configuration-state rendered = ${directory:bin}/slave-introspection-read-last-configuration-state
    mode = 0700 mode = 0700
    content = content =
    ...@@ -1012,7 +981,7 @@ context = ...@@ -1012,7 +981,7 @@ context =
    <= monitor-promise-base <= monitor-promise-base
    module = check_port_listening module = check_port_listening
    name = slave_introspection_https.py name = slave_introspection_https.py
    config-hostname = {{ instance_parameter['ipv6-random'] }} config-hostname = {{ instance_parameter_dict['ipv6-random'] }}
    config-port = ${frontend-configuration:slave-introspection-https-port} config-port = ${frontend-configuration:slave-introspection-https-port}
    [logrotate-entry-slave-introspection] [logrotate-entry-slave-introspection]
    ...@@ -1031,9 +1000,25 @@ config-command = ...@@ -1031,9 +1000,25 @@ config-command =
    ${logrotate:wrapper-path} -d ${logrotate:wrapper-path} -d
    [configuration] [configuration]
    {%- for key, value in instance_parameter.iteritems() -%} {%- for key, value in instance_parameter_dict.iteritems() -%}
    {%- if key.startswith('configuration.') %} {%- if key.startswith('configuration.') %}
    {{ key.replace('configuration.', '') }} = {{ dumps(value) }} {{ key.replace('configuration.', '') }} = {{ dumps(value) }}
    {%- endif -%} {%- endif -%}
    {%- endfor -%} {%- endfor %}
    {%- endif -%} {# if slap_software_type == software_type #}
    [instance-parameter-section]
    {#- There are dangerous keys like recipe, etc #}
    {#- XXX: Some other approach would be useful #}
    {%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
    {%- for key, value in instance_parameter_dict.iteritems() -%}
    {%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
    {{ key }} = {{ dumps(value) }}
    {%- endif -%}
    {%- endfor %}
    [software-parameter-section]
    {%- for key, value in software_parameter_dict.iteritems() %}
    {{ key }} = {{ dumps(value) }}
    {%- endfor %}
    {%- endif -%} {# if instance_parameter_dict['slap-software-type'] == software_type #}
    software/caddy-frontend/instance-apache-replicate.cfg.in
    View file @ d1334b4b
    {% if slap_software_type in software_type %} {% if instance_parameter_dict['slap-software-type'] in software_type %}
    {% set aibcc_enabled = True %} {% set aibcc_enabled = True %}
    {% import "caucase" as caucase with context %} {% import "caucase" as caucase with context %}
    {#- SERVER_POLLUTED_KEY_LIST is a list of keys which comes from various SlapOS Master implementations, which mix request and publish keys on each slave information -#} {#- SERVER_POLLUTED_KEY_LIST is a list of keys which comes from various SlapOS Master implementations, which mix request and publish keys on each slave information -#}
    {%- set SERVER_POLLUTED_KEY_LIST = ['connection-parameter-hash', 'timestamp', 'slave_title', 'slap_software_type'] -%} {%- set SERVER_POLLUTED_KEY_LIST = ['connection-parameter-hash', 'timestamp', 'slave_title', 'slap_software_type'] -%}
    {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
    {%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %} {%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %}
    {#- Allow to pass only some parameters to frontend nodes #}
    {%- set FRONTEND_NODE_PASSED_KEY_LIST = [
    'plain_http_port',
    'port',
    'apache-certificate',
    'apache-key',
    'domain',
    'enable-http2-by-default',
    'global-disable-http2',
    'mpm-graceful-shutdown-timeout',
    'public-ipv4',
    're6st-verification-url',
    'backend-connect-timeout',
    'backend-connect-retries',
    'ciphers',
    'request-timeout',
    'authenticate-to-backend',
    ]
    %}
    {% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %} {% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %}
    {% set aibcc_enabled = slapparameter_dict.get('automatic-internal-backend-client-caucase-csr', 'true').lower() in TRUE_VALUES %} {% set aibcc_enabled = slapparameter_dict.get('automatic-internal-backend-client-caucase-csr', 'true').lower() in TRUE_VALUES %}
    {# Ports 8401, 8402 and 8410+1..N are reserved for monitor ports on various partitions #} {# Ports 8401, 8402 and 8410+1..N are reserved for monitor ports on various partitions #}
    {% set master_partition_monitor_monitor_httpd_port = 8401 %} {% set master_partition_monitor_monitor_httpd_port = 8401 %}
    {% set kedifa_partition_monitor_httpd_port = 8402 %} {% set kedifa_partition_monitor_httpd_port = 8402 %}
    {% set frontend_monitor_httpd_base_port = 8410 %} {% set frontend_monitor_httpd_base_port = 8410 %}
    {% set caucase_host = '[' ~ instance_parameter['ipv6-random'] ~ ']' %} {% set caucase_host = '[' ~ instance_parameter_dict['ipv6-random'] ~ ']' %}
    {% set caucase_netloc = caucase_host ~ ':' ~ instance_parameter['configuration.caucase_backend_client_port'] %} {% set caucase_netloc = caucase_host ~ ':' ~ instance_parameter_dict['configuration.caucase_backend_client_port'] %}
    {% set caucase_url = 'http://' ~ caucase_netloc %} {% set caucase_url = 'http://' ~ caucase_netloc %}
    [jinja2-template-base] [jinja2-template-base]
    recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
    ...@@ -20,18 +39,18 @@ rendered = ${buildout:directory}/${:filename} ...@@ -20,18 +39,18 @@ rendered = ${buildout:directory}/${:filename}
    extra-context = extra-context =
    context = context =
    import json_module json import json_module json
    raw common_profile {{ common_profile }} raw profile_common {{ software_parameter_dict['profile_common'] }}
    ${:extra-context} ${:extra-context}
    {% set popen = functools_module.partial(subprocess_module.Popen, stdout=subprocess_module.PIPE, stderr=subprocess_module.STDOUT, stdin=subprocess_module.PIPE) %} {% set popen = functools_module.partial(subprocess_module.Popen, stdout=subprocess_module.PIPE, stderr=subprocess_module.STDOUT, stdin=subprocess_module.PIPE) %}
    {% set part_list = [] %} {% set part_list = [] %}
    {% set single_type_key = 'single-' %} {% set single_type_key = 'single-' %}
    {% if slap_software_type == "replicate" %} {% if instance_parameter_dict['slap-software-type'] == "replicate" %}
    {% set frontend_type = slapparameter_dict.pop('-frontend-type', 'single-default') %} {% set frontend_type = slapparameter_dict.pop('-frontend-type', 'single-default') %}
    {% elif slap_software_type in ['default', 'RootSoftwareInstance'] %} {% elif instance_parameter_dict['slap-software-type'] in ['default', 'RootSoftwareInstance'] %}
    {% set frontend_type = "%s%s" % (single_type_key, 'custom-personal') %} {% set frontend_type = "%s%s" % (single_type_key, 'custom-personal') %}
    {% else %} {% else %}
    {% set frontend_type = "%s%s" % (single_type_key, slap_software_type) %} {% set frontend_type = "%s%s" % (single_type_key, instance_parameter_dict['slap-software-type']) %}
    {% endif %} {% endif %}
    {% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '1') | int %} {% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '1') | int %}
    {% set slave_list_name = 'extra_slave_instance_list' %} {% set slave_list_name = 'extra_slave_instance_list' %}
    ...@@ -70,16 +89,19 @@ context = ...@@ -70,16 +89,19 @@ context =
    {% endfor %} {% endfor %}
    {% do config_dict.__setitem__('monitor-httpd-port', frontend_monitor_httpd_base_port + i) %} {% do config_dict.__setitem__('monitor-httpd-port', frontend_monitor_httpd_base_port + i) %}
    {% do config_dict.__setitem__('backend-client-caucase-url', caucase_url) %} {% do config_dict.__setitem__('backend-client-caucase-url', caucase_url) %}
    {% do frontend_list.append(frontend_name) %} {% set state_key = "-frontend-%s-state" % i %}
    {% do frontend_section_list.append(request_section_title) %} {% set frontend_state = slapparameter_dict.pop(state_key, None) %}
    {% if frontend_state != 'destroyed' %}
    {% do frontend_list.append(frontend_name) %}
    {% do frontend_section_list.append(request_section_title) %}
    {% endif %}
    {% do part_list.append(request_section_title) %} {% do part_list.append(request_section_title) %}
    # Filling request dict for slave # Filling request dict for slave
    {% set state_key = "-frontend-%s-state" % i %}
    {% set request_content_dict = { {% set request_content_dict = {
    'config': config_dict, 'config': config_dict,
    'name': frontend_name, 'name': frontend_name,
    'sla': sla_dict, 'sla': sla_dict,
    'state': slapparameter_dict.pop(state_key, None) 'state': frontend_state
    } %} } %}
    {% set frontend_software_url_key = "-frontend-%s-software-release-url" % i %} {% set frontend_software_url_key = "-frontend-%s-software-release-url" % i %}
    {% do request_content_dict.__setitem__('software-url', slapparameter_dict.get(frontend_software_url_key) or '${slap-connection:software-release-url}') %} {% do request_content_dict.__setitem__('software-url', slapparameter_dict.get(frontend_software_url_key) or '${slap-connection:software-release-url}') %}
    ...@@ -92,7 +114,7 @@ context = ...@@ -92,7 +114,7 @@ context =
    {% set rejected_slave_title_dict = {} %} {% set rejected_slave_title_dict = {} %}
    {% set warning_slave_dict = {} %} {% set warning_slave_dict = {} %}
    {% set used_host_list = [] %} {% set used_host_list = [] %}
    {% for slave in sorted(slave_instance_list) %} {% for slave in sorted(instance_parameter_dict['slave-instance-list']) %}
    {% set slave_error_list = [] %} {% set slave_error_list = [] %}
    {% set slave_warning_list = [] %} {% set slave_warning_list = [] %}
    {% set slave_server_alias_unclashed = [] %} {% set slave_server_alias_unclashed = [] %}
    ...@@ -142,7 +164,7 @@ context = ...@@ -142,7 +164,7 @@ context =
    {% for url_key in ['url', 'https-url'] %} {% for url_key in ['url', 'https-url'] %}
    {% if url_key in slave %} {% if url_key in slave %}
    {% set url = (slave[url_key] or '').strip() %} {% set url = (slave[url_key] or '').strip() %}
    {% if subprocess_module.call([caddy_backend_url_validator, url]) == 1 or not validators.url(url) %} {% if subprocess_module.call([software_parameter_dict['caddy_backend_url_validator'], url]) == 1 or not validators.url(url) %}
    {% do slave_error_list.append('slave %s %r invalid' % (url_key, url)) %} {% do slave_error_list.append('slave %s %r invalid' % (url_key, url)) %}
    {% elif url != slave[url_key] %} {% elif url != slave[url_key] %}
    {% do slave_warning_list.append('slave %s %r has been converted to %r' % (url_key, slave[url_key], url)) %} {% do slave_warning_list.append('slave %s %r has been converted to %r' % (url_key, slave[url_key], url)) %}
    ...@@ -151,7 +173,7 @@ context = ...@@ -151,7 +173,7 @@ context =
    {% endfor %} {% endfor %}
    {% if 'ssl_proxy_ca_crt' in slave %} {% if 'ssl_proxy_ca_crt' in slave %}
    {% set ssl_proxy_ca_crt = slave.get('ssl_proxy_ca_crt', '') %} {% set ssl_proxy_ca_crt = slave.get('ssl_proxy_ca_crt', '') %}
    {% set check_popen = popen([parameter_dict['openssl'], 'x509', '-noout']) %} {% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %}
    {% do check_popen.communicate(ssl_proxy_ca_crt) %} {% do check_popen.communicate(ssl_proxy_ca_crt) %}
    {% if check_popen.returncode != 0 %} {% if check_popen.returncode != 0 %}
    {% do slave_error_list.append('ssl_proxy_ca_crt is invalid') %} {% do slave_error_list.append('ssl_proxy_ca_crt is invalid') %}
    ...@@ -167,8 +189,8 @@ context = ...@@ -167,8 +189,8 @@ context =
    {% do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required') %} {% do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required') %}
    {% endif %} {% endif %}
    {% if slave.get('ssl_key') and slave.get('ssl_crt') %} {% if slave.get('ssl_key') and slave.get('ssl_crt') %}
    {% set key_popen = popen([parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %} {% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
    {% set crt_popen = popen([parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %} {% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
    {% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %} {% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
    {% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %} {% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
    {% if not key_modulus or key_modulus != crt_modulus %} {% if not key_modulus or key_modulus != crt_modulus %}
    ...@@ -217,6 +239,13 @@ config-monitor-password = ${monitor-htpasswd:passwd} ...@@ -217,6 +239,13 @@ config-monitor-password = ${monitor-htpasswd:passwd}
    software-type = {{frontend_type}} software-type = {{frontend_type}}
    return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate backend-haproxy-statistic-url return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate backend-haproxy-statistic-url
    {#- Send only needed parameters to frontend nodes #}
    {%- set base_node_configuration_dict = {} %}
    {%- for key in FRONTEND_NODE_PASSED_KEY_LIST %}
    {%- if key in slapparameter_dict %}
    {%- do base_node_configuration_dict.__setitem__(key, slapparameter_dict[key]) %}
    {%- endif %}
    {%- endfor %}
    {% for section, frontend_request in request_dict.iteritems() %} {% for section, frontend_request in request_dict.iteritems() %}
    {% set state = frontend_request.get('state', '') %} {% set state = frontend_request.get('state', '') %}
    [{{section}}] [{{section}}]
    ...@@ -230,15 +259,18 @@ config-slave-kedifa-information = ${request-kedifa:connection-slave-kedifa-infor ...@@ -230,15 +259,18 @@ config-slave-kedifa-information = ${request-kedifa:connection-slave-kedifa-infor
    config-kedifa-caucase-url = ${request-kedifa:connection-caucase-url} config-kedifa-caucase-url = ${request-kedifa:connection-caucase-url}
    config-backend-client-caucase-url = {{ caucase_url }} config-backend-client-caucase-url = {{ caucase_url }}
    config-master-key-download-url = ${request-kedifa:connection-master-key-download-url} config-master-key-download-url = ${request-kedifa:connection-master-key-download-url}
    config-cluster-identification = {{ cluster_identification }} config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
    {# Do not send additional parameters for destroyed nodes #} {# Do not send additional parameters for destroyed nodes #}
    {% if state != 'destroyed' %} {% if state != 'destroyed' %}
    {% set slave_configuration_dict = slapparameter_dict %} {% set node_configuration_dict = {} %}
    {% do slave_configuration_dict.update(frontend_request.get('config')) %} {% do node_configuration_dict.update(frontend_request.get('config')) %}
    {# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
    {% do slave_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %} {% do node_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %}
    {% do slave_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %} {% do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
    {%- for config_key, config_value in slave_configuration_dict.iteritems() %} {%- for config_key, config_value in node_configuration_dict.iteritems() %}
    config-{{ config_key }} = {{ dumps(config_value) }}
    {% endfor -%}
    {%- for config_key, config_value in base_node_configuration_dict.iteritems() %}
    config-{{ config_key }} = {{ dumps(config_value) }} config-{{ config_key }} = {{ dumps(config_value) }}
    {% endfor -%} {% endfor -%}
    {% endif %} {% endif %}
    ...@@ -260,7 +292,7 @@ sla-{{ parameter }} = {{ value }} ...@@ -260,7 +292,7 @@ sla-{{ parameter }} = {{ value }}
    <= monitor-publish <= monitor-publish
    recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
    domain = {{ slapparameter_dict.get('domain') }} domain = {{ slapparameter_dict.get('domain') }}
    slave-amount = {{ slave_instance_list | length }} slave-amount = {{ instance_parameter_dict['slave-instance-list'] | length }}
    accepted-slave-amount = {{ authorized_slave_list | length }} accepted-slave-amount = {{ authorized_slave_list | length }}
    rejected-slave-amount = {{ rejected_slave_dict | length }} rejected-slave-amount = {{ rejected_slave_dict | length }}
    backend-client-caucase-url = {{ caucase_url }} backend-client-caucase-url = {{ caucase_url }}
    ...@@ -327,7 +359,7 @@ config-{{ key }} = {{ dumps(slapparameter_dict[key]) }} ...@@ -327,7 +359,7 @@ config-{{ key }} = {{ dumps(slapparameter_dict[key]) }}
    {%- endif %} {%- endif %}
    {%- endfor %} {%- endfor %}
    config-slave-list = {{ dumps(authorized_slave_list) }} config-slave-list = {{ dumps(authorized_slave_list) }}
    config-cluster-identification = {{ cluster_identification }} config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
    {% set software_url_key = "-kedifa-software-release-url" %} {% set software_url_key = "-kedifa-software-release-url" %}
    {% if slapparameter_dict.has_key(software_url_key) %} {% if slapparameter_dict.has_key(software_url_key) %}
    ...@@ -365,7 +397,7 @@ sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }} ...@@ -365,7 +397,7 @@ sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }}
    [active-slave-instance] [active-slave-instance]
    {% set active_slave_instance_list = [] %} {% set active_slave_instance_list = [] %}
    {% for slave_instance in slave_instance_list %} {% for slave_instance in instance_parameter_dict['slave-instance-list'] %}
    {# Provide a list of slave titles send by master, in order to filter out already destroyed slaves #} {# Provide a list of slave titles send by master, in order to filter out already destroyed slaves #}
    {# Note: This functionality is not yet covered by tests, please modify with care #} {# Note: This functionality is not yet covered by tests, please modify with care #}
    {% do active_slave_instance_list.append(slave_instance['slave_reference']) %} {% do active_slave_instance_list.append(slave_instance['slave_reference']) %}
    ...@@ -375,7 +407,7 @@ active-slave-instance-list = {{ json_module.dumps(active_slave_instance_list, so ...@@ -375,7 +407,7 @@ active-slave-instance-list = {{ json_module.dumps(active_slave_instance_list, so
    [dynamic-publish-slave-information] [dynamic-publish-slave-information]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ template_publish_slave_information }} template = {{ software_parameter_dict['profile_replicate_publish_slave_information'] }}
    filename = dynamic-publish-slave-information.cfg filename = dynamic-publish-slave-information.cfg
    extensions = jinja2.ext.do extensions = jinja2.ext.do
    extra-context = extra-context =
    ...@@ -399,6 +431,8 @@ backup = ${:srv}/backup ...@@ -399,6 +431,8 @@ backup = ${:srv}/backup
    # CAUCASE directories # CAUCASE directories
    caucased = ${:srv}/caucased caucased = ${:srv}/caucased
    backup-caucased = ${:backup}/caucased backup-caucased = ${:backup}/caucased
    # NGINX
    rejected-var = ${:var}/rejected-nginx
    {% if aikc_enabled %} {% if aikc_enabled %}
    [directory] [directory]
    ...@@ -418,11 +452,11 @@ csr_id = ${directory:aikc}/csr_id ...@@ -418,11 +452,11 @@ csr_id = ${directory:aikc}/csr_id
    [aikc-user-csr] [aikc-user-csr]
    recipe = plone.recipe.command recipe = plone.recipe.command
    organization = {{ cluster_identification }} organization = {{ instance_parameter_dict['root-instance-title'] }}
    organizational_unit = Automatic Internal Kedifa Caucase CSR organizational_unit = Automatic Internal Kedifa Caucase CSR
    command = command =
    if [ ! -f ${:csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:csr} ] && [ ! -f ${:key} ] ; then
    {{ parameter_dict['openssl'] }} req -new -sha256 \ {{ software_parameter_dict['openssl'] }} req -new -sha256 \
    -newkey rsa:2048 -nodes -keyout ${:key} \ -newkey rsa:2048 -nodes -keyout ${:key} \
    -subj "/O=${:organization}/OU=${:organizational_unit}" \ -subj "/O=${:organization}/OU=${:organizational_unit}" \
    -out ${:csr} -out ${:csr}
    ...@@ -430,6 +464,7 @@ command = ...@@ -430,6 +464,7 @@ command =
    update-command = ${:command} update-command = ${:command}
    csr = ${aikc-config:csr} csr = ${aikc-config:csr}
    key = ${aikc-config:key} key = ${aikc-config:key}
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    ...@@ -438,8 +473,8 @@ stop-on-error = True ...@@ -438,8 +473,8 @@ stop-on-error = True
    recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
    context = context =
    key caucase_url aikc-config:caucase-url key caucase_url aikc-config:caucase-url
    template = inline:#!{{ parameter_dict['dash'] }}/bin/dash template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
    exec {{ parameter_dict['bin_directory'] }}/caucase \ exec {{ software_parameter_dict['bin_directory'] }}/caucase \
    {# raw block to use context #} {# raw block to use context #}
    {% raw %} {% raw %}
    --ca-url {{ caucase_url }} \ --ca-url {{ caucase_url }} \
    ...@@ -456,7 +491,8 @@ mode = 0700 ...@@ -456,7 +491,8 @@ mode = 0700
    {% do part_list.append('aikc-create-user') %} {% do part_list.append('aikc-create-user') %}
    [aikc-create-user] [aikc-create-user]
    recipe = plone.recipe.command recipe = plone.recipe.command
    stop-on-error = True {#- The called command is smart enough to survive errors and retry #}
    stop-on-error = False
    update-command = ${:command} update-command = ${:command}
    command = command =
    if ! [ -f ${aikc-config:user-created} ] ; then if ! [ -f ${aikc-config:user-created} ] ; then
    ...@@ -472,7 +508,7 @@ command = ...@@ -472,7 +508,7 @@ command =
    {% do part_list.append('aikc-user-caucase-updater-promise') %} {% do part_list.append('aikc-user-caucase-updater-promise') %}
    {{ caucase.updater( {{ caucase.updater(
    prefix='aikc-user-caucase-updater', prefix='aikc-user-caucase-updater',
    buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
    updater_path='${directory:service}/aikc-user-caucase-updater', updater_path='${directory:service}/aikc-user-caucase-updater',
    url='${aikc-config:caucase-url}', url='${aikc-config:caucase-url}',
    data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
    ...@@ -503,7 +539,7 @@ recipe = slapos.recipe.template:jinja2 ...@@ -503,7 +539,7 @@ recipe = slapos.recipe.template:jinja2
    context = context =
    key csr_id_url request-{{ csr }}:connection-csr_id-url key csr_id_url request-{{ csr }}:connection-csr_id-url
    key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate
    template = inline:#!{{ parameter_dict['dash'] }}/bin/dash template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
    test -f ${directory:aikc}/{{ csr }}-done && exit 0 test -f ${directory:aikc}/{{ csr }}-done && exit 0
    ${buildout:executable} ${aikc-check-certificate:rendered} \ ${buildout:executable} ${aikc-check-certificate:rendered} \
    {# raw block to use context #} {# raw block to use context #}
    ...@@ -512,7 +548,7 @@ template = inline:#!{{ parameter_dict['dash'] }}/bin/dash ...@@ -512,7 +548,7 @@ template = inline:#!{{ parameter_dict['dash'] }}/bin/dash
    """{{ csr_id_certificate }}""" """{{ csr_id_certificate }}"""
    {% endraw %} {% endraw %}
    if [ $? = 0 ]; then if [ $? = 0 ]; then
    csr_id=`{{ parameter_dict['curl'] }}/bin/curl -s -k -g \ csr_id=`{{ software_parameter_dict['curl'] }}/bin/curl -s -k -g \
    {% raw %} {% raw %}
    {{ csr_id_url }} \ {{ csr_id_url }} \
    {% endraw %} {% endraw %}
    ...@@ -525,7 +561,8 @@ mode = 0700 ...@@ -525,7 +561,8 @@ mode = 0700
    {% do part_list.append('aikc-%s' % (csr,)) %} {% do part_list.append('aikc-%s' % (csr,)) %}
    [aikc-{{ csr }}] [aikc-{{ csr }}]
    recipe = plone.recipe.command recipe = plone.recipe.command
    stop-on-error = True {#- The called command is smart enough to survive errors and retry #}
    stop-on-error = False
    command = command =
    ${aikc-{{ csr }}-wrapper:rendered} ${aikc-{{ csr }}-wrapper:rendered}
    update-command = ${:command} update-command = ${:command}
    ...@@ -550,11 +587,11 @@ csr_id = ${directory:aibcc}/csr_id ...@@ -550,11 +587,11 @@ csr_id = ${directory:aibcc}/csr_id
    [aibcc-user-csr] [aibcc-user-csr]
    recipe = plone.recipe.command recipe = plone.recipe.command
    organization = {{ cluster_identification }} organization = {{ instance_parameter_dict['root-instance-title'] }}
    organizational_unit = Automatic Sign Backend Client Caucase CSR organizational_unit = Automatic Sign Backend Client Caucase CSR
    command = command =
    if [ ! -f ${:csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:csr} ] && [ ! -f ${:key} ] ; then
    {{ parameter_dict['openssl'] }} req -new -sha256 \ {{ software_parameter_dict['openssl'] }} req -new -sha256 \
    -newkey rsa:2048 -nodes -keyout ${:key} \ -newkey rsa:2048 -nodes -keyout ${:key} \
    -subj "/O=${:organization}/OU=${:organizational_unit}" \ -subj "/O=${:organization}/OU=${:organizational_unit}" \
    -out ${:csr} -out ${:csr}
    ...@@ -562,6 +599,7 @@ command = ...@@ -562,6 +599,7 @@ command =
    update-command = ${:command} update-command = ${:command}
    csr = ${aibcc-config:csr} csr = ${aibcc-config:csr}
    key = ${aibcc-config:key} key = ${aibcc-config:key}
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    ...@@ -570,8 +608,8 @@ stop-on-error = True ...@@ -570,8 +608,8 @@ stop-on-error = True
    recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
    context = context =
    key caucase_url aibcc-config:caucase-url key caucase_url aibcc-config:caucase-url
    template = inline:#!{{ parameter_dict['dash'] }}/bin/dash template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
    exec {{ parameter_dict['bin_directory'] }}/caucase \ exec {{ software_parameter_dict['bin_directory'] }}/caucase \
    {# raw block to use context #} {# raw block to use context #}
    {% raw %} {% raw %}
    --ca-url {{ caucase_url }} \ --ca-url {{ caucase_url }} \
    ...@@ -590,6 +628,7 @@ mode = 0700 ...@@ -590,6 +628,7 @@ mode = 0700
    recipe = plone.recipe.command recipe = plone.recipe.command
    # the caucase for this part is provided in this profile, so we can't fail # the caucase for this part is provided in this profile, so we can't fail
    # as otherwise caucase will never be started... # as otherwise caucase will never be started...
    {#- XXX: Create promise #}
    stop-on-error = False stop-on-error = False
    update-command = ${:command} update-command = ${:command}
    command = command =
    ...@@ -606,7 +645,7 @@ command = ...@@ -606,7 +645,7 @@ command =
    {% do part_list.append('aibcc-user-caucase-updater-promise') %} {% do part_list.append('aibcc-user-caucase-updater-promise') %}
    {{ caucase.updater( {{ caucase.updater(
    prefix='aibcc-user-caucase-updater', prefix='aibcc-user-caucase-updater',
    buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
    updater_path='${directory:service}/aibcc-user-caucase-updater', updater_path='${directory:service}/aibcc-user-caucase-updater',
    url='${aibcc-config:caucase-url}', url='${aibcc-config:caucase-url}',
    data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
    ...@@ -636,7 +675,7 @@ recipe = slapos.recipe.template:jinja2 ...@@ -636,7 +675,7 @@ recipe = slapos.recipe.template:jinja2
    context = context =
    key csr_id_url request-{{ csr }}:connection-backend-client-csr_id-url key csr_id_url request-{{ csr }}:connection-backend-client-csr_id-url
    key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate
    template = inline:#!{{ parameter_dict['dash'] }}/bin/dash template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
    test -f ${directory:aibcc}/{{ csr }}-done && exit 0 test -f ${directory:aibcc}/{{ csr }}-done && exit 0
    ${buildout:executable} ${aibcc-check-certificate:rendered} \ ${buildout:executable} ${aibcc-check-certificate:rendered} \
    {# raw block to use context #} {# raw block to use context #}
    ...@@ -645,7 +684,7 @@ template = inline:#!{{ parameter_dict['dash'] }}/bin/dash ...@@ -645,7 +684,7 @@ template = inline:#!{{ parameter_dict['dash'] }}/bin/dash
    """{{ csr_id_certificate }}""" """{{ csr_id_certificate }}"""
    {% endraw %} {% endraw %}
    if [ $? = 0 ]; then if [ $? = 0 ]; then
    csr_id=`{{ parameter_dict['curl'] }}/bin/curl -s -k -g \ csr_id=`{{ software_parameter_dict['curl'] }}/bin/curl -s -k -g \
    {% raw %} {% raw %}
    {{ csr_id_url }} \ {{ csr_id_url }} \
    {% endraw %} {% endraw %}
    ...@@ -658,7 +697,8 @@ mode = 0700 ...@@ -658,7 +697,8 @@ mode = 0700
    {% do part_list.append('aibcc-%s' % (csr,)) %} {% do part_list.append('aibcc-%s' % (csr,)) %}
    [aibcc-{{ csr }}] [aibcc-{{ csr }}]
    recipe = plone.recipe.command recipe = plone.recipe.command
    stop-on-error = True {#- The called command is smart enough to survive errors and retry #}
    stop-on-error = False
    command = command =
    ${aibcc-{{ csr }}-wrapper:rendered} ${aibcc-{{ csr }}-wrapper:rendered}
    update-command = ${:command} update-command = ${:command}
    ...@@ -670,7 +710,7 @@ recipe = slapos.recipe.template:jinja2 ...@@ -670,7 +710,7 @@ recipe = slapos.recipe.template:jinja2
    filename = rejected-slave.json filename = rejected-slave.json
    directory = ${directory:promise-output} directory = ${directory:promise-output}
    rendered = ${:directory}/${:filename} rendered = ${:directory}/${:filename}
    template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
    {% if rejected_slave_title_dict %} {% if rejected_slave_title_dict %}
    {# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
    content = {{ dumps(json_module.dumps(rejected_slave_title_dict, indent=2, sort_keys=True)) }} content = {{ dumps(json_module.dumps(rejected_slave_title_dict, indent=2, sort_keys=True)) }}
    ...@@ -685,20 +725,15 @@ service = ${:etc}/service ...@@ -685,20 +725,15 @@ service = ${:etc}/service
    promise-output = ${:srv}/promise-output promise-output = ${:srv}/promise-output
    [rejected-slave-publish-configuration] [rejected-slave-publish-configuration]
    ip = {{ instance_parameter['ipv6-random'] }} ip = {{ instance_parameter_dict['ipv6-random'] }}
    port = 14455 port = 14455
    [rejected-slave-publish] [rejected-slave-publish]
    directory = ${rejected-slave-json:directory} directory = ${rejected-slave-json:directory}
    url = https://${rejected-slave-password:user}:${rejected-slave-password:passwd}@[${rejected-slave-publish-configuration:ip}]:${rejected-slave-publish-configuration:port}/${rejected-slave-json:filename} url = https://${rejected-slave-password:user}:${rejected-slave-password:passwd}@[${rejected-slave-publish-configuration:ip}]:${rejected-slave-publish-configuration:port}/${rejected-slave-json:filename}
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ parameter_dict['caddy'] }} command-line = {{ software_parameter_dict['nginx'] }}
    -conf ${rejected-slave-template:rendered} -c ${rejected-slave-template:rendered}
    -log stderr
    -http2=true
    -disable-http-challenge
    -disable-tls-alpn-challenge
    -root ${:directory}
    wrapper-path = ${directory:service}/rejected-slave-publish wrapper-path = ${directory:service}/rejected-slave-publish
    hash-existing-files = hash-existing-files =
    ...@@ -712,6 +747,7 @@ recipe = plone.recipe.command ...@@ -712,6 +747,7 @@ recipe = plone.recipe.command
    certificate = ${directory:etc}/rejected-slave.pem certificate = ${directory:etc}/rejected-slave.pem
    key = ${:certificate} key = ${:certificate}
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    update-command = ${:command} update-command = ${:command}
    command = command =
    ...@@ -728,18 +764,53 @@ storage-path = ${directory:etc}/.rejected-slave.passwd ...@@ -728,18 +764,53 @@ storage-path = ${directory:etc}/.rejected-slave.passwd
    bytes = 8 bytes = 8
    user = admin user = admin
    [rejected-slave-htpasswd]
    recipe = plone.recipe.command
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True
    file = ${directory:var}/nginx-rejected.htpasswd
    command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} ${rejected-slave-password:user} ${rejected-slave-password:passwd}
    update-command = ${:command}
    [rejected-slave-template] [rejected-slave-template]
    recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
    var = ${directory:rejected-var}
    pid = ${directory:var}/nginx-rejected.pid
    template = inline: template = inline:
    https://:${rejected-slave-publish-configuration:port}/ { daemon off;
    basicauth / ${rejected-slave-password:user} ${rejected-slave-password:passwd} pid ${:pid};
    tls ${rejected-slave-certificate:certificate} ${rejected-slave-certificate:key} error_log stderr;
    bind ${rejected-slave-publish-configuration:ip} events {
    log stderr }
    errors stderr http {
    include {{ software_parameter_dict['nginx_mime'] }};
    server {
    server_name_in_redirect off;
    port_in_redirect off;
    error_log stderr;
    access_log /dev/null;
    listen [${rejected-slave-publish-configuration:ip}]:${rejected-slave-publish-configuration:port} ssl;
    ssl_certificate ${rejected-slave-certificate:certificate};
    ssl_certificate_key ${rejected-slave-certificate:certificate};
    default_type application/octet-stream;
    client_body_temp_path ${:var} 1 2;
    proxy_temp_path ${:var} 1 2;
    fastcgi_temp_path ${:var} 1 2;
    uwsgi_temp_path ${:var} 1 2;
    scgi_temp_path ${:var} 1 2;
    location / {
    alias ${rejected-slave-json:directory}/;
    autoindex off;
    sendfile on;
    sendfile_max_chunk 1m;
    auth_basic "Rejected slave template";
    auth_basic_user_file ${rejected-slave-htpasswd:file};
    }
    }
    } }
    rendered = ${directory:etc}/Caddyfile-rejected-slave rendered = ${directory:etc}/nginx-rejected-slave.conf
    [promise-rejected-slave-publish-ip-port] [promise-rejected-slave-publish-ip-port]
    <= monitor-promise-base <= monitor-promise-base
    ...@@ -761,7 +832,7 @@ config-url = ${rejected-slave-publish:url} ...@@ -761,7 +832,7 @@ config-url = ${rejected-slave-publish:url}
    hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    {{ caucase.caucased( {{ caucase.caucased(
    prefix='caucased-backend-client', prefix='caucased-backend-client',
    buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
    caucased_path='${directory:service}/caucased-backend-client', caucased_path='${directory:service}/caucased-backend-client',
    backup_dir='${directory:backup-caucased}', backup_dir='${directory:backup-caucased}',
    data_dir='${directory:caucased}', data_dir='${directory:caucased}',
    ...@@ -773,8 +844,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -773,8 +844,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    [buildout] [buildout]
    extends = extends =
    {{ common_profile }} {{ software_parameter_dict['profile_common'] }}
    {{ template_monitor }} {{ software_parameter_dict['profile_monitor2'] }}
    parts = parts =
    monitor-base monitor-base
    publish-slave-information publish-slave-information
    ......
    software/caddy-frontend/instance-kedifa.cfg.in
    View file @ d1334b4b
    {%- if slap_software_type == software_type -%} {%- if instance_parameter_dict['slap-software-type'] == software_type -%}
    {% import "caucase" as caucase with context %} {% import "caucase" as caucase with context %}
    # KeDiFa instance profile # KeDiFa instance profile
    [buildout] [buildout]
    extends = extends =
    {{ parameter_dict['common_profile'] }} {{ software_parameter_dict['profile_common'] }}
    {{ parameter_dict['monitor_template'] }} {{ software_parameter_dict['profile_monitor'] }}
    {{ parameter_dict['logrotate_base_instance'] }} {{ software_parameter_dict['profile_logrotate_base'] }}
    parts = parts =
    monitor-base monitor-base
    ...@@ -25,18 +25,18 @@ parts = ...@@ -25,18 +25,18 @@ parts =
    # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
    # directly, and in our case it can come from the network, thus resulting # directly, and in our case it can come from the network, thus resulting
    # with need to strip !py!'u' # with need to strip !py!'u'
    monitor-httpd-port = {{ instance_parameter['configuration.monitor-httpd-port'] | int }} monitor-httpd-port = {{ instance_parameter_dict['configuration.monitor-httpd-port'] | int }}
    password = {{ instance_parameter['configuration.monitor-password'] | string }} password = {{ instance_parameter_dict['configuration.monitor-password'] | string }}
    [caucased] [caucased]
    hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    {% set caucase_host = '[' ~ instance_parameter['ipv6-random'] ~ ']' %} {% set caucase_host = '[' ~ instance_parameter_dict['ipv6-random'] ~ ']' %}
    {% set caucase_netloc = caucase_host ~ ':' ~ instance_parameter['configuration.caucase_port'] -%} {% set caucase_netloc = caucase_host ~ ':' ~ instance_parameter_dict['configuration.caucase_port'] -%}
    {% set caucase_url = 'http://' ~ caucase_netloc -%} {% set caucase_url = 'http://' ~ caucase_netloc -%}
    {{ caucase.caucased( {{ caucase.caucased(
    prefix='caucased', prefix='caucased',
    buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
    caucased_path='${directory:service}/caucased', caucased_path='${directory:service}/caucased',
    backup_dir='${directory:backup-caucased}', backup_dir='${directory:backup-caucased}',
    data_dir='${directory:caucased}', data_dir='${directory:caucased}',
    ...@@ -75,7 +75,8 @@ reservation = ${:srv}/reservation ...@@ -75,7 +75,8 @@ reservation = ${:srv}/reservation
    # csr_id publication # csr_id publication
    csr_id = ${:srv}/csr_id csr_id = ${:srv}/csr_id
    caddy-csr_id = ${:etc}/caddy-csr_id certificate-csr_id = ${:var}/certificate-csr_id
    expose-csr_id-var = ${:var}/expose-csr_id
    [kedifa-csr] [kedifa-csr]
    recipe = plone.recipe.command recipe = plone.recipe.command
    ...@@ -83,22 +84,23 @@ organization = {{ slapparameter_dict['cluster-identification'] }} ...@@ -83,22 +84,23 @@ organization = {{ slapparameter_dict['cluster-identification'] }}
    organizational_unit = Kedifa Partition organizational_unit = Kedifa Partition
    command = command =
    if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
    /bin/bash -c '{{ parameter_dict['openssl'] }} req -new -sha256 \ /bin/bash -c '{{ software_parameter_dict['openssl'] }} req -new -sha256 \
    -newkey rsa:2048 -nodes -keyout ${:key} \ -newkey rsa:2048 -nodes -keyout ${:key} \
    -subj "/O=${:organization}/OU=${:organizational_unit}" \ -subj "/O=${:organization}/OU=${:organizational_unit}" \
    -reqexts SAN \ -reqexts SAN \
    -config <(cat {{ parameter_dict['openssl_cnf'] }} \ -config <(cat {{ software_parameter_dict['openssl_cnf'] }} \
    <(printf "\n[SAN]\nsubjectAltName=IP:${kedifa-config:ip}")) \ <(printf "\n[SAN]\nsubjectAltName=IP:${kedifa-config:ip}")) \
    -out ${:template-csr}' -out ${:template-csr}'
    fi fi
    update-command = ${:command} update-command = ${:command}
    template-csr = ${kedifa-config:template-csr} template-csr = ${kedifa-config:template-csr}
    key = ${kedifa-config:key} key = ${kedifa-config:key}
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    {{ caucase.updater( {{ caucase.updater(
    prefix='caucase-updater', prefix='caucase-updater',
    buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
    updater_path='${directory:service}/caucase-updater', updater_path='${directory:service}/caucase-updater',
    url=caucase_url, url=caucase_url,
    data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
    ...@@ -119,7 +121,7 @@ csr_work_path = ${directory:tmp}/${:_buildout_section_name_} ...@@ -119,7 +121,7 @@ csr_work_path = ${directory:tmp}/${:_buildout_section_name_}
    stop-on-error = False stop-on-error = False
    update-command = ${:command} update-command = ${:command}
    command = command =
    {{ parameter_dict['bin_directory'] }}/caucase \ {{ software_parameter_dict['bin_directory'] }}/caucase \
    --ca-url {{ caucase_url }} \ --ca-url {{ caucase_url }} \
    --ca-crt ${kedifa-config:ca-certificate} \ --ca-crt ${kedifa-config:ca-certificate} \
    --crl ${kedifa-config:crl} \ --crl ${kedifa-config:crl} \
    ...@@ -131,20 +133,21 @@ command = ...@@ -131,20 +133,21 @@ command =
    [certificate-csr_id] [certificate-csr_id]
    recipe = plone.recipe.command recipe = plone.recipe.command
    certificate = ${directory:caddy-csr_id}/certificate.pem certificate = ${directory:certificate-csr_id}/certificate.pem
    key = ${directory:caddy-csr_id}/key.pem key = ${directory:certificate-csr_id}/key.pem
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    update-command = ${:command} update-command = ${:command}
    command = command =
    if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then
    {{ parameter_dict['openssl'] }} req -new -newkey rsa:2048 -sha256 -subj \ {{ software_parameter_dict['openssl'] }} req -new -newkey rsa:2048 -sha256 -subj \
    "/O=${kedifa-csr:organization}/OU=${kedifa-csr:organizational_unit}/CN={{ instance_parameter['ipv6-random'] }}" \ "/O=${kedifa-csr:organization}/OU=${kedifa-csr:organizational_unit}/CN={{ instance_parameter_dict['ipv6-random'] }}" \
    -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate} -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
    fi fi
    [expose-csr_id-configuration] [expose-csr_id-configuration]
    ip = {{ instance_parameter['ipv6-random'] }} ip = {{ instance_parameter_dict['ipv6-random'] }}
    port = 17000 port = 17000
    key = ${certificate-csr_id:key} key = ${certificate-csr_id:key}
    certificate = ${certificate-csr_id:certificate} certificate = ${certificate-csr_id:certificate}
    ...@@ -152,14 +155,40 @@ error-log = ${directory:log}/expose-csr_id.log ...@@ -152,14 +155,40 @@ error-log = ${directory:log}/expose-csr_id.log
    [expose-csr_id-template] [expose-csr_id-template]
    recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
    var = ${directory:expose-csr_id-var}
    pid = ${directory:var}/nginx-expose-csr_id.pid
    rendered = ${directory:etc}/nginx-expose-csr_id.conf
    template = inline: template = inline:
    https://:${expose-csr_id-configuration:port}/ { daemon off;
    bind ${expose-csr_id-configuration:ip} pid ${:pid};
    tls ${expose-csr_id-configuration:certificate} ${expose-csr_id-configuration:key} error_log ${expose-csr_id-configuration:error-log};
    log ${expose-csr_id-configuration:error-log} events {
    }
    http {
    include {{ software_parameter_dict['nginx_mime'] }};
    server {
    server_name_in_redirect off;
    port_in_redirect off;
    error_log ${expose-csr_id-configuration:error-log};
    access_log /dev/null;
    listen [${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port} ssl;
    ssl_certificate ${expose-csr_id-configuration:certificate};
    ssl_certificate_key ${expose-csr_id-configuration:key};
    default_type application/octet-stream;
    client_body_temp_path ${:var} 1 2;
    proxy_temp_path ${:var} 1 2;
    fastcgi_temp_path ${:var} 1 2;
    uwsgi_temp_path ${:var} 1 2;
    scgi_temp_path ${:var} 1 2;
    location / {
    alias ${directory:csr_id}/;
    autoindex off;
    sendfile on;
    sendfile_max_chunk 1m;
    }
    }
    } }
    rendered = ${directory:caddy-csr_id}/Caddyfile
    [promise-expose-csr_id-ip-port] [promise-expose-csr_id-ip-port]
    <= monitor-promise-base <= monitor-promise-base
    ...@@ -171,13 +200,8 @@ config-port = ${expose-csr_id-configuration:port} ...@@ -171,13 +200,8 @@ config-port = ${expose-csr_id-configuration:port}
    [expose-csr_id] [expose-csr_id]
    depends = ${store-csr_id:command} depends = ${store-csr_id:command}
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ parameter_dict['caddy'] }} command-line = {{ software_parameter_dict['nginx'] }}
    -conf ${expose-csr_id-template:rendered} -c ${expose-csr_id-template:rendered}
    -log ${expose-csr_id-configuration:error-log}
    -http2=true
    -disable-http-challenge
    -disable-tls-alpn-challenge
    -root ${directory:csr_id}
    wrapper-path = ${directory:service}/expose-csr_id wrapper-path = ${directory:service}/expose-csr_id
    hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    ...@@ -191,19 +215,19 @@ commands = ...@@ -191,19 +215,19 @@ commands =
    recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
    rendered = ${buildout:directory}/${:filename} rendered = ${buildout:directory}/${:filename}
    extra-context = extra-context =
    slapparameter_dict = {{ dumps(instance_parameter['configuration']) }} slapparameter_dict = {{ dumps(slapparameter_dict) }}
    slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }} slap_software_type = {{ dumps(instance_parameter_dict['slap-software-type']) }}
    context = context =
    import json_module json import json_module json
    raw common_profile {{ parameter_dict['common_profile'] }} raw profile_common {{ software_parameter_dict['profile_common'] }}
    key slap_software_type :slap_software_type key slap_software_type :slap_software_type
    key slapparameter_dict :slapparameter_dict key slapparameter_dict :slapparameter_dict
    section directory directory section directory directory
    ${:extra-context} ${:extra-context}
    [kedifa-config] [kedifa-config]
    ip = {{ instance_parameter['ipv6-random'] }} ip = {{ instance_parameter_dict['ipv6-random'] }}
    port = {{ instance_parameter['configuration.kedifa_port'] }} port = {{ instance_parameter_dict['configuration.kedifa_port'] }}
    db = ${directory:kedifa}/kedifa.sqlite db = ${directory:kedifa}/kedifa.sqlite
    certificate = ${directory:etc-kedifa}/certificate.pem certificate = ${directory:etc-kedifa}/certificate.pem
    key = ${:certificate} key = ${:certificate}
    ...@@ -215,7 +239,7 @@ logfile = ${directory:log}/kedifa.log ...@@ -215,7 +239,7 @@ logfile = ${directory:log}/kedifa.log
    [kedifa-reloader] [kedifa-reloader]
    <= jinja2-template-base <= jinja2-template-base
    template = {{ parameter_dict['template_wrapper'] }} template = {{ software_parameter_dict['template_wrapper'] }}
    rendered = ${directory:etc-run}/kedifa-reloader rendered = ${directory:etc-run}/kedifa-reloader
    command = command =
    kill -HUP `cat ${kedifa-config:pidfile}` kill -HUP `cat ${kedifa-config:pidfile}`
    ...@@ -236,12 +260,12 @@ config-ca-cert-file = ${kedifa-config:ca-certificate} ...@@ -236,12 +260,12 @@ config-ca-cert-file = ${kedifa-config:ca-certificate}
    <= logrotate-entry-base <= logrotate-entry-base
    name = kedifa name = kedifa
    log = ${kedifa-config:logfile} log = ${kedifa-config:logfile}
    rotate-num = {{ instance_parameter['configuration.rotate-num'] | int }} rotate-num = {{ instance_parameter_dict['configuration.rotate-num'] | int }}
    delaycompress = delaycompress =
    [kedifa] [kedifa]
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ parameter_dict['kedifa'] }} command-line = {{ software_parameter_dict['kedifa'] }}
    --ip ${kedifa-config:ip} --ip ${kedifa-config:ip}
    --port ${kedifa-config:port} --port ${kedifa-config:port}
    --db ${kedifa-config:db} --db ${kedifa-config:db}
    ...@@ -268,7 +292,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -268,7 +292,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    recipe = plone.recipe.command recipe = plone.recipe.command
    file = ${directory:reservation}/${:_buildout_section_name_} file = ${directory:reservation}/${:_buildout_section_name_}
    command = command =
    [ ! -f ${:file} ] && {{ parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file} [ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file}
    update-command = ${:command} update-command = ${:command}
    [{{ slave_reference }}-auth-random] [{{ slave_reference }}-auth-random]
    ...@@ -283,7 +307,7 @@ commands = ...@@ -283,7 +307,7 @@ commands =
    recipe = plone.recipe.command recipe = plone.recipe.command
    file = ${directory:reservation}/${:_buildout_section_name_} file = ${directory:reservation}/${:_buildout_section_name_}
    command = command =
    [ ! -f ${:file} ] && {{ parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file} [ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file}
    update-command = ${:command} update-command = ${:command}
    [master-auth-random] [master-auth-random]
    ...@@ -311,4 +335,4 @@ name = ${:_buildout_section_name_}.py ...@@ -311,4 +335,4 @@ name = ${:_buildout_section_name_}.py
    config-command = config-command =
    ${logrotate:wrapper-path} -d ${logrotate:wrapper-path} -d
    {%- endif -%} {# if slap_software_type in software_type #} {%- endif -%} {# if instance_parameter_dict['slap-software-type'] == software_type #}
    software/caddy-frontend/instance.cfg.in
    View file @ d1334b4b
    [buildout] [buildout]
    extends = {{ common_profile }} extends = {{ software_parameter_dict['profile_common'] }}
    parts = parts =
    dynamic-template-caddy-replicate
    switch-softwaretype switch-softwaretype
    [caddyprofiledeps] [caddyprofiledeps]
    ...@@ -11,76 +10,59 @@ recipe = caddyprofiledeps ...@@ -11,76 +10,59 @@ recipe = caddyprofiledeps
    [jinja2-template-base] [jinja2-template-base]
    recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
    rendered = ${buildout:directory}/${:filename} rendered = ${buildout:directory}/${:filename}
    extensions = jinja2.ext.do
    extra-context = extra-context =
    context = context =
    import json_module json import json_module json
    key slap_software_type instance-parameter:slap-software-type
    key slapparameter_dict instance-parameter:configuration key slapparameter_dict instance-parameter:configuration
    key slave_instance_list instance-parameter:slave-instance-list section instance_parameter_dict instance-parameter
    section instance_parameter instance-parameter section software_parameter_dict software-parameter-section
    ${:extra-context} ${:extra-context}
    caucase-jinja2-library = {{ software_parameter_dict['caucase_jinja2_library'] }}
    import-list =
    file caucase :caucase-jinja2-library
    [switch-softwaretype] [switch-softwaretype]
    recipe = slapos.cookbook:softwaretype recipe = slapos.cookbook:softwaretype
    default = ${dynamic-template-caddy-replicate:rendered} default = ${dynamic-profile-caddy-replicate:rendered}
    RootSoftwareInstance = ${dynamic-template-caddy-replicate:rendered} RootSoftwareInstance = ${dynamic-profile-caddy-replicate:rendered}
    custom-personal = ${dynamic-template-caddy-replicate:rendered} custom-personal = ${dynamic-profile-caddy-replicate:rendered}
    single-default = ${dynamic-template-caddy-frontend:rendered} single-default = ${dynamic-profile-caddy-frontend:rendered}
    single-custom-personal = ${dynamic-template-caddy-frontend:rendered} single-custom-personal = ${dynamic-profile-caddy-frontend:rendered}
    replicate = ${dynamic-template-caddy-replicate:rendered} replicate = ${dynamic-profile-caddy-replicate:rendered}
    kedifa = ${dynamic-template-kedifa:rendered} kedifa = ${dynamic-profile-kedifa:rendered}
    [dynamic-template-caddy-frontend-parameters] [software-parameter-section]
    {% for key,value in template_frontend_parameter_dict.iteritems() %} {% for key,value in software_parameter_dict.iteritems() %}
    {{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
    {% endfor -%} {% endfor -%}
    [dynamic-template-caddy-frontend] [dynamic-profile-caddy-frontend]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ template_caddy_frontend }} template = {{ software_parameter_dict['profile_caddy_frontend'] }}
    filename = instance-caddy-frontend.cfg filename = instance-caddy-frontend.cfg
    extensions = jinja2.ext.do
    extra-context = extra-context =
    import furl_module furl import furl_module furl
    section parameter_dict dynamic-template-caddy-frontend-parameters
    raw software_type single-custom-personal raw software_type single-custom-personal
    caucase-jinja2-library = {{ caucase_jinja2_library }}
    import-list =
    file caucase :caucase-jinja2-library
    [dynamic-template-caddy-replicate] [dynamic-profile-caddy-replicate]
    < = jinja2-template-base < = jinja2-template-base
    depends = ${caddyprofiledeps:recipe} depends = ${caddyprofiledeps:recipe}
    template = {{ template_caddy_replicate }} template = {{ software_parameter_dict['profile_caddy_replicate'] }}
    filename = instance-caddy-replicate.cfg filename = instance-caddy-replicate.cfg
    extensions = jinja2.ext.do
    extra-context = extra-context =
    import subprocess_module subprocess import subprocess_module subprocess
    import functools_module functools import functools_module functools
    import validators validators import validators validators
    key cluster_identification instance-parameter:root-instance-title
    raw caddy_backend_url_validator {{ caddy_backend_url_validator }}
    raw template_publish_slave_information {{ template_replicate_publish_slave_information }}
    # Must match the key id in [switch-softwaretype] which uses this section. # Must match the key id in [switch-softwaretype] which uses this section.
    raw software_type RootSoftwareInstance-default-custom-personal-replicate raw software_type RootSoftwareInstance-default-custom-personal-replicate
    raw template_monitor {{ monitor2_template }}
    raw common_profile {{ common_profile }}
    section parameter_dict dynamic-template-caddy-frontend-parameters
    caucase-jinja2-library = {{ caucase_jinja2_library }}
    import-list =
    file caucase :caucase-jinja2-library
    [dynamic-template-kedifa] [dynamic-profile-kedifa]
    < = jinja2-template-base < = jinja2-template-base
    template = {{ template_kedifa }} template = {{ software_parameter_dict['profile_kedifa'] }}
    filename = instance-kedifa.cfg filename = instance-kedifa.cfg
    extensions = jinja2.ext.do
    extra-context = extra-context =
    section parameter_dict dynamic-template-caddy-frontend-parameters
    raw software_type kedifa raw software_type kedifa
    caucase-jinja2-library = {{ caucase_jinja2_library }}
    import-list =
    file caucase :caucase-jinja2-library
    [instance-parameter] [instance-parameter]
    # Fetches parameters defined in SlapOS Master for this instance. # Fetches parameters defined in SlapOS Master for this instance.
    ......
    software/caddy-frontend/software.cfg
    View file @ d1334b4b
    [buildout] [buildout]
    extends = common.cfg extends =
    buildout.hash.cfg
    ../../stack/slapos.cfg
    ../../component/dash/buildout.cfg
    ../../component/caddy/buildout.cfg
    ../../component/gzip/buildout.cfg
    ../../component/logrotate/buildout.cfg
    ../../component/rdiff-backup/buildout.cfg
    ../../component/trafficserver/buildout.cfg
    ../../component/6tunnel/buildout.cfg
    ../../component/xz-utils/buildout.cfg
    ../../component/rsyslogd/buildout.cfg
    ../../component/haproxy/buildout.cfg
    ../../component/nginx/buildout.cfg
    ../../stack/caucase/buildout.cfg
    # Monitoring stack (keep on bottom)
    ../../stack/monitor/buildout.cfg
    parts +=
    caucase-eggs
    template
    rdiff-backup
    caddyprofiledeps
    kedifa-develop
    kedifa
    [kedifa-repository]
    recipe = slapos.recipe.build:gitclone
    repository = https://lab.nexedi.com/nexedi/kedifa.git
    git-executable = ${git:location}/bin/git
    revision = d6bbd7db215e12871c1536f22a8fbf994227270c
    [kedifa-develop]
    recipe = zc.recipe.egg:develop
    setup = ${kedifa-repository:location}
    [kedifa]
    recipe = zc.recipe.egg
    eggs =
    ${python-cryptography:egg}
    kedifa
    [caddyprofiledeps-setup]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/setup.py
    [caddyprofiledeps-dummy]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/caddyprofiledummy.py
    [caddyprofiledeps-prepare]
    recipe = plone.recipe.command
    stop-on-error = True
    location = ${buildout:parts-directory}/${:_buildout_section_name_}
    update-command = ${:command}
    command =
    rm -fr ${:location} &&
    mkdir -p ${:location} &&
    cp ${caddyprofiledeps-setup:target} ${:location}/ &&
    cp ${caddyprofiledeps-dummy:target} ${:location}/
    [caddyprofiledeps-develop]
    recipe = zc.recipe.egg:develop
    setup = ${caddyprofiledeps-prepare:location}
    [caddyprofiledeps]
    depends = ${caddyprofiledeps-develop:recipe}
    recipe = zc.recipe.egg
    eggs =
    caddyprofiledeps
    websockify
    collective.recipe.shelloutput
    [profile-common]
    recipe = slapos.recipe.template:jinja2
    template = ${:_profile_base_location_}/instance-common.cfg.in
    rendered = ${buildout:directory}/instance-common.cfg
    mode = 0644
    context =
    key develop_eggs_directory buildout:develop-eggs-directory
    key eggs_directory buildout:eggs-directory
    [software-parameter-section]
    # libraries
    caucase_jinja2_library = ${caucase-jinja2-library:target}
    # profiles
    profile_caddy_frontend = ${profile-caddy-frontend:target}
    profile_caddy_replicate = ${profile-caddy-replicate:target}
    profile_common = ${profile-common:rendered}
    profile_kedifa = ${profile-kedifa:target}
    profile_logrotate_base = ${template-logrotate-base:rendered}
    profile_monitor = ${monitor-template:output}
    profile_monitor2 = ${monitor2-template:rendered}
    profile_replicate_publish_slave_information = ${profile-replicate-publish-slave-information:target}
    profile_slave_list = ${profile-slave-list:target}
    # templates
    template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
    template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target}
    template_caddy_frontend_configuration = ${profile-caddy-frontend-configuration:target}
    template_caddy_lazy_script_call = ${template-caddy-lazy-script-call:target}
    template_configuration_state_script = ${template-configuration-state-script:target}
    template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
    template_empty = ${template-empty:target}
    template_graceful_script = ${template-graceful-script:target}
    template_log_access = ${template-log-access:target}
    template_not_found_html = ${template-not-found-html:target}
    template_rotate_script = ${template-rotate-script:target}
    template_slave_introspection_httpd_nginx = ${template-slave-introspection-httpd-nginx:target}
    template_trafficserver_logging_yaml = ${template-trafficserver-logging-yaml:target}
    template_trafficserver_records_config = ${template-trafficserver-records-config:target}
    template_trafficserver_storage_config = ${template-trafficserver-storage-config:target}
    template_validate_script = ${template-validate-script:target}
    template_wrapper = ${template-wrapper:output}
    caddy_backend_url_validator = ${caddy-backend-url-validator:output}
    # directories
    bin_directory = ${buildout:bin-directory}
    # files
    sixtunnel = ${6tunnel:location}
    nginx = ${nginx-output:nginx}
    nginx_mime = ${nginx-output:mime}
    caddy = ${caddy:output}
    haproxy_executable = ${haproxy:location}/sbin/haproxy
    rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
    curl = ${curl:location}
    dash = ${dash:location}
    gzip = ${gzip:location}
    logrotate = ${logrotate:location}
    openssl = ${openssl:location}/bin/openssl
    openssl_cnf = ${openssl:location}/etc/ssl/openssl.cnf
    trafficserver = ${trafficserver:location}
    sha256sum = ${coreutils:location}/bin/sha256sum
    kedifa = ${:bin_directory}/kedifa
    kedifa-updater = ${:bin_directory}/kedifa-updater
    kedifa-csr = ${:bin_directory}/kedifa-csr
    xz_location = ${xz-utils:location}
    htpasswd = ${:bin_directory}/htpasswd
    [template]
    recipe = slapos.recipe.template:jinja2
    template = ${:_profile_base_location_}/instance.cfg.in
    rendered = ${buildout:directory}/template.cfg
    mode = 0644
    context =
    section software_parameter_dict software-parameter-section
    [profile-caddy-frontend]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/instance-apache-frontend.cfg.in
    mode = 0644
    [caddy-backend-url-validator]
    recipe = slapos.recipe.template
    url = ${:_profile_base_location_}/${:filename}
    output = ${buildout:directory}/caddy-backend-url-validator
    mode = 0750
    [profile-caddy-replicate]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
    mode = 0644
    [profile-kedifa]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/instance-kedifa.cfg.in
    mode = 0644
    [download-template]
    recipe = slapos.recipe.build:download
    url = ${:_profile_base_location_}/${:_update_hash_filename_}
    mode = 640
    [profile-slave-list]
    <=download-template
    [profile-replicate-publish-slave-information]
    <=download-template
    [profile-caddy-frontend-configuration]
    <=download-template
    [template-not-found-html]
    <=download-template
    [template-default-slave-virtualhost]
    <=download-template
    [template-backend-haproxy-configuration]
    <=download-template
    [template-log-access]
    <=download-template
    [template-empty]
    <=download-template
    [template-slave-introspection-httpd-nginx]
    <=download-template
    [template-wrapper]
    recipe = slapos.recipe.template
    url = ${:_profile_base_location_}/templates/wrapper.in
    output = ${buildout:directory}/template-wrapper.cfg
    mode = 0644
    [template-trafficserver-records-config]
    <=download-template
    [template-trafficserver-storage-config]
    <=download-template
    [template-trafficserver-logging-yaml]
    <=download-template
    [template-rotate-script]
    <=download-template
    [template-caddy-lazy-script-call]
    <=download-template
    [template-graceful-script]
    <=download-template
    [template-validate-script]
    <=download-template
    [template-configuration-state-script]
    <=download-template
    [template-backend-haproxy-rsyslogd-conf]
    <=download-template
    [versions] [versions]
    # Modern KeDiFa requires zc.lockfile # Modern KeDiFa requires zc.lockfile
    ......
    software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
    View file @ d1334b4b
    ...@@ -4,21 +4,22 @@ ...@@ -4,21 +4,22 @@
    {%- set backend_slave_list = [] %} {%- set backend_slave_list = [] %}
    {%- set part_list = [] %} {%- set part_list = [] %}
    {%- set cache_port = caddy_configuration.get('cache-port') %} {%- set cache_port = caddy_configuration.get('cache-port') %}
    {%- set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %} {%- set cache_access = "http://%s:%s" % (instance_parameter_dict['ipv4-random'], cache_port) %}
    {%- set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %} {%- set ssl_cache_access = "http://%s:%s/HTTPS" % (instance_parameter_dict['ipv4-random'], cache_port) %}
    {%- set backend_haproxy_http_url = 'http://%s:%s' % (local_ipv4, backend_haproxy_configuration['http-port']) %} {%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %}
    {%- set backend_haproxy_https_url = 'http://%s:%s' % (local_ipv4, backend_haproxy_configuration['https-port']) %} {%- set backend_haproxy_https_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['https-port']) %}
    {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
    {%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %} {%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': instance_parameter_dict['ipv4-random'], 'http_port': configuration['plain_http_port'], 'https_port': configuration['port']} %}
    {%- set slave_log_dict = {} %} {%- set slave_log_dict = {} %}
    {%- if extra_slave_instance_list %} {%- set slave_instance_information_list = [] %}
    {%- set slave_instance_information_list = [] %} {%- set slave_instance_list = instance_parameter_dict['slave-instance-list'] %}
    {%- set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %} {%- if configuration['extra_slave_instance_list'] %}
    {%- do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %}
    {%- endif %} {%- endif %}
    {%- if master_key_download_url %} {%- if master_key_download_url %}
    {%- do kedifa_updater_mapping.append((master_key_download_url, master_certificate, apache_certificate)) %} {%- do kedifa_updater_mapping.append((master_key_download_url, caddy_configuration['master-certificate'], apache_certificate)) %}
    {%- else %} {%- else %}
    {%- do kedifa_updater_mapping.append(('notreadyyet', master_certificate, apache_certificate)) %} {%- do kedifa_updater_mapping.append(('notreadyyet', caddy_configuration['master-certificate'], apache_certificate)) %}
    {%- endif %} {%- endif %}
    {%- if kedifa_configuration['slave_kedifa_information'] %} {%- if kedifa_configuration['slave_kedifa_information'] %}
    {%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %} {%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
    ...@@ -30,7 +31,7 @@ recipe = slapos.recipe.template:jinja2 ...@@ -30,7 +31,7 @@ recipe = slapos.recipe.template:jinja2
    extensions = jinja2.ext.do extensions = jinja2.ext.do
    extra-context = extra-context =
    context = context =
    raw common_profile {{ common_profile }} raw profile_common {{ profile_common }}
    ${:extra-context} ${:extra-context}
    # empty sections if no slaves are available # empty sections if no slaves are available
    ...@@ -53,7 +54,7 @@ context = ...@@ -53,7 +54,7 @@ context =
    {%- if slave_ciphers %} {%- if slave_ciphers %}
    {%- set slave_cipher_list = ' '.join(slave_ciphers) %} {%- set slave_cipher_list = ' '.join(slave_ciphers) %}
    {%- else %} {%- else %}
    {%- set slave_cipher_list = ciphers.strip() %} {%- set slave_cipher_list = configuration['ciphers'].strip() %}
    {%- endif %} {%- endif %}
    {%- do slave_instance.__setitem__('cipher_list', slave_cipher_list) %} {%- do slave_instance.__setitem__('cipher_list', slave_cipher_list) %}
    {#- Manage common instance parameters #} {#- Manage common instance parameters #}
    ...@@ -102,8 +103,8 @@ context = ...@@ -102,8 +103,8 @@ context =
    {%- do part_list.extend([slave_logrotate_section, slave_section_title]) %} {%- do part_list.extend([slave_logrotate_section, slave_section_title]) %}
    {%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %} {%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
    {#- Pass HTTP2 switch #} {#- Pass HTTP2 switch #}
    {%- do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %} {%- do slave_instance.__setitem__('enable_http2_by_default', configuration['enable-http2-by-default']) %}
    {%- do slave_instance.__setitem__('global_disable_http2', global_disable_http2) %} {%- do slave_instance.__setitem__('global_disable_http2', configuration['global-disable-http2']) %}
    {#- Pass backend timeout values #} {#- Pass backend timeout values #}
    {%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %} {%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
    {%- if slave_instance.get(key, '') == '' %} {%- if slave_instance.get(key, '') == '' %}
    ...@@ -128,7 +129,7 @@ context = ...@@ -128,7 +129,7 @@ context =
    {%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %} {%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %}
    {%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %} {%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
    {%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %} {%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
    {%- do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %} {%- do slave_publish_dict.__setitem__('public-ipv4', configuration['public-ipv4']) %}
    {%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %} {%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
    {#- Set slave domain if none was defined #} {#- Set slave domain if none was defined #}
    {%- if slave_instance.get('custom_domain', None) == None %} {%- if slave_instance.get('custom_domain', None) == None %}
    ...@@ -176,9 +177,10 @@ bytes = 8 ...@@ -176,9 +177,10 @@ bytes = 8
    [{{ slave_htpasswd_section }}] [{{ slave_htpasswd_section }}]
    recipe = plone.recipe.command recipe = plone.recipe.command
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    file = {{ caddy_configuration_directory }}/.{{ slave_reference }}.htpasswd file = {{ caddy_configuration_directory }}/.{{ slave_reference }}.htpasswd
    command = {{ frontend_configuration['htpasswd'] }} -cb ${:file} {{ slave_reference.lower() }} {{ '${' + slave_password_section + ':passwd}' }} command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_reference.lower() }} {{ '${' + slave_password_section + ':passwd}' }}
    update-command = ${:command} update-command = ${:command}
    {#- ################################################## #} {#- ################################################## #}
    ...@@ -224,7 +226,7 @@ cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.ge ...@@ -224,7 +226,7 @@ cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.ge
    extra-context = extra-context =
    key content :cert-content key content :cert-content
    {%- else %} {%- else %}
    {%- do kedifa_updater_mapping.append((key_download_url, certificate, master_certificate)) %} {%- do kedifa_updater_mapping.append((key_download_url, certificate, caddy_configuration['master-certificate'])) %}
    {%- endif %} {%- endif %}
    {#- BBB: SlapOS Master non-zero knowledge END #} {#- BBB: SlapOS Master non-zero knowledge END #}
    ...@@ -233,9 +235,9 @@ extra-context = ...@@ -233,9 +235,9 @@ extra-context =
    [{{ slave_configuration_section_name }}] [{{ slave_configuration_section_name }}]
    certificate = {{ certificate }} certificate = {{ certificate }}
    https_port = {{ dumps('' ~ https_port) }} https_port = {{ dumps('' ~ configuration['port']) }}
    http_port = {{ dumps('' ~ http_port) }} http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
    local_ipv4 = {{ dumps('' ~ local_ipv4) }} local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
    {%- for key, value in slave_instance.iteritems() %} {%- for key, value in slave_instance.iteritems() %}
    {%- if value is not none %} {%- if value is not none %}
    {{ key }} = {{ dumps('' ~ value) }} {{ key }} = {{ dumps('' ~ value) }}
    ...@@ -283,7 +285,7 @@ config-frequency = 720 ...@@ -283,7 +285,7 @@ config-frequency = 720
    {#- ############################### #} {#- ############################### #}
    {#- Publish Slave Information #} {#- Publish Slave Information #}
    {%- if not extra_slave_instance_list %} {%- if not configuration['extra_slave_instance_list'] %}
    {%- set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %} {%- set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %}
    {%- do part_list.append(publish_section_title) %} {%- do part_list.append(publish_section_title) %}
    [{{ publish_section_title }}] [{{ publish_section_title }}]
    ...@@ -315,36 +317,36 @@ recipe = slapos.cookbook:wrapper ...@@ -315,36 +317,36 @@ recipe = slapos.cookbook:wrapper
    ipv4 = ${slap-network-information:local-ipv4} ipv4 = ${slap-network-information:local-ipv4}
    ipv6 = ${slap-network-information:global-ipv6} ipv6 = ${slap-network-information:global-ipv6}
    wrapper-path = {{ directory['service'] }}/6tunnel-${:ipv6-port} wrapper-path = {{ directory['service'] }}/6tunnel-${:ipv6-port}
    command-line = {{ sixtunnel_executable }} -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port} command-line = {{ software_parameter_dict['sixtunnel'] }}/bin/6tunnel -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
    hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    [tunnel-6to4-base-http_port] [tunnel-6to4-base-http_port]
    <= tunnel-6to4-base <= tunnel-6to4-base
    ipv4-port = {{ http_port }} ipv4-port = {{ configuration['plain_http_port'] }}
    ipv6-port = {{ http_port }} ipv6-port = {{ configuration['plain_http_port'] }}
    [tunnel-6to4-base-https_port] [tunnel-6to4-base-https_port]
    <= tunnel-6to4-base <= tunnel-6to4-base
    ipv4-port = {{ https_port }} ipv4-port = {{ configuration['port'] }}
    ipv6-port = {{ https_port }} ipv6-port = {{ configuration['port'] }}
    {#- Define log access #} {#- Define log access #}
    [caddy-log-access-parameters] [caddy-log-access-parameters]
    caddy_log_directory = {{ dumps(caddy_log_directory) }} caddy_log_directory = {{ dumps(caddy_log_directory) }}
    caddy_configuration_directory = {{ dumps(caddy_configuration_directory) }} caddy_configuration_directory = {{ dumps(caddy_configuration_directory) }}
    local_ipv4 = {{ dumps(local_ipv4) }} local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
    global_ipv6 = {{ dumps(global_ipv6) }} global_ipv6 = {{ dumps(global_ipv6) }}
    https_port = {{ dumps(https_port) }} https_port = {{ dumps(configuration['port']) }}
    http_port = {{ dumps(http_port) }} http_port = {{ dumps(configuration['plain_http_port']) }}
    ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }} ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }}
    access_log = {{ dumps(access_log) }} access_log = {{ dumps(caddy_configuration['access-log']) }}
    error_log = {{ dumps(error_log) }} error_log = {{ dumps(caddy_configuration['error-log']) }}
    not_found_file = {{ dumps(not_found_file) }} not_found_file = {{ dumps(caddy_configuration['not-found-file']) }}
    [caddy-log-access] [caddy-log-access]
    < = jinja2-template-base < = jinja2-template-base
    template = {{frontend_configuration.get('template-log-access')}} template = {{ software_parameter_dict['template_log_access'] }}
    rendered = {{frontend_configuration.get('log-access-configuration')}} rendered = {{frontend_configuration.get('log-access-configuration')}}
    extra-context = extra-context =
    section slave_log_directory slave-log-directory-dict section slave_log_directory slave-log-directory-dict
    ...@@ -352,11 +354,11 @@ extra-context = ...@@ -352,11 +354,11 @@ extra-context =
    section parameter_dict caddy-log-access-parameters section parameter_dict caddy-log-access-parameters
    [slave-introspection-parameters] [slave-introspection-parameters]
    local-ipv4 = {{ dumps(local_ipv4) }} local-ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
    global-ipv6 = {{ dumps(global_ipv6) }} global-ipv6 = {{ dumps(global_ipv6) }}
    https-port = {{ frontend_configuration['slave-introspection-https-port'] }} https-port = {{ frontend_configuration['slave-introspection-https-port'] }}
    ip-access-certificate = {{ frontend_configuration.get('ip-access-certificate') }} ip-access-certificate = {{ frontend_configuration.get('ip-access-certificate') }}
    nginx-mime = {{ frontend_configuration['nginx_mime'] }} nginx-mime = {{ software_parameter_dict['nginx_mime'] }}
    access-log = {{ dumps(caddy_configuration['slave-introspection-access-log']) }} access-log = {{ dumps(caddy_configuration['slave-introspection-access-log']) }}
    error-log = {{ dumps(caddy_configuration['slave-introspection-error-log']) }} error-log = {{ dumps(caddy_configuration['slave-introspection-error-log']) }}
    var = {{ directory['slave-introspection-var'] }} var = {{ directory['slave-introspection-var'] }}
    ...@@ -364,7 +366,7 @@ pid = {{ caddy_configuration['slave-introspection-pid-file'] }} ...@@ -364,7 +366,7 @@ pid = {{ caddy_configuration['slave-introspection-pid-file'] }}
    [slave-introspection-config] [slave-introspection-config]
    <= jinja2-template-base <= jinja2-template-base
    template = {{ frontend_configuration['slave-introspection-template'] }} template = {{ software_parameter_dict['template_slave_introspection_httpd_nginx'] }}
    rendered = {{ frontend_configuration['slave-introspection-configuration'] }} rendered = {{ frontend_configuration['slave-introspection-configuration'] }}
    extra-context = extra-context =
    section slave_log_directory slave-log-directory-dict section slave_log_directory slave-log-directory-dict
    ...@@ -373,7 +375,7 @@ extra-context = ...@@ -373,7 +375,7 @@ extra-context =
    [slave-introspection] [slave-introspection]
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ frontend_configuration['nginx'] }} command-line = {{ software_parameter_dict['nginx'] }}
    -c ${slave-introspection-config:rendered} -c ${slave-introspection-config:rendered}
    wrapper-path = {{ directory['service'] }}/slave-instrospection-nginx wrapper-path = {{ directory['service'] }}/slave-instrospection-nginx
    ...@@ -384,9 +386,9 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -384,9 +386,9 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    {#- Publish information for the instance #} {#- Publish information for the instance #}
    [publish-caddy-information] [publish-caddy-information]
    recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
    public-ipv4 = {{ public_ipv4 }} public-ipv4 = {{ configuration['public-ipv4'] }}
    private-ipv4 = {{ local_ipv4 }} private-ipv4 = {{ instance_parameter_dict['ipv4-random'] }}
    {%- if extra_slave_instance_list %} {%- if configuration['extra_slave_instance_list'] %}
    {#- sort_keys are important in order to avoid shuffling parameters on each run #} {#- sort_keys are important in order to avoid shuffling parameters on each run #}
    slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }} slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
    {%- endif %} {%- endif %}
    ...@@ -404,11 +406,11 @@ backend-haproxy-statistic-url = {{ statistic_url }} ...@@ -404,11 +406,11 @@ backend-haproxy-statistic-url = {{ statistic_url }}
    [kedifa-updater] [kedifa-updater]
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ kedifa_configuration['kedifa-updater'] }} command-line = {{ software_parameter_dict['kedifa-updater'] }}
    --server-ca-certificate {{ kedifa_configuration['ca-certificate'] }} --server-ca-certificate {{ kedifa_configuration['ca-certificate'] }}
    --identity {{ kedifa_configuration['certificate'] }} --identity {{ kedifa_configuration['certificate'] }}
    --master-certificate {{ master_certificate }} --master-certificate {{ caddy_configuration['master-certificate'] }}
    --on-update "{{ frontend_graceful_reload }}" --on-update "{{ caddy_configuration['frontend-graceful-command'] }}"
    ${kedifa-updater-mapping:file} ${kedifa-updater-mapping:file}
    {{ kedifa_configuration['kedifa-updater-state-file'] }} {{ kedifa_configuration['kedifa-updater-state-file'] }}
    ...@@ -417,8 +419,9 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -417,8 +419,9 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    [kedifa-updater-run] [kedifa-updater-run]
    recipe = plone.recipe.command recipe = plone.recipe.command
    {#- Can be stopped on error, as does not rely on self provided service but on service which comes from another partition #}
    stop-on-error = True stop-on-error = True
    command = {{ kedifa_configuration['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{ frontend_graceful_reload }}" command = {{ software_parameter_dict['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{ caddy_configuration['frontend-graceful-command'] }}"
    update-command = ${:command} update-command = ${:command}
    [kedifa-updater-mapping] [kedifa-updater-mapping]
    ...@@ -452,7 +455,7 @@ extra-context = ...@@ -452,7 +455,7 @@ extra-context =
    {%- for key, value in backend_haproxy_configuration.items() %} {%- for key, value in backend_haproxy_configuration.items() %}
    {{ key }} = {{ value }} {{ key }} = {{ value }}
    {%- endfor %} {%- endfor %}
    local-ipv4 = {{ dumps('' ~ local_ipv4) }} local-ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
    global-ipv6 = ${slap-network-information:global-ipv6} global-ipv6 = ${slap-network-information:global-ipv6}
    request-timeout = {{ dumps('' ~ configuration['request-timeout']) }} request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
    backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }} backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
    ...@@ -467,7 +470,7 @@ csr_work_path = {{ directory['tmp'] }}/${:_buildout_section_name_} ...@@ -467,7 +470,7 @@ csr_work_path = {{ directory['tmp'] }}/${:_buildout_section_name_}
    stop-on-error = False stop-on-error = False
    update-command = ${:command} update-command = ${:command}
    command = command =
    {{ bin_directory }}/caucase \ {{ software_parameter_dict['bin_directory'] }}/caucase \
    --ca-url {{ backend_haproxy_configuration['caucase-url'] }} \ --ca-url {{ backend_haproxy_configuration['caucase-url'] }} \
    --ca-crt {{ backend_haproxy_configuration['cas-ca-certificate'] }} \ --ca-crt {{ backend_haproxy_configuration['cas-ca-certificate'] }} \
    --crl {{ backend_haproxy_configuration['crl'] }} \ --crl {{ backend_haproxy_configuration['crl'] }} \
    ...@@ -479,9 +482,9 @@ command = ...@@ -479,9 +482,9 @@ command =
    [buildout] [buildout]
    extends = extends =
    {{ common_profile }} {{ profile_common }}
    {{ logrotate_base_instance }} {{ profile_logrotate_base }}
    {{ monitor_template }} {{ profile_monitor }}
    parts += parts +=
    kedifa-updater kedifa-updater
    ...@@ -511,7 +514,7 @@ csr_work_path = {{ directory['tmp'] }}/${:_buildout_section_name_} ...@@ -511,7 +514,7 @@ csr_work_path = {{ directory['tmp'] }}/${:_buildout_section_name_}
    stop-on-error = False stop-on-error = False
    update-command = ${:command} update-command = ${:command}
    command = command =
    {{ bin_directory }}/caucase \ {{ software_parameter_dict['bin_directory'] }}/caucase \
    --ca-url {{ kedifa_configuration['caucase-url'] }} \ --ca-url {{ kedifa_configuration['caucase-url'] }} \
    --ca-crt {{ kedifa_configuration['cas-ca-certificate'] }} \ --ca-crt {{ kedifa_configuration['cas-ca-certificate'] }} \
    --crl {{ kedifa_configuration['crl'] }} \ --crl {{ kedifa_configuration['crl'] }} \
    ...@@ -524,6 +527,7 @@ recipe = plone.recipe.command ...@@ -524,6 +527,7 @@ recipe = plone.recipe.command
    certificate = {{ directory['caddy-csr_id'] }}/certificate.pem certificate = {{ directory['caddy-csr_id'] }}/certificate.pem
    key = {{ directory['caddy-csr_id'] }}/key.pem key = {{ directory['caddy-csr_id'] }}/key.pem
    {#- Can be stopped on error, as does not rely on self provided service #}
    stop-on-error = True stop-on-error = True
    update-command = ${:command} update-command = ${:command}
    command = command =
    ...@@ -563,7 +567,7 @@ depends = ...@@ -563,7 +567,7 @@ depends =
    ${store-csr_id:command} ${store-csr_id:command}
    ${store-backend-haproxy-csr_id:command} ${store-backend-haproxy-csr_id:command}
    recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
    command-line = {{ caddy_executable }} command-line = {{ software_parameter_dict['caddy'] }}
    -conf ${expose-csr_id-template:rendered} -conf ${expose-csr_id-template:rendered}
    -log ${expose-csr_id-configuration:error-log} -log ${expose-csr_id-configuration:error-log}
    -http2=true -http2=true
    ......
    software/caddy-frontend/templates/backend-haproxy-rsyslogd.conf.in
    View file @ d1334b4b
    ...@@ -16,7 +16,7 @@ $Umask 0022 ...@@ -16,7 +16,7 @@ $Umask 0022
    $WorkDirectory {{ configuration['spool-directory'] }} $WorkDirectory {{ configuration['spool-directory'] }}
    # Setup logging per slave, by extracting the slave name from the log stream # Setup logging per slave, by extracting the slave name from the log stream
    {%- set regex = ".*-backend (.*)-http.*" %} {%- set regex = ".*-backend (.*)-http.{0,1}/" %}
    template(name="extract_slave_name" type="string" string="%msg:R,ERE,1,FIELD:{{ regex }}--end%") template(name="extract_slave_name" type="string" string="%msg:R,ERE,1,FIELD:{{ regex }}--end%")
    set $!slave_name = exec_template("extract_slave_name"); set $!slave_name = exec_template("extract_slave_name");
    template(name="slave_output" type="string" string="{{ configuration['caddy-log-directory'] }}/%$!slave_name%_backend_log") template(name="slave_output" type="string" string="{{ configuration['caddy-log-directory'] }}/%$!slave_name%_backend_log")
    ......
    software/caddy-frontend/templates/backend-haproxy.cfg.in
    View file @ d1334b4b
    ...@@ -14,27 +14,30 @@ defaults ...@@ -14,27 +14,30 @@ defaults
    timeout connect {{ configuration['backend-connect-timeout'] }}s timeout connect {{ configuration['backend-connect-timeout'] }}s
    retries {{ configuration['backend-connect-retries'] }} retries {{ configuration['backend-connect-retries'] }}
    {%- set SCHEME_PREFIX_MAPPING = { 'http': 'http_backend', 'https': 'https_backend'} %}
    {%- macro frontend_entry(slave_instance, scheme, wildcard) %} {%- macro frontend_entry(slave_instance, scheme, wildcard) %}
    {#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #} {#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
    {%- set host_list = (slave_instance.get('server-alias') or '').split() %} {%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
    {%- if slave_instance.get('custom_domain') not in host_list %} {%- set host_list = (slave_instance.get('server-alias') or '').split() %}
    {%- do host_list.append(slave_instance.get('custom_domain')) %} {%- if slave_instance.get('custom_domain') not in host_list %}
    {%- endif %} {%- do host_list.append(slave_instance.get('custom_domain')) %}
    {%- set matched = {'count': 0} %} {%- endif %}
    {%- for host in host_list %} {%- set matched = {'count': 0} %}
    {#- Match up to the end or optional port (starting with ':') #} {%- for host in host_list %}
    {#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #} {#- Match up to the end or optional port (starting with ':') #}
    {%- if wildcard and host.startswith('*.') %} {#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
    {%- do matched.__setitem__('count', matched['count'] + 1) %} {%- if wildcard and host.startswith('*.') %}
    {%- do matched.__setitem__('count', matched['count'] + 1) %}
    # match wildcard {{ host }} # match wildcard {{ host }}
    acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*) acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
    {%- elif not wildcard and not host.startswith('*.') %} {%- elif not wildcard and not host.startswith('*.') %}
    {%- do matched.__setitem__('count', matched['count'] + 1) %} {%- do matched.__setitem__('count', matched['count'] + 1) %}
    acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*) acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
    {%- endif %} {%- endif %}
    {%- endfor %} {%- endfor %}
    {%- if matched['count'] > 0 %} {%- if matched['count'] > 0 %}
    use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }} use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
    {%- endif %}
    {%- endif %} {%- endif %}
    {%- endmacro %} {%- endmacro %}
    ...@@ -49,59 +52,58 @@ frontend statistic ...@@ -49,59 +52,58 @@ frontend statistic
    frontend http-backend frontend http-backend
    bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }} bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
    {%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list -%}
    {{ frontend_entry(slave_instance, 'http', False) }} {{ frontend_entry(slave_instance, 'http', False) }}
    {%- endfor %} {%- endfor %}
    {%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list -%}
    {{ frontend_entry(slave_instance, 'http', True) }} {{ frontend_entry(slave_instance, 'http', True) }}
    {%- endfor %} {%- endfor %}
    frontend https-backend frontend https-backend
    bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
    {%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list -%}
    {{ frontend_entry(slave_instance, 'https', False) }} {{ frontend_entry(slave_instance, 'https', False) }}
    {%- endfor %} {%- endfor %}
    {%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list -%}
    {{ frontend_entry(slave_instance, 'https', True) }} {{ frontend_entry(slave_instance, 'https', True) }}
    {%- endfor %} {%- endfor %}
    {%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list %}
    {%- for (scheme, prefix) in [('http', 'http_backend'), ('https', 'https_backend')] %} {%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
    {%- set info_dict = slave_instance[prefix] %} {%- set info_dict = slave_instance[prefix] %}
    {%- if info_dict['scheme'] == 'https' %} {%- if info_dict['hostname'] and info_dict['port'] %}
    {%- set ssl = [] %} {%- set ssl_list = [] %}
    {%- if slave_instance['authenticate-to-backend'] %} {%- if info_dict['scheme'] == 'https' %}
    {%- set ssl = ['crt %s' % (configuration['certificate'],)] %} {%- if slave_instance['authenticate-to-backend'] %}
    {%- endif %} {%- do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
    {%- do ssl.append('ssl verify') %} {%- endif %}
    {%- set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %} {%- do ssl_list.append('ssl verify') %}
    {%- if slave_instance['ssl_proxy_verify'] %} {%- set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
    {%- if path_to_ssl_proxy_ca_crt %} {%- if slave_instance['ssl_proxy_verify'] %}
    {%- do ssl.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %} {%- if path_to_ssl_proxy_ca_crt %}
    {%- do ssl_list.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
    {%- else %}
    {#- Backend SSL shall be verified, but not CA provided, disallow connection #}
    {#- Simply dropping hostname from the dict will result with ignoring it... #}
    {%- do info_dict.__setitem__('hostname', '') %}
    {%- endif %}
    {%- else %} {%- else %}
    {#- Backend SSL shall be verified, but not CA provided, disallow connection #} {%- do ssl_list.append('none') %}
    {#- Simply dropping hostname from the dict will result with ignoring it... #}
    {%- do info_dict.__setitem__('hostname', '') %}
    {%- endif %} {%- endif %}
    {%- else %}
    {%- do ssl.append('none') %}
    {%- endif %} {%- endif %}
    {%- set ssl = ' '.join(ssl) %}
    {%- else %}
    {%- set ssl = '' %}
    {%- endif %}
    backend {{ slave_instance['slave_reference'] }}-{{ scheme }} backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
    {%- set hostname = info_dict['hostname'] %} {%- set hostname = info_dict['hostname'] %}
    {%- set port = info_dict['port'] %} {%- set port = info_dict['port'] %}
    {%- set path = info_dict['path'].rstrip('/') %} {%- set path = info_dict['path'].rstrip('/') %}
    {%- if hostname and port %} {%- if hostname and port %}
    timeout server {{ slave_instance['request-timeout'] }}s timeout server {{ slave_instance['request-timeout'] }}s
    timeout connect {{ slave_instance['backend-connect-timeout'] }}s timeout connect {{ slave_instance['backend-connect-timeout'] }}s
    retries {{ slave_instance['backend-connect-retries'] }} retries {{ slave_instance['backend-connect-retries'] }}
    server backend {{ hostname }}:{{ port }} {{ ssl }} server {{ slave_instance['slave_reference'] }}-backend {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }}
    {%- if path %} {%- if path %}
    http-request set-path {{ path }}%[path] http-request set-path {{ path }}%[path]
    {%- endif %}
    {%- endif %} {%- endif %}
    {%- endif %} {%- endif %}
    {%- endfor %} {%- endfor %}
    ......
    software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
    View file @ d1334b4b
    ...@@ -75,7 +75,7 @@ log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }} ...@@ -75,7 +75,7 @@ log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
    {% endfor %} {% endfor %}
    [buildout] [buildout]
    extends = {{ common_profile }} extends = {{ profile_common }}
    parts = parts =
    {% for part in part_list %} {% for part in part_list %}
    {{ ' %s' % part }} {{ ' %s' % part }}
    ......
    software/caddy-frontend/test/test.py
    View file @ d1334b4b
    ...@@ -48,7 +48,6 @@ from slapos.recipe.librecipe import generateHashFromFiles ...@@ -48,7 +48,6 @@ from slapos.recipe.librecipe import generateHashFromFiles
    import xml.etree.ElementTree as ET import xml.etree.ElementTree as ET
    import urlparse import urlparse
    import socket import socket
    import sqlite3
    try: try:
    ...@@ -358,7 +357,7 @@ class TestDataMixin(object): ...@@ -358,7 +357,7 @@ class TestDataMixin(object):
    [backend_haproxy_wrapper_path] + hash_file_list [backend_haproxy_wrapper_path] + hash_file_list
    ) )
    for rejected_slave_publish_path in glob.glob(os.path.join( for rejected_slave_publish_path in glob.glob(os.path.join(
    self.instance_path, '*', 'etc', 'Caddyfile-rejected-slave')): self.instance_path, '*', 'etc', 'nginx-rejected-slave.conf')):
    partition_id = rejected_slave_publish_path.split('/')[-3] partition_id = rejected_slave_publish_path.split('/')[-3]
    rejected_slave_pem_path = os.path.join( rejected_slave_pem_path = os.path.join(
    self.instance_path, partition_id, 'etc', 'rejected-slave.pem') self.instance_path, partition_id, 'etc', 'rejected-slave.pem')
    ...@@ -1772,7 +1771,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1772,7 +1771,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    log_regexp = r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+ ' \ log_regexp = r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+ ' \
    r'\[\d{2}\/.{3}\/\d{4}\:\d{2}\:\d{2}\:\d{2}.\d{3}\] ' \ r'\[\d{2}\/.{3}\/\d{4}\:\d{2}\:\d{2}\:\d{2}.\d{3}\] ' \
    r'http-backend _Url-http\/backend ' \ r'http-backend _Url-http\/_Url-backend ' \
    r'\d+/\d+\/\d+\/\d+\/\d+ ' \ r'\d+/\d+\/\d+\/\d+\/\d+ ' \
    r'200 \d+ - - ---- ' \ r'200 \d+ - - ---- ' \
    r'\d\/\d\/\d\/\d\/\d \d\/\d ' \ r'\d\/\d\/\d\/\d\/\d \d\/\d ' \
    ...@@ -1801,15 +1800,18 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1801,15 +1800,18 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.instance_path, '*', 'etc', 'backend-haproxy.cfg'))[0] self.instance_path, '*', 'etc', 'backend-haproxy.cfg'))[0]
    with open(backend_configuration_file) as fh: with open(backend_configuration_file) as fh:
    content = fh.read() content = fh.read()
    self.assertTrue("""backend _Url-http self.assertIn("""backend _Url-http
    timeout server 12s timeout server 12s
    timeout connect 5s timeout connect 5s
    retries 3""" in content) retries 3""", content)
    self.assertTrue(""" timeout queue 60s self.assertIn(""" timeout queue 60s
    timeout server 12s timeout server 12s
    timeout client 12s timeout client 12s
    timeout connect 5s timeout connect 5s
    retries 3""" in content) retries 3""", content)
    # check that no needless entries are generated
    self.assertIn("backend _Url-http\n", content)
    self.assertNotIn("backend _Url-https\n", content)
    def test_auth_to_backend(self): def test_auth_to_backend(self):
    parameter_dict = self.assertSlaveBase('auth-to-backend') parameter_dict = self.assertSlaveBase('auth-to-backend')
    ...@@ -6787,14 +6789,34 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6787,14 +6789,34 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
    def test(self): def test(self):
    self.instance_parameter_dict.update({ self.instance_parameter_dict.update({
    # master partition parameters
    '-frontend-quantity': 3, '-frontend-quantity': 3,
    '-sla-2-computer_guid': self.slap._computer_id, '-sla-2-computer_guid': self.slap._computer_id,
    '-sla-3-computer_guid': self.slap._computer_id,
    '-frontend-2-state': 'stopped', '-frontend-2-state': 'stopped',
    '-frontend-2-software-release-url': self.frontend_2_sr, '-frontend-2-software-release-url': self.frontend_2_sr,
    '-sla-3-computer_guid': self.slap._computer_id,
    '-frontend-3-state': 'stopped', '-frontend-3-state': 'stopped',
    '-frontend-3-software-release-url': self.frontend_3_sr, '-frontend-3-software-release-url': self.frontend_3_sr,
    '-kedifa-software-release-url': self.kedifa_sr, '-kedifa-software-release-url': self.kedifa_sr,
    'automatic-internal-kedifa-caucase-csr': False,
    'automatic-internal-backend-client-caucase-csr': False,
    # all nodes partition parameters
    'apache-certificate': self.certificate_pem,
    'apache-key': self.key_pem,
    'domain': 'example.com',
    'enable-http2-by-default': True,
    'global-disable-http2': True,
    'mpm-graceful-shutdown-timeout': 2,
    'public-ipv4': '255.255.255.255',
    're6st-verification-url': 're6st-verification-url',
    'backend-connect-timeout': 2,
    'backend-connect-retries': 1,
    'ciphers': 'ciphers',
    'request-timeout': 100,
    'authenticate-to-backend': True,
    # specific parameters
    '-frontend-config-1-ram-cache-size': '512K',
    '-frontend-config-2-ram-cache-size': '256K',
    }) })
    # re-request instance with updated parameters # re-request instance with updated parameters
    ...@@ -6806,43 +6828,196 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6806,43 +6828,196 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
    except Exception: except Exception:
    pass pass
    # inspect slapproxy, that the master correctly requested other partitions computer = self.slap._slap.registerComputer('local')
    sqlitedb_file = os.path.join( # state of parameters of all instances
    os.path.abspath( partition_parameter_dict_dict = {}
    os.path.join( for partition in computer.getComputerPartitionList():
    self.slap.instance_directory, os.pardir if partition.getState() == 'destroyed':
    ) continue
    ), 'var', 'proxy.db' parameter_dict = partition.getInstanceParameterDict()
    ) instance_title = parameter_dict['instance_title']
    connection = sqlite3.connect(sqlitedb_file) if '_' in parameter_dict:
    # "flatten" the instance parameter
    def dict_factory(cursor, row): parameter_dict = json.loads(parameter_dict['_'])
    d = {} partition_parameter_dict_dict[instance_title] = parameter_dict
    for idx, col in enumerate(cursor.description): parameter_dict[
    d[col[0]] = row[idx] 'X-software_release_url'] = partition.getSoftwareRelease().getURI()
    return d
    connection.row_factory = dict_factory
    cursor = connection.cursor()
    cursor.execute(
    "select partition_reference, software_release "
    "from partition14 where slap_state='busy';")
    requested_partition_information = cursor.fetchall()
    base_software_url = self.getSoftwareURL() base_software_url = self.getSoftwareURL()
    # drop some very varying parameters
    def assertKeyWithPop(d, k):
    self.assertIn(k, d)
    d.pop(k)
    assertKeyWithPop(
    partition_parameter_dict_dict['caddy-frontend-1'],
    'master-key-download-url')
    assertKeyWithPop(
    partition_parameter_dict_dict['caddy-frontend-2'],
    'master-key-download-url')
    assertKeyWithPop(
    partition_parameter_dict_dict['caddy-frontend-3'],
    'master-key-download-url')
    assertKeyWithPop(
    partition_parameter_dict_dict['testing partition 0'],
    'timestamp')
    assertKeyWithPop(
    partition_parameter_dict_dict['testing partition 0'],
    'ip_list')
    monitor_password = partition_parameter_dict_dict[
    'caddy-frontend-1'].pop('monitor-password')
    self.assertEqual(
    monitor_password,
    partition_parameter_dict_dict[
    'caddy-frontend-2'].pop('monitor-password')
    )
    self.assertEqual(
    monitor_password,
    partition_parameter_dict_dict[
    'caddy-frontend-3'].pop('monitor-password')
    )
    self.assertEqual(
    monitor_password,
    partition_parameter_dict_dict[
    'kedifa'].pop('monitor-password')
    )
    backend_client_caucase_url = u'http://[%s]:8990' % (self._ipv6_address,)
    kedifa_caucase_url = u'http://[%s]:15090' % (self._ipv6_address,)
    expected_partition_parameter_dict_dict = {
    'caddy-frontend-1': {
    'X-software_release_url': base_software_url,
    u'apache-certificate': unicode(self.certificate_pem),
    u'apache-key': unicode(self.key_pem),
    u'authenticate-to-backend': u'True',
    u'backend-client-caucase-url': backend_client_caucase_url,
    u'backend-connect-retries': u'1',
    u'backend-connect-timeout': u'2',
    u'ciphers': u'ciphers',
    u'cluster-identification': u'testing partition 0',
    u'domain': u'example.com',
    u'enable-http2-by-default': u'True',
    u'extra_slave_instance_list': u'[]',
    u'frontend-name': u'caddy-frontend-1',
    u'global-disable-http2': u'True',
    u'kedifa-caucase-url': kedifa_caucase_url,
    u'monitor-cors-domains': u'monitor.app.officejs.com',
    u'monitor-httpd-port': 8411,
    u'monitor-username': u'admin',
    u'mpm-graceful-shutdown-timeout': u'2',
    u'plain_http_port': '11080',
    u'port': '11443',
    u'public-ipv4': u'255.255.255.255',
    u'ram-cache-size': u'512K',
    u're6st-verification-url': u're6st-verification-url',
    u'request-timeout': u'100',
    u'slave-kedifa-information': u'{}'
    },
    'caddy-frontend-2': {
    'X-software_release_url': self.frontend_2_sr,
    u'apache-certificate': unicode(self.certificate_pem),
    u'apache-key': unicode(self.key_pem),
    u'authenticate-to-backend': u'True',
    u'backend-client-caucase-url': backend_client_caucase_url,
    u'backend-connect-retries': u'1',
    u'backend-connect-timeout': u'2',
    u'ciphers': u'ciphers',
    u'cluster-identification': u'testing partition 0',
    u'domain': u'example.com',
    u'enable-http2-by-default': u'True',
    u'extra_slave_instance_list': u'[]',
    u'frontend-name': u'caddy-frontend-2',
    u'global-disable-http2': u'True',
    u'kedifa-caucase-url': kedifa_caucase_url,
    u'monitor-cors-domains': u'monitor.app.officejs.com',
    u'monitor-httpd-port': 8412,
    u'monitor-username': u'admin',
    u'mpm-graceful-shutdown-timeout': u'2',
    u'plain_http_port': u'11080',
    u'port': u'11443',
    u'public-ipv4': u'255.255.255.255',
    u'ram-cache-size': u'256K',
    u're6st-verification-url': u're6st-verification-url',
    u'request-timeout': u'100',
    u'slave-kedifa-information': u'{}'
    },
    'caddy-frontend-3': {
    'X-software_release_url': self.frontend_3_sr,
    u'apache-certificate': unicode(self.certificate_pem),
    u'apache-key': unicode(self.key_pem),
    u'authenticate-to-backend': u'True',
    u'backend-client-caucase-url': backend_client_caucase_url,
    u'backend-connect-retries': u'1',
    u'backend-connect-timeout': u'2',
    u'ciphers': u'ciphers',
    u'cluster-identification': u'testing partition 0',
    u'domain': u'example.com',
    u'enable-http2-by-default': u'True',
    u'extra_slave_instance_list': u'[]',
    u'frontend-name': u'caddy-frontend-3',
    u'global-disable-http2': u'True',
    u'kedifa-caucase-url': kedifa_caucase_url,
    u'monitor-cors-domains': u'monitor.app.officejs.com',
    u'monitor-httpd-port': 8413,
    u'monitor-username': u'admin',
    u'mpm-graceful-shutdown-timeout': u'2',
    u'plain_http_port': u'11080',
    u'port': u'11443',
    u'public-ipv4': u'255.255.255.255',
    u're6st-verification-url': u're6st-verification-url',
    u'request-timeout': u'100',
    u'slave-kedifa-information': u'{}'
    },
    'kedifa': {
    'X-software_release_url': self.kedifa_sr,
    u'caucase_port': u'15090',
    u'cluster-identification': u'testing partition 0',
    u'kedifa_port': u'15080',
    u'monitor-cors-domains': u'monitor.app.officejs.com',
    u'monitor-httpd-port': u'8402',
    u'monitor-username': u'admin',
    u'slave-list': []
    },
    'testing partition 0': {
    '-frontend-2-software-release-url': self.frontend_2_sr,
    '-frontend-2-state': 'stopped',
    '-frontend-3-software-release-url': self.frontend_3_sr,
    '-frontend-3-state': 'stopped',
    '-frontend-config-1-ram-cache-size': '512K',
    '-frontend-config-2-ram-cache-size': '256K',
    '-frontend-quantity': '3',
    '-kedifa-software-release-url': self.kedifa_sr,
    '-sla-2-computer_guid': 'local',
    '-sla-3-computer_guid': 'local',
    'X-software_release_url': base_software_url,
    'apache-certificate': unicode(self.certificate_pem),
    'apache-key': unicode(self.key_pem),
    'authenticate-to-backend': 'True',
    'automatic-internal-backend-client-caucase-csr': 'False',
    'automatic-internal-kedifa-caucase-csr': 'False',
    'backend-connect-retries': '1',
    'backend-connect-timeout': '2',
    'caucase_port': '15090',
    'ciphers': 'ciphers',
    'domain': 'example.com',
    'enable-http2-by-default': 'True',
    'full_address_list': [],
    'global-disable-http2': 'True',
    'instance_title': 'testing partition 0',
    'kedifa_port': '15080',
    'mpm-graceful-shutdown-timeout': '2',
    'plain_http_port': '11080',
    'port': '11443',
    'public-ipv4': '255.255.255.255',
    're6st-verification-url': 're6st-verification-url',
    'request-timeout': '100',
    'root_instance_title': 'testing partition 0',
    'slap_software_type': 'RootSoftwareInstance',
    'slave_instance_list': []
    }
    }
    self.assertEqual( self.assertEqual(
    requested_partition_information, expected_partition_parameter_dict_dict,
    [ partition_parameter_dict_dict
    {'software_release': base_software_url,
    'partition_reference': 'testing partition 0'},
    {'software_release': self.kedifa_sr,
    'partition_reference': 'kedifa'},
    # that one is base, as expected
    {'software_release': base_software_url,
    'partition_reference': 'caddy-frontend-1'},
    {'software_release': self.frontend_2_sr,
    'partition_reference': 'caddy-frontend-2'},
    {'software_release': self.frontend_3_sr,
    'partition_reference': 'caddy-frontend-3'}]
    ) )
    software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_log-CADDY.txt
    View file @ d1334b4b
    ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
    T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
    T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
    T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
    T-2/var/log/httpd/_enable-http2-default_backend_log
    T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
    T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
    T-2/var/log/httpd/_enable-http2-false_backend_log
    T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
    T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
    T-2/var/log/httpd/_enable-http2-true_backend_log
    T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
    T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
    T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
    ......
    software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
    View file @ d1334b4b
    ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
    T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
    T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
    T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
    T-2/var/log/httpd/_enable-http2-default_backend_log
    T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
    T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
    T-2/var/log/httpd/_enable-http2-false_backend_log
    T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
    T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
    T-2/var/log/httpd/_enable-http2-true_backend_log
    T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
    T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
    T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
    ......
    software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_log-CADDY.txt
    View file @ d1334b4b
    ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
    T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
    T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
    T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
    T-2/var/log/httpd/_enable-http2-default_backend_log
    T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
    T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
    T-2/var/log/httpd/_enable-http2-false_backend_log
    T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
    T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
    T-2/var/log/httpd/_enable-http2-true_backend_log
    T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
    T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
    T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
    ......
    software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
    View file @ d1334b4b
    ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log ...@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
    T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
    T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
    T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
    T-2/var/log/httpd/_enable-http2-default_backend_log
    T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
    T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
    T-2/var/log/httpd/_enable-http2-false_backend_log
    T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
    T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
    T-2/var/log/httpd/_enable-http2-true_backend_log
    T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
    T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
    T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
    ......
    software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt
    View file @ d1334b4b
    ...@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log ...@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log
    T-2/var/log/httpd/_auth-to-backend_backend_log T-2/var/log/httpd/_auth-to-backend_backend_log
    T-2/var/log/httpd/_auth-to-backend_error_log T-2/var/log/httpd/_auth-to-backend_error_log
    T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
    T-2/var/log/httpd/_ciphers_backend_log
    T-2/var/log/httpd/_ciphers_error_log T-2/var/log/httpd/_ciphers_error_log
    T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
    T-2/var/log/httpd/_custom_domain_backend_log T-2/var/log/httpd/_custom_domain_backend_log
    ...@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log ...@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log
    T-2/var/log/httpd/_disabled-cookie-list_backend_log T-2/var/log/httpd/_disabled-cookie-list_backend_log
    T-2/var/log/httpd/_disabled-cookie-list_error_log T-2/var/log/httpd/_disabled-cookie-list_error_log
    T-2/var/log/httpd/_empty_access_log T-2/var/log/httpd/_empty_access_log
    T-2/var/log/httpd/_empty_backend_log
    T-2/var/log/httpd/_empty_error_log T-2/var/log/httpd/_empty_error_log
    T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
    T-2/var/log/httpd/_enable-http2-default_backend_log T-2/var/log/httpd/_enable-http2-default_backend_log
    ...@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log ...@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log
    T-2/var/log/httpd/_https-only_backend_log T-2/var/log/httpd/_https-only_backend_log
    T-2/var/log/httpd/_https-only_error_log T-2/var/log/httpd/_https-only_error_log
    T-2/var/log/httpd/_monitor-ipv4-test_access_log T-2/var/log/httpd/_monitor-ipv4-test_access_log
    T-2/var/log/httpd/_monitor-ipv4-test_backend_log
    T-2/var/log/httpd/_monitor-ipv4-test_error_log T-2/var/log/httpd/_monitor-ipv4-test_error_log
    T-2/var/log/httpd/_monitor-ipv6-test_access_log T-2/var/log/httpd/_monitor-ipv6-test_access_log
    T-2/var/log/httpd/_monitor-ipv6-test_backend_log
    T-2/var/log/httpd/_monitor-ipv6-test_error_log T-2/var/log/httpd/_monitor-ipv6-test_error_log
    T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
    T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log
    ......
    software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
    View file @ d1334b4b
    ...@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log ...@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log
    T-2/var/log/httpd/_auth-to-backend_backend_log T-2/var/log/httpd/_auth-to-backend_backend_log
    T-2/var/log/httpd/_auth-to-backend_error_log T-2/var/log/httpd/_auth-to-backend_error_log
    T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
    T-2/var/log/httpd/_ciphers_backend_log
    T-2/var/log/httpd/_ciphers_error_log T-2/var/log/httpd/_ciphers_error_log
    T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
    T-2/var/log/httpd/_custom_domain_backend_log T-2/var/log/httpd/_custom_domain_backend_log
    ...@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log ...@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log
    T-2/var/log/httpd/_disabled-cookie-list_backend_log T-2/var/log/httpd/_disabled-cookie-list_backend_log
    T-2/var/log/httpd/_disabled-cookie-list_error_log T-2/var/log/httpd/_disabled-cookie-list_error_log
    T-2/var/log/httpd/_empty_access_log T-2/var/log/httpd/_empty_access_log
    T-2/var/log/httpd/_empty_backend_log
    T-2/var/log/httpd/_empty_error_log T-2/var/log/httpd/_empty_error_log
    T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
    T-2/var/log/httpd/_enable-http2-default_backend_log T-2/var/log/httpd/_enable-http2-default_backend_log
    ...@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log ...@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log
    T-2/var/log/httpd/_https-only_backend_log T-2/var/log/httpd/_https-only_backend_log
    T-2/var/log/httpd/_https-only_error_log T-2/var/log/httpd/_https-only_error_log
    T-2/var/log/httpd/_monitor-ipv4-test_access_log T-2/var/log/httpd/_monitor-ipv4-test_access_log
    T-2/var/log/httpd/_monitor-ipv4-test_backend_log
    T-2/var/log/httpd/_monitor-ipv4-test_error_log T-2/var/log/httpd/_monitor-ipv4-test_error_log
    T-2/var/log/httpd/_monitor-ipv6-test_access_log T-2/var/log/httpd/_monitor-ipv6-test_access_log
    T-2/var/log/httpd/_monitor-ipv6-test_backend_log
    T-2/var/log/httpd/_monitor-ipv6-test_error_log T-2/var/log/httpd/_monitor-ipv6-test_error_log
    T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
    T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log
    ......
    Markdown is supported
    0% or
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment
    GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7