Update Release Candidate

component/cython/buildout.cfg

@@ -6,4 +6,4 @@ recipe = zc.recipe.egg:custom
 egg = cython
 
 [versions]
-Cython = 0.28.2
+Cython = 0.29.21

component/fonts/buildout.cfg

@@ -64,6 +64,16 @@ environment =
 url = https://github.com/dejavu-fonts/dejavu-fonts/releases/download/version_2_37/dejavu-fonts-ttf-2.37.tar.bz2
 md5sum = d0efec10b9f110a32e9b8f796e21782c
 
+[source-code-pro-fonts]
+<= fonts-base
+url = https://codeload.github.com/adobe-fonts/source-code-pro/zip/235b72fc43a46cacf36e7c9b45d8d4fc0d121099
+md5sum = b25e165c3fb984bbf6d847adfbd9d694
+
+[jetbrains-mono-fonts]
+<= fonts-base
+url = https://download.jetbrains.com/fonts/JetBrainsMono-2.001.zip
+md5sum = 62f02985bfef43a27dbdd17641fec210
+
 # Microsoft's TrueType core fonts
 # non-free so not enabled by default
 [msttcore-fonts]

component/gcc/buildout.cfg

@@ -42,13 +42,11 @@ post-install =
   done
   cat <<EOF >ld
   #!/bin/sh -e
-  case \$#:\$1 in 0:|1:-*) ;; *)
-    if [ "\$LD_RUN_PATH" ]
-    then LD_RUN_PATH=\$LD_RUN_PATH$1
-    else set -- "\$@" $2
-    fi
+  for x; do case \$x in -rpath|-rpath=*)
+    set -- "\$@" $2
+    ! break
     ;;
-  esac
+  esac; done && export LD_RUN_PATH=\$${LD_RUN_PATH:+\$LD_RUN_PATH:}$${1#:}
   exec ${binutils:location}/bin/ld "\$@"
   EOF
   chmod +x ld

component/pure-ftpd/buildout.cfg

@@ -3,8 +3,8 @@ parts = pure-ftpd
 
 [pure-ftpd]
 recipe = slapos.recipe.cmmi
-url = https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.46.tar.bz2
-md5sum = efce5529c1f0a39dafdd532c619503f1 
+url = https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.49.tar.bz2
+md5sum = b7025f469711d88bd84a3518f67c1470 
 
 # See https://download.pureftpd.org/pub/pure-ftpd/doc/README for more configurations
 # We need the trick about UPLOAD_PIPE_FILE and UPLOAD_PIPE_LOCK so that the files are created inside the $CWD/var/run

component/qemu-kvm/buildout.cfg

@@ -72,8 +72,8 @@ md5sum = 6097fdb9cbab47c96471274b9044e983
 # XXX: This is not the latest version because
 #      Debian does not provide a stable URL for it.
 <= debian-amd64-netinst-base
-version = 10.4.0
-md5sum = e2ddc8268e4c164c32b4ba25be52c9af
+version = 10.5.0
+md5sum = a3ebc76aec372808ad80000108a2593a
 
 [debian-amd64-testing-netinst.iso]
 <= debian-amd64-netinst-base

component/quickjs/buildout.cfg

+[buildout]
+extends =
+  ../xz-utils/buildout.cfg
+parts = quickjs
+
+[quickjs]
+recipe = slapos.recipe.cmmi
+configure-command = true
+url = https://bellard.org/quickjs/quickjs-2020-09-06.tar.xz
+md5sum = 47cb6def3263d6a631b647b268b1c554
+environment =
+  PATH=${xz-utils:location}/bin:%(PATH)s

software/caddy-frontend/README.caddy_frontend.rst

@@ -448,6 +448,15 @@ This allows backends to:
 Technical notes
 ===============
 
+Profile development guidelines
+------------------------------
+
+Keep the naming in instance profiles:
+
+ * ``software_parameter_dict`` for values coming from software
+ * ``instance_parameter_dict`` for **local** values generated by the instance, except ``configuration``
+ * ``slapparameter_dict`` for values coming from SlapOS Master
+
 Instantiated cluster structure
 ------------------------------
 

software/caddy-frontend/buildout.hash.cfg

@@ -14,29 +14,29 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = 7b16383a41d403f6c21e684afffcb4b7
+md5sum = 28bf0c4c75c028bed79fc38786831b3e
 
-[template-common]
+[profile-common]
 filename = instance-common.cfg.in
 md5sum = 5784bea3bd608913769ff9a8afcccb68
 
-[template-apache-frontend]
+[profile-caddy-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = b908d09e07b479cf09f1c813522e5cac
+md5sum = e7d7e1448b6420657e953026573311ca
 
-[template-caddy-replicate]
+[profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = b684aacbb7b2a6eec3ca3ab06c61a92c
+md5sum = 59f3a67999f5fb3e595486e2b801af08
 
-[template-slave-list]
+[profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = e9c5fe132a26e960df0acf3f5d8f877e
+md5sum = 64d57678c12f539247fe2532c5b8d6b8
 
-[template-replicate-publish-slave-information]
+[profile-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
-md5sum = 7e3ee70c447f8203273d78f66ab519c3
+md5sum = de268251dafa5ad83ebf5b20636365d9
 
-[template-caddy-frontend-configuration]
+[profile-caddy-frontend-configuration]
 _update_hash_filename_ = templates/Caddyfile.in
 md5sum = 2503056e35463e045db3329bb8b6fae8
 
@@ -54,7 +54,7 @@ md5sum = 266f175dbdfc588af7a86b0b1884fe73
 
 [template-backend-haproxy-configuration]
 _update_hash_filename_ = templates/backend-haproxy.cfg.in
-md5sum = eaf7491f628e72c877c31588e62eeb89
+md5sum = bf40f8d0a049a8dd924ccc731956c87e
 
 [template-log-access]
 _update_hash_filename_ = templates/template-log-access.conf.in
@@ -112,13 +112,13 @@ md5sum = 8e1c6c06c09beb921965b3ce98c67c9e
 filename = caddyprofiledummy.py
 md5sum = 38792c2dceae38ab411592ec36fff6a8
 
-[template-kedifa]
+[profile-kedifa]
 filename = instance-kedifa.cfg.in
-md5sum = d76fe7bf062410eda7049446ed06a736
+md5sum = 3daebc4b37088fa01183a853920d4143
 
 [template-backend-haproxy-rsyslogd-conf]
 _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
-md5sum = be899b04e1aa652ed510f20d4ea523dd
+md5sum = 3ec9e088817f6a0e3b3b71919590e6b3
 
 [template-slave-introspection-httpd-nginx]
 _update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in

software/caddy-frontend/common.cfg

-[buildout]
-extends =
-  buildout.hash.cfg
-  ../../stack/slapos.cfg
-  ../../component/dash/buildout.cfg
-  ../../component/caddy/buildout.cfg
-  ../../component/gzip/buildout.cfg
-  ../../component/logrotate/buildout.cfg
-  ../../component/rdiff-backup/buildout.cfg
-  ../../component/trafficserver/buildout.cfg
-  ../../component/6tunnel/buildout.cfg
-  ../../component/xz-utils/buildout.cfg
-  ../../component/rsyslogd/buildout.cfg
-  ../../component/haproxy/buildout.cfg
-  ../../component/nginx/buildout.cfg
-
-  ../../stack/caucase/buildout.cfg
-# Monitoring stack (keep on bottom)
-  ../../stack/monitor/buildout.cfg
-
-parts +=
-  caucase-eggs
-  template
-  template-caddy-frontend
-  template-caddy-replicate
-  caddy
-
-  logrotate
-  rdiff-backup
-  caddyprofiledeps
-
-  kedifa-develop
-  kedifa
-
-[kedifa-repository]
-recipe = slapos.recipe.build:gitclone
-repository = https://lab.nexedi.com/nexedi/kedifa.git
-git-executable = ${git:location}/bin/git
-revision = d6bbd7db215e12871c1536f22a8fbf994227270c
-
-[kedifa-develop]
-recipe = zc.recipe.egg:develop
-setup = ${kedifa-repository:location}
-
-[kedifa]
-recipe = zc.recipe.egg
-eggs =
-  ${python-cryptography:egg}
-  kedifa
-
-[caddyprofiledeps-setup]
-recipe = slapos.recipe.build:download
-url = ${:_profile_base_location_}/setup.py
-
-[caddyprofiledeps-dummy]
-recipe = slapos.recipe.build:download
-url = ${:_profile_base_location_}/caddyprofiledummy.py
-
-[caddyprofiledeps-prepare]
-recipe = plone.recipe.command
-stop-on-error = True
-location = ${buildout:parts-directory}/${:_buildout_section_name_}
-update-command = ${:command}
-command =
-  rm -fr ${:location} &&
-  mkdir -p ${:location} &&
-  cp ${caddyprofiledeps-setup:target} ${:location}/ &&
-  cp ${caddyprofiledeps-dummy:target} ${:location}/
-
-[caddyprofiledeps-develop]
-recipe = zc.recipe.egg:develop
-setup = ${caddyprofiledeps-prepare:location}
-
-[caddyprofiledeps]
-depends = ${caddyprofiledeps-develop:recipe}
-recipe = zc.recipe.egg
-eggs =
-  caddyprofiledeps
-  websockify
-  collective.recipe.shelloutput
-
-[template-common]
-recipe = slapos.recipe.template:jinja2
-template = ${:_profile_base_location_}/instance-common.cfg.in
-rendered = ${buildout:directory}/instance-common.cfg
-mode = 0644
-context =
-  key develop_eggs_directory buildout:develop-eggs-directory
-  key eggs_directory buildout:eggs-directory
-
-[template-frontend-parameter-section]
-common_profile = ${template-common:rendered}
-logrotate_base_instance = ${template-logrotate-base:rendered}
-
-bin_directory = ${buildout:bin-directory}
-
-sixtunnel = ${6tunnel:location}
-nginx = ${nginx-output:nginx}
-nginx_mime = ${nginx-output:mime}
-caddy = ${caddy:output}
-caddy_location = ${caddy:location}
-haproxy_executable = ${haproxy:location}/sbin/haproxy
-rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
-curl = ${curl:location}
-dash = ${dash:location}
-gzip = ${gzip:location}
-logrotate = ${logrotate:location}
-openssl = ${openssl:location}/bin/openssl
-openssl_cnf = ${openssl:location}/etc/ssl/openssl.cnf
-trafficserver = ${trafficserver:location}
-sha256sum = ${coreutils:location}/bin/sha256sum
-kedifa = ${:bin_directory}/kedifa
-kedifa-updater = ${:bin_directory}/kedifa-updater
-kedifa-csr = ${:bin_directory}/kedifa-csr
-xz_location = ${xz-utils:location}
-htpasswd = ${:bin_directory}/htpasswd
-
-monitor_template = ${monitor-template:output}
-template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
-template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target}
-template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target}
-template_graceful_script = ${template-graceful-script:target}
-template_validate_script = ${template-validate-script:target}
-template_rotate_script = ${template-rotate-script:target}
-template_configuration_state_script = ${template-configuration-state-script:target}
-template_caddy_lazy_script_call = ${template-caddy-lazy-script-call:target}
-template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
-template_empty = ${template-empty:target}
-template_log_access = ${template-log-access:target}
-template_not_found_html = ${template-not-found-html:target}
-template_slave_list = ${template-slave-list:target}
-template_trafficserver_records_config = ${template-trafficserver-records-config:target}
-template_trafficserver_storage_config = ${template-trafficserver-storage-config:target}
-template_trafficserver_logging_yaml = ${template-trafficserver-logging-yaml:target}
-template_wrapper = ${template-wrapper:output}
-template_slave_introspection_httpd_nginx = ${template-slave-introspection-httpd-nginx:target}
-
-[template]
-recipe = slapos.recipe.template:jinja2
-template = ${:_profile_base_location_}/instance.cfg.in
-rendered = ${buildout:directory}/template.cfg
-mode = 0644
-context =
-  key common_profile template-common:rendered
-
-  key monitor2_template monitor2-template:rendered
-  key template_caddy_frontend template-caddy-frontend:target
-  key template_caddy_replicate template-caddy-replicate:target
-  key template_kedifa template-kedifa:target
-  key template_replicate_publish_slave_information template-replicate-publish-slave-information:target
-  key caddy_backend_url_validator caddy-backend-url-validator:output
-
-  section template_frontend_parameter_dict template-frontend-parameter-section
-  key caucase_jinja2_library caucase-jinja2-library:target
-
-[template-caddy-frontend]
-recipe = slapos.recipe.build:download
-url = ${:_profile_base_location_}/instance-apache-frontend.cfg.in
-mode = 0644
-
-[caddy-backend-url-validator]
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/${:filename}
-output = ${buildout:directory}/caddy-backend-url-validator
-mode = 0750
-
-[template-caddy-replicate]
-recipe = slapos.recipe.build:download
-url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
-mode = 0644
-
-[template-kedifa]
-recipe = slapos.recipe.build:download
-url = ${:_profile_base_location_}/instance-kedifa.cfg.in
-mode = 0644
-
-[download-template]
-recipe = slapos.recipe.build:download
-url = ${:_profile_base_location_}/${:_update_hash_filename_}
-mode = 640
-
-[template-slave-list]
-<=download-template
-
-[template-replicate-publish-slave-information]
-<=download-template
-
-[template-caddy-frontend-configuration]
-<=download-template
-
-[template-not-found-html]
-<=download-template
-
-[template-default-slave-virtualhost]
-<=download-template
-
-[template-backend-haproxy-configuration]
-<=download-template
-
-[template-log-access]
-<=download-template
-
-[template-empty]
-<=download-template
-
-[template-slave-introspection-httpd-nginx]
-<=download-template
-
-[template-wrapper]
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/templates/wrapper.in
-output = ${buildout:directory}/template-wrapper.cfg
-mode = 0644
-
-[template-trafficserver-records-config]
-<=download-template
-
-[template-trafficserver-storage-config]
-<=download-template
-
-[template-trafficserver-logging-yaml]
-<=download-template
-
-[template-rotate-script]
-<=download-template
-
-[template-caddy-lazy-script-call]
-<=download-template
-
-[template-graceful-script]
-<=download-template
-
-[template-validate-script]
-<=download-template
-
-[template-configuration-state-script]
-<=download-template
-
-[template-backend-haproxy-rsyslogd-conf]
-<=download-template

software/caddy-frontend/development.cfg

-# Development profile of caddy-frontend.
-# Exactly the same as software.cfg, but fetch the slapos.cookbook
-# from git repository instead of fetching stable version,
-# allowing to play with bleeding edge environment.
-
-# You'll need to run buildout twice for this profile.
-
-[buildout]
-extends =
-# Extend in this order, otherwise "parts" will be taken from git profile
-  common.cfg
-
-parts +=
-  slapos.toolbox-dev
-
-[slapos.toolbox-dev]
-recipe = zc.recipe.egg:develop
-egg = slapos.toolbox
-setup = ${slapos.toolbox-repository:location}

software/caddy-frontend/instance.cfg.in

 [buildout]
-extends = {{ common_profile }}
+extends = {{ software_parameter_dict['profile_common'] }}
 
 parts =
-  dynamic-template-caddy-replicate
   switch-softwaretype
 
 [caddyprofiledeps]
@@ -11,76 +10,59 @@ recipe = caddyprofiledeps
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
 rendered = ${buildout:directory}/${:filename}
+extensions = jinja2.ext.do
 extra-context =
 context =
     import json_module json
-    key slap_software_type instance-parameter:slap-software-type
     key slapparameter_dict instance-parameter:configuration
-    key slave_instance_list instance-parameter:slave-instance-list
-    section instance_parameter instance-parameter
+    section instance_parameter_dict instance-parameter
+    section software_parameter_dict software-parameter-section
     ${:extra-context}
+caucase-jinja2-library = {{ software_parameter_dict['caucase_jinja2_library'] }}
+import-list =
+  file caucase :caucase-jinja2-library
 
 [switch-softwaretype]
 recipe = slapos.cookbook:softwaretype
-default = ${dynamic-template-caddy-replicate:rendered}
-RootSoftwareInstance = ${dynamic-template-caddy-replicate:rendered}
-custom-personal = ${dynamic-template-caddy-replicate:rendered}
-single-default = ${dynamic-template-caddy-frontend:rendered}
-single-custom-personal = ${dynamic-template-caddy-frontend:rendered}
-replicate = ${dynamic-template-caddy-replicate:rendered}
-kedifa = ${dynamic-template-kedifa:rendered}
+default = ${dynamic-profile-caddy-replicate:rendered}
+RootSoftwareInstance = ${dynamic-profile-caddy-replicate:rendered}
+custom-personal = ${dynamic-profile-caddy-replicate:rendered}
+single-default = ${dynamic-profile-caddy-frontend:rendered}
+single-custom-personal = ${dynamic-profile-caddy-frontend:rendered}
+replicate = ${dynamic-profile-caddy-replicate:rendered}
+kedifa = ${dynamic-profile-kedifa:rendered}
 
-[dynamic-template-caddy-frontend-parameters]
-{% for key,value in template_frontend_parameter_dict.iteritems() %}
+[software-parameter-section]
+{% for key,value in software_parameter_dict.iteritems() %}
 {{ key }} = {{ dumps(value) }}
 {% endfor -%}
 
-[dynamic-template-caddy-frontend]
+[dynamic-profile-caddy-frontend]
 < = jinja2-template-base
-template = {{ template_caddy_frontend }}
+template = {{ software_parameter_dict['profile_caddy_frontend'] }}
 filename = instance-caddy-frontend.cfg
-extensions = jinja2.ext.do
 extra-context =
   import furl_module furl
-  section parameter_dict dynamic-template-caddy-frontend-parameters
   raw software_type single-custom-personal
-caucase-jinja2-library = {{ caucase_jinja2_library }}
-import-list =
-  file caucase :caucase-jinja2-library
 
-[dynamic-template-caddy-replicate]
+[dynamic-profile-caddy-replicate]
 < = jinja2-template-base
 depends = ${caddyprofiledeps:recipe}
-template = {{ template_caddy_replicate }}
+template = {{ software_parameter_dict['profile_caddy_replicate'] }}
 filename = instance-caddy-replicate.cfg
-extensions = jinja2.ext.do
 extra-context =
     import subprocess_module subprocess
     import functools_module functools
     import validators validators
-    key cluster_identification instance-parameter:root-instance-title
-    raw caddy_backend_url_validator {{ caddy_backend_url_validator }}
-    raw template_publish_slave_information {{ template_replicate_publish_slave_information }}
 # Must match the key id in [switch-softwaretype] which uses this section.
     raw software_type RootSoftwareInstance-default-custom-personal-replicate
-    raw template_monitor {{ monitor2_template }}
-    raw common_profile {{ common_profile }}
-    section parameter_dict dynamic-template-caddy-frontend-parameters
-caucase-jinja2-library = {{ caucase_jinja2_library }}
-import-list =
-  file caucase :caucase-jinja2-library
 
-[dynamic-template-kedifa]
+[dynamic-profile-kedifa]
 < = jinja2-template-base
-template = {{ template_kedifa }}
+template = {{ software_parameter_dict['profile_kedifa'] }}
 filename = instance-kedifa.cfg
-extensions = jinja2.ext.do
 extra-context =
-  section parameter_dict dynamic-template-caddy-frontend-parameters
   raw software_type kedifa
-caucase-jinja2-library = {{ caucase_jinja2_library }}
-import-list =
-  file caucase :caucase-jinja2-library
 
 [instance-parameter]
 # Fetches parameters defined in SlapOS Master for this instance.
@@ -121,6 +103,7 @@ configuration.backend-connect-timeout = 5
 configuration.backend-connect-retries = 3
 configuration.backend-haproxy-http-port = 21080
 configuration.backend-haproxy-https-port = 21443
+configuration.backend-haproxy-statistic-port = 21444
 configuration.authenticate-to-backend = False
 configuration.rotate-num = 4000
 configuration.slave-introspection-https-port = 22443

software/caddy-frontend/software.cfg

 [buildout]
-extends = common.cfg
+extends =
+  buildout.hash.cfg
+  ../../stack/slapos.cfg
+  ../../component/dash/buildout.cfg
+  ../../component/caddy/buildout.cfg
+  ../../component/gzip/buildout.cfg
+  ../../component/logrotate/buildout.cfg
+  ../../component/rdiff-backup/buildout.cfg
+  ../../component/trafficserver/buildout.cfg
+  ../../component/6tunnel/buildout.cfg
+  ../../component/xz-utils/buildout.cfg
+  ../../component/rsyslogd/buildout.cfg
+  ../../component/haproxy/buildout.cfg
+  ../../component/nginx/buildout.cfg
+
+  ../../stack/caucase/buildout.cfg
+# Monitoring stack (keep on bottom)
+  ../../stack/monitor/buildout.cfg
+
+parts +=
+  caucase-eggs
+  template
+  rdiff-backup
+  caddyprofiledeps
+  kedifa-develop
+  kedifa
+
+[kedifa-repository]
+recipe = slapos.recipe.build:gitclone
+repository = https://lab.nexedi.com/nexedi/kedifa.git
+git-executable = ${git:location}/bin/git
+revision = d6bbd7db215e12871c1536f22a8fbf994227270c
+
+[kedifa-develop]
+recipe = zc.recipe.egg:develop
+setup = ${kedifa-repository:location}
+
+[kedifa]
+recipe = zc.recipe.egg
+eggs =
+  ${python-cryptography:egg}
+  kedifa
+
+[caddyprofiledeps-setup]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/setup.py
+
+[caddyprofiledeps-dummy]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/caddyprofiledummy.py
+
+[caddyprofiledeps-prepare]
+recipe = plone.recipe.command
+stop-on-error = True
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+update-command = ${:command}
+command =
+  rm -fr ${:location} &&
+  mkdir -p ${:location} &&
+  cp ${caddyprofiledeps-setup:target} ${:location}/ &&
+  cp ${caddyprofiledeps-dummy:target} ${:location}/
+
+[caddyprofiledeps-develop]
+recipe = zc.recipe.egg:develop
+setup = ${caddyprofiledeps-prepare:location}
+
+[caddyprofiledeps]
+depends = ${caddyprofiledeps-develop:recipe}
+recipe = zc.recipe.egg
+eggs =
+  caddyprofiledeps
+  websockify
+  collective.recipe.shelloutput
+
+[profile-common]
+recipe = slapos.recipe.template:jinja2
+template = ${:_profile_base_location_}/instance-common.cfg.in
+rendered = ${buildout:directory}/instance-common.cfg
+mode = 0644
+context =
+  key develop_eggs_directory buildout:develop-eggs-directory
+  key eggs_directory buildout:eggs-directory
+
+[software-parameter-section]
+# libraries
+caucase_jinja2_library = ${caucase-jinja2-library:target}
+
+# profiles
+profile_caddy_frontend = ${profile-caddy-frontend:target}
+profile_caddy_replicate = ${profile-caddy-replicate:target}
+profile_common = ${profile-common:rendered}
+profile_kedifa = ${profile-kedifa:target}
+profile_logrotate_base = ${template-logrotate-base:rendered}
+profile_monitor = ${monitor-template:output}
+profile_monitor2 = ${monitor2-template:rendered}
+profile_replicate_publish_slave_information = ${profile-replicate-publish-slave-information:target}
+profile_slave_list = ${profile-slave-list:target}
+
+# templates
+template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
+template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target}
+template_caddy_frontend_configuration = ${profile-caddy-frontend-configuration:target}
+template_caddy_lazy_script_call = ${template-caddy-lazy-script-call:target}
+template_configuration_state_script = ${template-configuration-state-script:target}
+template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
+template_empty = ${template-empty:target}
+template_graceful_script = ${template-graceful-script:target}
+template_log_access = ${template-log-access:target}
+template_not_found_html = ${template-not-found-html:target}
+template_rotate_script = ${template-rotate-script:target}
+template_slave_introspection_httpd_nginx = ${template-slave-introspection-httpd-nginx:target}
+template_trafficserver_logging_yaml = ${template-trafficserver-logging-yaml:target}
+template_trafficserver_records_config = ${template-trafficserver-records-config:target}
+template_trafficserver_storage_config = ${template-trafficserver-storage-config:target}
+template_validate_script = ${template-validate-script:target}
+template_wrapper = ${template-wrapper:output}
+caddy_backend_url_validator = ${caddy-backend-url-validator:output}
+
+# directories
+bin_directory = ${buildout:bin-directory}
+
+# files
+sixtunnel = ${6tunnel:location}
+nginx = ${nginx-output:nginx}
+nginx_mime = ${nginx-output:mime}
+caddy = ${caddy:output}
+haproxy_executable = ${haproxy:location}/sbin/haproxy
+rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
+curl = ${curl:location}
+dash = ${dash:location}
+gzip = ${gzip:location}
+logrotate = ${logrotate:location}
+openssl = ${openssl:location}/bin/openssl
+openssl_cnf = ${openssl:location}/etc/ssl/openssl.cnf
+trafficserver = ${trafficserver:location}
+sha256sum = ${coreutils:location}/bin/sha256sum
+kedifa = ${:bin_directory}/kedifa
+kedifa-updater = ${:bin_directory}/kedifa-updater
+kedifa-csr = ${:bin_directory}/kedifa-csr
+xz_location = ${xz-utils:location}
+htpasswd = ${:bin_directory}/htpasswd
+
+[template]
+recipe = slapos.recipe.template:jinja2
+template = ${:_profile_base_location_}/instance.cfg.in
+rendered = ${buildout:directory}/template.cfg
+mode = 0644
+context =
+  section software_parameter_dict software-parameter-section
+
+[profile-caddy-frontend]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/instance-apache-frontend.cfg.in
+mode = 0644
+
+[caddy-backend-url-validator]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/${:filename}
+output = ${buildout:directory}/caddy-backend-url-validator
+mode = 0750
+
+[profile-caddy-replicate]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/instance-apache-replicate.cfg.in
+mode = 0644
+
+[profile-kedifa]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/instance-kedifa.cfg.in
+mode = 0644
+
+[download-template]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/${:_update_hash_filename_}
+mode = 640
+
+[profile-slave-list]
+<=download-template
+
+[profile-replicate-publish-slave-information]
+<=download-template
+
+[profile-caddy-frontend-configuration]
+<=download-template
+
+[template-not-found-html]
+<=download-template
+
+[template-default-slave-virtualhost]
+<=download-template
+
+[template-backend-haproxy-configuration]
+<=download-template
+
+[template-log-access]
+<=download-template
+
+[template-empty]
+<=download-template
+
+[template-slave-introspection-httpd-nginx]
+<=download-template
+
+[template-wrapper]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/templates/wrapper.in
+output = ${buildout:directory}/template-wrapper.cfg
+mode = 0644
+
+[template-trafficserver-records-config]
+<=download-template
+
+[template-trafficserver-storage-config]
+<=download-template
+
+[template-trafficserver-logging-yaml]
+<=download-template
+
+[template-rotate-script]
+<=download-template
+
+[template-caddy-lazy-script-call]
+<=download-template
+
+[template-graceful-script]
+<=download-template
+
+[template-validate-script]
+<=download-template
+
+[template-configuration-state-script]
+<=download-template
+
+[template-backend-haproxy-rsyslogd-conf]
+<=download-template
 
 [versions]
 # Modern KeDiFa requires zc.lockfile

software/caddy-frontend/templates/backend-haproxy-rsyslogd.conf.in

@@ -16,7 +16,7 @@ $Umask 0022
 $WorkDirectory {{ configuration['spool-directory'] }}
 
 # Setup logging per slave, by extracting the slave name from the log stream
-{%- set regex = ".*-backend (.*)-http.*" %}
+{%- set regex = ".*-backend (.*)-http.{0,1}/" %}
 template(name="extract_slave_name" type="string" string="%msg:R,ERE,1,FIELD:{{ regex }}--end%")
 set $!slave_name = exec_template("extract_slave_name");
 template(name="slave_output" type="string" string="{{ configuration['caddy-log-directory'] }}/%$!slave_name%_backend_log")

software/caddy-frontend/templates/backend-haproxy.cfg.in

@@ -14,85 +14,96 @@ defaults
   timeout connect {{ configuration['backend-connect-timeout'] }}s
   retries {{ configuration['backend-connect-retries'] }}
 
+{%- set SCHEME_PREFIX_MAPPING = { 'http': 'http_backend', 'https': 'https_backend'} %}
 {%- macro frontend_entry(slave_instance, scheme, wildcard) %}
 {#-   wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
-{%-   set host_list = (slave_instance.get('server-alias') or  '').split() %}
-{%-   if slave_instance.get('custom_domain') not in host_list %}
-{%-     do host_list.append(slave_instance.get('custom_domain')) %}
-{%-   endif %}
-{%-   set matched = {'count': 0} %}
-{%-   for host in host_list %}
-{#-     Match up to the end or optional port (starting with ':') #}
-{#-     Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
-{%-     if wildcard and host.startswith('*.') %}
-{%-       do matched.__setitem__('count', matched['count'] + 1) %}
+{%-   if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
+{%-     set host_list = (slave_instance.get('server-alias') or  '').split() %}
+{%-     if slave_instance.get('custom_domain') not in host_list %}
+{%-       do host_list.append(slave_instance.get('custom_domain')) %}
+{%-     endif %}
+{%-     set matched = {'count': 0} %}
+{%-     for host in host_list %}
+{#-       Match up to the end or optional port (starting with ':') #}
+{#-       Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
+{%-       if wildcard and host.startswith('*.') %}
+{%-         do matched.__setitem__('count', matched['count'] + 1) %}
 # match wildcard {{ host }}
   acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
-{%-     elif not wildcard and not host.startswith('*.') %}
-{%-       do matched.__setitem__('count', matched['count'] + 1) %}
+{%-       elif not wildcard and not host.startswith('*.') %}
+{%-         do matched.__setitem__('count', matched['count'] + 1) %}
   acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
-{%-     endif %}
-{%-   endfor %}
-{%-   if matched['count'] > 0 %}
+{%-       endif %}
+{%-     endfor %}
+{%-     if matched['count'] > 0 %}
   use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
+{%-     endif %}
 {%-   endif %}
 {%- endmacro %}
 
+# statistic
+frontend statistic
+  bind {{ configuration['global-ipv6']}}:{{ configuration['statistic-port'] }} ssl crt {{ configuration['statistic-certificate'] }}
+  stats enable
+  stats uri /
+  stats show-desc {{ configuration['statistic-identification'] }}
+  stats auth {{ configuration['statistic-username'] }}:{{ configuration['statistic-password'] }}
+  stats realm {{ configuration['statistic-identification'] }}
+
 frontend http-backend
   bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
-{%- for slave_instance in backend_slave_list %}
+{%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'http', False) }}
 {%- endfor %}
-{%- for slave_instance in backend_slave_list %}
+{%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'http', True) }}
 {%- endfor %}
 
 frontend https-backend
   bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
-{%- for slave_instance in backend_slave_list %}
+{%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'https', False) }}
 {%- endfor %}
-{%- for slave_instance in backend_slave_list %}
+{%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'https', True) }}
 {%- endfor %}
 
 {%- for slave_instance in backend_slave_list %}
-{%-   for (scheme, prefix) in [('http', 'http_backend'), ('https', 'https_backend')] %}
+{%-   for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
 {%-     set info_dict = slave_instance[prefix] %}
-{%-     if info_dict['scheme'] == 'https' %}
-{%-       set ssl = [] %}
-{%-       if slave_instance['authenticate-to-backend'] %}
-{%-         set ssl = ['crt %s' % (configuration['certificate'],)] %}
-{%-       endif %}
-{%-       do ssl.append('ssl verify') %}
-{%-       set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
-{%-       if slave_instance['ssl_proxy_verify'] %}
-{%-         if path_to_ssl_proxy_ca_crt %}
-{%-           do ssl.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
+{%-     if info_dict['hostname'] and info_dict['port'] %}
+{%-       set ssl_list = [] %}
+{%-       if info_dict['scheme'] == 'https' %}
+{%-         if slave_instance['authenticate-to-backend'] %}
+{%-           do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
+{%-         endif %}
+{%-         do ssl_list.append('ssl verify') %}
+{%-         set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
+{%-         if slave_instance['ssl_proxy_verify'] %}
+{%-           if path_to_ssl_proxy_ca_crt %}
+{%-             do ssl_list.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
+{%-           else %}
+{#-           Backend SSL shall be verified, but not CA provided, disallow connection #}
+{#-           Simply dropping hostname from the dict will result with ignoring it... #}
+{%-           do info_dict.__setitem__('hostname', '') %}
+{%-           endif %}
 {%-         else %}
-{#-         Backend SSL shall be verified, but not CA provided, disallow connection #}
-{#-         Simply dropping hostname from the dict will result with ignoring it... #}
-{%-         do info_dict.__setitem__('hostname', '') %}
+{%-           do ssl_list.append('none') %}
 {%-         endif %}
-{%-       else %}
-{%-         do ssl.append('none') %}
 {%-       endif %}
-{%-       set ssl = ' '.join(ssl) %}
-{%-     else %}
-{%-       set ssl = '' %}
-{%-     endif %}
 
 backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
-{%-     set hostname = info_dict['hostname'] %}
-{%-     set port = info_dict['port'] %}
-{%-     set path = info_dict['path'].rstrip('/') %}
-{%-     if hostname and port %}
+{%-       set hostname = info_dict['hostname'] %}
+{%-       set port = info_dict['port'] %}
+{%-       set path = info_dict['path'].rstrip('/') %}
+{%-       if hostname and port %}
   timeout server {{ slave_instance['request-timeout'] }}s
   timeout connect {{ slave_instance['backend-connect-timeout'] }}s
   retries {{ slave_instance['backend-connect-retries'] }}
-  server backend {{ hostname }}:{{ port }} {{ ssl }}
-{%-       if path %}
+  server {{ slave_instance['slave_reference'] }}-backend {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }}
+{%-         if path %}
   http-request set-path {{ path }}%[path]
+{%-         endif %}
 {%-       endif %}
 {%-     endif %}
 {%-   endfor %}

software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in

@@ -75,7 +75,7 @@ log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
 {% endfor %}
 
 [buildout]
-extends = {{ common_profile }}
+extends = {{ profile_common }}
 parts =
 {% for part in part_list %}
 {{ '  %s' % part }}

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_log-CADDY.txt

@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
 T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_backend_log
 T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_backend_log
 T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_backend_log
 T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
 T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_backend_log
 T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_backend_log
 T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_backend_log
 T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_log-CADDY.txt

@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
 T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_backend_log
 T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_backend_log
 T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_backend_log
 T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -13,13 +13,10 @@ T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
 T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_backend_log
 T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_backend_log
 T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_backend_log
 T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt

@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log
 T-2/var/log/httpd/_auth-to-backend_backend_log
 T-2/var/log/httpd/_auth-to-backend_error_log
 T-2/var/log/httpd/_ciphers_access_log
-T-2/var/log/httpd/_ciphers_backend_log
 T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
 T-2/var/log/httpd/_custom_domain_backend_log
@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log
 T-2/var/log/httpd/_disabled-cookie-list_backend_log
 T-2/var/log/httpd/_disabled-cookie-list_error_log
 T-2/var/log/httpd/_empty_access_log
-T-2/var/log/httpd/_empty_backend_log
 T-2/var/log/httpd/_empty_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
 T-2/var/log/httpd/_enable-http2-default_backend_log
@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log
 T-2/var/log/httpd/_https-only_backend_log
 T-2/var/log/httpd/_https-only_error_log
 T-2/var/log/httpd/_monitor-ipv4-test_access_log
-T-2/var/log/httpd/_monitor-ipv4-test_backend_log
 T-2/var/log/httpd/_monitor-ipv4-test_error_log
 T-2/var/log/httpd/_monitor-ipv6-test_access_log
-T-2/var/log/httpd/_monitor-ipv6-test_backend_log
 T-2/var/log/httpd/_monitor-ipv6-test_error_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -22,7 +22,6 @@ T-2/var/log/httpd/_auth-to-backend_access_log
 T-2/var/log/httpd/_auth-to-backend_backend_log
 T-2/var/log/httpd/_auth-to-backend_error_log
 T-2/var/log/httpd/_ciphers_access_log
-T-2/var/log/httpd/_ciphers_backend_log
 T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
 T-2/var/log/httpd/_custom_domain_backend_log
@@ -43,7 +42,6 @@ T-2/var/log/httpd/_disabled-cookie-list_access_log
 T-2/var/log/httpd/_disabled-cookie-list_backend_log
 T-2/var/log/httpd/_disabled-cookie-list_error_log
 T-2/var/log/httpd/_empty_access_log
-T-2/var/log/httpd/_empty_backend_log
 T-2/var/log/httpd/_empty_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
 T-2/var/log/httpd/_enable-http2-default_backend_log
@@ -79,10 +77,8 @@ T-2/var/log/httpd/_https-only_access_log
 T-2/var/log/httpd/_https-only_backend_log
 T-2/var/log/httpd/_https-only_error_log
 T-2/var/log/httpd/_monitor-ipv4-test_access_log
-T-2/var/log/httpd/_monitor-ipv4-test_backend_log
 T-2/var/log/httpd/_monitor-ipv4-test_error_log
 T-2/var/log/httpd/_monitor-ipv6-test_access_log
-T-2/var/log/httpd/_monitor-ipv6-test_backend_log
 T-2/var/log/httpd/_monitor-ipv6-test_error_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log

software/kvm/instance-kvm-cluster-simplified-input-schema.json

@@ -60,19 +60,53 @@
               ],
               "default": "fr"
             },
-            "nbd-host": {
-              "title": "NBD hostname or IP",
-              "description": "hostname (or IP) of the NBD server containing the boot image.",
-              "type": "string",
-              "format": "internet-address"
-            },
-            "nbd-port": {
-              "title": "NBD port",
-              "description": "Port of the NBD server containing the boot image.",
-              "type": "integer",
-              "default": 1024,
-              "minimum": 1,
-              "maximum": 65535
+            "boot-image-url-select": {
+              "title": "Boot image",
+              "type": "array",
+              "oneOf": [
+                {
+                  "const": [
+                    "https://shacache.nxdcdn.com/0a6aee1d9aafc1ed095105c052f9fdd65ed00ea9274188c9cd0072c8e6838ab40e246d45a1e6956d74ef1b04a1fc042151762f25412e9ff0cbf49418eef7992e#a3ebc76aec372808ad80000108a2593a"
+                  ],
+                  "title": "Debian Buster 10.5 netinst x86_64"
+                },
+                {
+                  "const": [
+                    "https://shacache.nxdcdn.com/ce5ddfdbdaccdf929b7fe321212356347d82a02f6b7733427282b416f113d91e587682b003e9d376ac189c3b731595c50c236962aadf2720c16d9f36913577c0#23bf2a2d60271e553e63525e794415f1"
+                  ],
+                  "title": "Centos 8.2004 Minimal x86_64"
+                },
+                {
+                  "const": [
+                    "https://shacache.nxdcdn.com/302c990c6d69575ff24c96566e5c7e26bf36908abb0cd546e22687c46fb07bf8dba595bf77a9d4fd9ab63e75c0437c133f35462fd41ea77f6f616140cd0e5e6a#f3a306f40e4a313fb5a584d73b3dee8f"
+                  ],
+                  "title": "Ubuntu Focal 20.04.1 Live Server x86_64"
+                },
+                {
+                  "const": [
+                    "https://shacache.nxdcdn.com/6635269a7eb6fbd6b85fda40cd94f14a27bf53cb1fc82ffcce9fe386a025a43e1ab681db7e8cec50416bfbfc90262f0d95273686a101c74b3f17646f0a34c85b#3708a59af6cf820a95cafe0ae73ac399"
+                  ],
+                  "title": "openSUSE Leap 15.2 NET x86_64"
+                },
+                {
+                  "const": [
+                    "https://shacache.nxdcdn.com/fc17e8c6ae0790162f4beb8fa6226d945cff638429588999b3a08493ff27b280dc2939fba825ae04be1d9082ea8d7c3c002c5e4c39fbbcf88b8ab5104619e28a#ebcdb2223a77f098af3923fe1fa180aa"
+                  ],
+                  "title": "Arch Linux 2020.09.01 x86_64"
+                },
+                {
+                  "const": [
+                    "https://shacache.nxdcdn.com/c5a511f349a1146b615e6fab9c24f9be4362046adcf24f0ff82c470d361fac5f6628895e2110ebf8ff87db49d4c413a0a332699da6b1bec64275e0c17a15b999#ca7a1e555c04b4d9a549065fa2ddf713"
+                  ],
+                  "title": "Fedora Server 32-1.6 netinst x86_64"
+                },
+                {
+                  "const": [
+                    "https://shacache.nxdcdn.com/6c355def68b3c0427f21598cb054ffc893568902f205601ac60f192854769b31bc9cff8eeb6ce99ef975a8fb887d8d3e56fc6cd5ea5cb4b3bba1175c520047cb#57088b77f795ca44b00971e44782ee23"
+                  ],
+                  "title": "FreeBSD 12.1 RELEASE bootonly x86_64"
+                }
+              ]
             }
           },
           "type": "object"

software/neoppod/software-common.cfg

@@ -145,7 +145,7 @@ coverage = 4.5.1
 mock = 3.0.5
 ecdsa = 0.13
 mysqlclient = 1.3.12
-persistent = 4.5.0
+persistent = 4.6.4
 pycrypto = 2.6.1
 pycurl = 7.43.0
 setproctitle = 1.1.10

software/neoppod/software-zodb5.cfg

@@ -7,7 +7,7 @@ ZEO-patches =
 
 [versions]
 ZODB = 5.6.0
-ZEO = 5.2.0
+ZEO = 5.2.2
 transaction = 2.4.0
 
 # BBB: ZEO

software/pureftpd/buildout.hash.cfg

@@ -15,4 +15,4 @@
 
 [instance-profile]
 filename = instance.cfg.in
-md5sum = c352c6f11b7a00dca0a544f7ecddeb52
+md5sum = 134ed1cf1f6de63b14425031eb5c9043

software/pureftpd/instance.cfg.in

@@ -32,12 +32,9 @@ plugin = ${:etc}/plugin
 pureftpd-dir = ${:srv}/pureftpd/
 
 [check-port-listening-promise]
-recipe = slapos.cookbook:promise.plugin
-eggs =
-  slapos.toolbox
-output = ${directory:plugin}/${:_buildout_section_name_}
-content =
-  from slapos.promise.plugin.check_port_listening import RunPromise
+<= monitor-promise-base
+module = check_port_listening
+name = check_nginx_port.py
 
 [pureftpd-listen-promise]
 <= check-port-listening-promise

software/pureftpd/software.cfg

@@ -9,13 +9,16 @@ extends =
 parts =
   slapos-cookbook
   instance-profile
+  
+  
+[python]
+part = python3
 
 
-# force to install plone.recipe.command and slapos.toolbox as it will be used during instanciation 
+# force to install plone.recipe.command as it will be used during instanciation 
 [slapos-cookbook]
 eggs +=
   plone.recipe.command
-  slapos.toolbox
 
 
 [instance-profile]

software/slaprunner/buildout.hash.cfg

@@ -18,7 +18,7 @@ md5sum = 8d6878ff1d2e75010c50a1a2b0c13b24
 
 [template-runner]
 filename = instance-runner.cfg
-md5sum = 376ae851bb13bd88b02ecd72249a64bd
+md5sum = 6e279c46b07bf56b7b037a8ee2c6587e
 
 [template-runner-import-script]
 filename = template/runner-import.sh.jinja2

software/slaprunner/instance-runner.cfg

@@ -20,6 +20,7 @@ common-runner-parts =
   runtestsuite
   shellinabox
   shellinabox-service
+  template-slapuser-script
   slapos-cfg
   slapformat-definition.cfg
   cron-entry-prepare-software
@@ -30,6 +31,8 @@ common-runner-parts =
   bash-profile
   supervisord-wrapper
   supervisord-promise
+  slapos-supervisord-promise
+  slapos-proxy-promise
   logrotate-entry-supervisord
   logrotate-entry-slapgrid
   httpd-graceful-wrapper
@@ -213,8 +216,7 @@ default_repository_branch = $${slap-parameter:slapos-reference}
 #-- supervisord managing slaprunner instance processes
 [slaprunner-supervisord-wrapper]
 recipe = slapos.cookbook:wrapper
-# XXX hardcoded locations
-command-line = $${template-slapuser-script:rendered} node supervisord -n
+command-line = ${buildout:bin-directory}/slapos node supervisord --cfg=$${slaprunner:slapos.cfg} --nodaemon
 wrapper-path = $${directory:services}/slaprunner-supervisord
 hash-existing-files = $${buildout:directory}/software_release/buildout.cfg
 
@@ -648,7 +650,13 @@ monitor-interface-url =
 monitor-httpd-port = 8386
 buildout-shared-folder = $${runnerdirectory:home}/shared
 {% for k, v in slapparameter_dict.items() -%}
+{% if k == 'user-authorized-key' and v -%}
+{% set key_list =  v.split('\n') -%}
+{{ k }} =
+  {{ key_list | join('\n  ') }}
+{% else -%}
 {{ k }} = {{ v }}
+{% endif -%}
 {% endfor -%}
 
 [slapos-cfg]
@@ -858,6 +866,19 @@ name = supervisord.py
 config-hostname = $${slaprunner:ipv4}
 config-port = $${supervisord:port}
 
+[slapos-supervisord-promise]
+<= monitor-promise-base
+module = check_command_execute
+name = instance_supervisord.py
+config-command = ${buildout:bin-directory}/slapos node supervisorctl --cfg=$${slaprunner:slapos.cfg} pid
+
+[slapos-proxy-promise]
+<= monitor-promise-base
+module = check_port_listening
+name = slaproxy.py
+config-hostname = $${slaprunner:ipv4}
+config-port = $${slaprunner:proxy_port}
+
 # XXX Monitor
 [monitor-instance-parameter]
 monitor-httpd-port = $${slap-parameter:monitor-httpd-port}

software/slaprunner/test/test.py

@@ -321,9 +321,11 @@ class TestWeb(SlaprunnerTestCase):
 class TestSSH(SlaprunnerTestCase):
   @classmethod
   def getInstanceParameterDict(cls):
-    cls.ssh_key = paramiko.RSAKey.generate(1024)
+    cls.ssh_key_list = [paramiko.RSAKey.generate(1024) for i in range(2)]
     return {
-        'user-authorized-key': 'ssh-rsa {}'.format(cls.ssh_key.get_base64())
+        'user-authorized-key': 'ssh-rsa {}\nssh-rsa {}'.format(
+          *[key.get_base64() for key in cls.ssh_key_list]
+          )
     }
 
   def test_connect(self):
@@ -355,43 +357,44 @@ class TestSSH(SlaprunnerTestCase):
     key_policy = KeyPolicy()
     client.set_missing_host_key_policy(key_policy)
 
-    with contextlib.closing(client):
-      client.connect(
-          username=username,
-          hostname=parsed.hostname,
-          port=parsed.port,
-          pkey=self.ssh_key,
-      )
-      # Check fingerprint from server matches the published one.
-      # Paramiko does not allow to get the fingerprint as SHA256 easily yet
-      # https://github.com/paramiko/paramiko/pull/1103
-      self.assertEqual(
-          fingerprint_from_url,
-          quote(
-              # base64 encoded fingerprint adds an extra = at the end
-              base64.b64encode(
-                  hashlib.sha256(key_policy.key.asbytes()).digest())[:-1],
-              # also encode /
-              safe=''))
-
-      # Check shell is usable
-      channel = client.invoke_shell()
-      channel.settimeout(30)
-      received = ''
-      while True:
-        r = bytes2str(channel.recv(1024))
-        self.logger.debug("received >%s<", r)
-        if not r:
-          break
-        received += r
-        if 'slaprunner shell' in received:
-          break
-      self.assertIn("Welcome to SlapOS slaprunner shell", received)
-
-      # simple commands can also be executed ( this would be like `ssh bash -c 'pwd'` )
-      self.assertEqual(
-          self.computer_partition_root_path,
-          bytes2str(client.exec_command("pwd")[1].read(1000)).strip())
+    for ssh_key in self.ssh_key_list:
+      with contextlib.closing(client):
+        client.connect(
+            username=username,
+            hostname=parsed.hostname,
+            port=parsed.port,
+            pkey=ssh_key,
+        )
+        # Check fingerprint from server matches the published one.
+        # Paramiko does not allow to get the fingerprint as SHA256 easily yet
+        # https://github.com/paramiko/paramiko/pull/1103
+        self.assertEqual(
+            fingerprint_from_url,
+            quote(
+                # base64 encoded fingerprint adds an extra = at the end
+                base64.b64encode(
+                    hashlib.sha256(key_policy.key.asbytes()).digest())[:-1],
+                # also encode /
+                safe=''))
+
+        # Check shell is usable
+        channel = client.invoke_shell()
+        channel.settimeout(30)
+        received = ''
+        while True:
+          r = bytes2str(channel.recv(1024))
+          self.logger.debug("received >%s<", r)
+          if not r:
+            break
+          received += r
+          if 'slaprunner shell' in received:
+            break
+        self.assertIn("Welcome to SlapOS slaprunner shell", received)
+
+        # simple commands can also be executed ( this would be like `ssh bash -c 'pwd'` )
+        self.assertEqual(
+            self.computer_partition_root_path,
+            bytes2str(client.exec_command("pwd")[1].read(1000)).strip())
 
 
 class TestSlapOS(SlaprunnerTestCase):

software/theia/buildout.hash.cfg

@@ -15,12 +15,24 @@
 
 [instance]
 filename = instance.cfg.in
-md5sum = f95354d4af4a78ad7fd11ebc9281ed19
+md5sum = 397fcb3279029af3055b23525d147445
 
 [yarn.lock]
 filename = yarn.lock
-md5sum = 07835b4acfbd8f4a96ac15ffecd238b0
+md5sum = d058e73c3d90ac3da44734c2d47eac95
 
 [python-language-server-requirements.txt]
 filename = python-language-server-requirements.txt
-md5sum = d2ce161244ce9ebce5295302a1b2a7df
+md5sum = 0883a40ebcb33d8d7c520490b21bd16c
+
+[preloadTemplate.html]
+filename = preloadTemplate.html
+md5sum = 8157c22134200bd862a07c6521ebf799
+
+[slapos.css.in]
+filename = slapos.css.in
+md5sum = d2930ec3ef973b7908f0fa896033fd64
+
+[logo.png]
+filename = logo.png
+md5sum = 97bd0f828ffbac2681af0f4bd72cba27

software/theia/instance.cfg.in

@@ -54,7 +54,7 @@ template = inline:
     root $${directory:frontend-static}
     browse
     proxy / $${theia-instance:base-url} {
-      except public $${favicon.ico:filename}
+      except $${frontend-instance-fonts:folder-name} $${frontend-instance-slapos.css:folder-name} public $${favicon.ico:filename} $${frontend-instance-logo:filename}
     }
     proxy /services $${theia-instance:base-url} {
       websocket
@@ -83,6 +83,33 @@ port = $${frontend-instance-config:port}
 pidfile = $${directory:pidfiles}/$${:_buildout_section_name_}.pid
 url = https://$${:hostname}:$${:port}/
 
+[frontend-instance-fonts]
+; XXX caddy 1 does not seem to serve different folders at different locations
+; so we link fonts in static folder
+recipe = plone.recipe.command
+location = $${directory:frontend-static}/$${:folder-name}
+folder-name = fonts
+command =
+  mkdir $${:location}
+  ln -s ${source-code-pro-fonts:location} $${:location}/source-code-pro
+  ln -s ${jetbrains-mono-fonts:location} $${:location}/jetbrains-mono
+stop-on-error = true
+
+[frontend-instance-logo]
+recipe = plone.recipe.command
+filename = logo.png
+command =
+  ln -s ${logo.png:output} $${directory:frontend-static}/$${:filename}
+stop-on-error = true
+
+[frontend-instance-slapos.css]
+recipe = slapos.recipe.template:jinja2
+template = ${slapos.css.in:output}
+rendered = $${directory:frontend-static}/$${:folder-name}/slapos.css
+folder-name = css
+context =
+  key logo_image frontend-instance-logo:filename
+
 [frontend-reload]
 recipe = slapos.cookbook:wrapper
 wrapper-path = $${directory:services}/$${:_buildout_section_name_}
@@ -220,11 +247,14 @@ rendered = $${directory:bin}/$${:_buildout_section_name_}
 mode = 0700
 template = inline:
   #!${python:location}/bin/python
-  import sys
   import os
+  import sys
+  import time
   args = sys.argv[1:]
   # when running interactively, activate slapos configuration and reset GIT_EXEC_PATH to workaround https://github.com/eclipse-theia/theia/issues/7555
   if not args: args = ["-c", ". $${slapos-standalone-activate:rendered} && exec env GIT_EXEC_PATH= ${bash:location}/bin/bash", ]
+  # otherwise, assume this shell is running task and add an artificial delay to workaround https://github.com/eclipse-theia/theia/issues/2961
+  else: time.sleep(1)
   os.execv('${bash:location}/bin/bash', ['${bash:location}/bin/bash']  + args)
 
 [slapos-standalone-activate]
@@ -323,3 +353,4 @@ project = $${:srv}/project
 slapos = $${:srv}/slapos
 frontend-static = $${:srv}/frontend-static
 frontend-static-public = $${:frontend-static}/public
+frontend-static-css = $${:frontend-static}/css

software/theia/preloadTemplate.html

+<script>
+let link = document.createElement('link');
+link.rel = "stylesheet";
+link.href = "/css/slapos.css";
+document.head.appendChild(link);
+</script>
\ No newline at end of file

software/theia/python-language-server-requirements.txt

@@ -14,7 +14,7 @@ parso==0.3.2
 pluggy==0.8.1
 pydocstyle==3.0.0
 pyflakes==2.1.0
-pygls==0.8.1
+pygls==0.9.1
 pylint==2.4.4
 python-jsonrpc-server==0.1.2
 -e git+https://github.com/palantir/python-language-server@50d03d5931d564e9908292ccfa21dd629ee817ba#egg=python_language_server
@@ -26,5 +26,5 @@ typed-ast==1.4.1
 typing-extensions==3.7.4.2
 wrapt==1.11.2
 yapf==0.29.0
-zc.buildout.languageserver==0.2.1
-theia-open==0.1.2
+zc.buildout.languageserver==0.4.0
+theia-open==0.3.0

software/theia/software.cfg

@@ -11,6 +11,7 @@ extends =
    ../../component/curl/buildout.cfg
    ../../component/coreutils/buildout.cfg
    ../../component/java-jdk/buildout.cfg
+   ../../component/fonts/buildout.cfg
    ../../stack/slapos.cfg
    ../../stack/monitor/buildout.cfg
    ../../component/defaults.cfg
@@ -116,22 +117,24 @@ eggs =
   supervisor
   setuptools
 
+[template-base]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/${:filename}
+output = ${buildout:parts-directory}/${:_buildout_section_name_}
+mode = 0644
+
 [python-language-server]
 version = 0.19.0
 recipe = plone.recipe.command
 command =
-  PATH=${git:location}/bin/:$PATH  bash -c "${python3:executable} -m venv ${:location} && \
+  PATH=${git:location}/bin/:$PATH  bash -c "${python3:executable} -m venv --clear ${:location} && \
     . ${:location}/bin/activate && \
     pip install -r ${python-language-server-requirements.txt:output}"
 location = ${buildout:parts-directory}/${:_buildout_section_name_}
 stop-on-error = true
 
 [python-language-server-requirements.txt]
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/${:filename}
-output = ${buildout:parts-directory}/${:_buildout_section_name_}
-mode = 0644
-
+<= template-base
 
 [theia]
 recipe = plone.recipe.command
@@ -152,10 +155,16 @@ uses = ${yarn.lock:recipe}
 THEIA_DEFAULT_PLUGINS = ${:location}/plugins/
 
 [yarn.lock]
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/${:filename}
-output = ${buildout:parts-directory}/${:_buildout_section_name_}
-mode = 0644
+<= template-base
+
+[preloadTemplate.html]
+<= template-base
+
+[slapos.css.in]
+<= template-base
+
+[logo.png]
+<= template-base
 
 [package.json]
 recipe = slapos.recipe.template:jinja2
@@ -193,6 +202,11 @@ template =
                       "java.home": "${java-jdk:location}"
                   }
               }
+          },
+          "generator": {
+              "config": {
+                  "preloadTemplate": "${preloadTemplate.html:output}"
+              }
           }
       },
       "dependencies": {
@@ -309,8 +323,11 @@ template =
           "vscode-java-test": "https://github.com/microsoft/vscode-java-test/releases/download/0.22.0/vscjava.vscode-java-test-0.22.0.vsix",
           "vscode-python": "https://github.com/microsoft/vscode-python/releases/download/2020.1.58038/ms-python-release.vsix",
           "vscode-ruby": "https://github.com/rubyide/vscode-ruby/releases/download/v0.25.0/ruby-0.25.0.vsix",
-          "vscode-zc-buildout": "https://github.com/perrinjerome/vscode-zc-buildout/releases/download/v0.2.0/vscode-zc-buildout-0.2.0.vsix",
-          "plantuml": "https://open-vsx.org/api/jebbs/plantuml/2.13.12/file/jebbs.plantuml-2.13.12.vsix"
+          "vscode-zc-buildout": "https://github.com/perrinjerome/vscode-zc-buildout/releases/download/v0.4.0/vscode-zc-buildout-0.4.0.vsix",
+          "plantuml": "https://open-vsx.org/api/jebbs/plantuml/2.13.12/file/jebbs.plantuml-2.13.12.vsix",
+          "diff": "https://open-vsx.org/api/rafaelmaiolla/diff/0.0.1/file/rafaelmaiolla.diff-0.0.1.vsix",
+          "git-commit-syntax": "https://github.com/perrinjerome/git-commit-syntax/releases/download/v0.0.1/git-commit-syntax-0.0.1.vsix",
+          "git-rebase-syntax": "https://github.com/perrinjerome/git-rebase-syntax/releases/download/v0.0.1/git-rebase-syntax-0.0.1.vsix"
       }
     }
 rendered = ${buildout:directory}/${:_buildout_section_name_}
@@ -322,7 +339,7 @@ golang = ${golang1.14:location}
 
 [gowork.goinstall]
 command =
-  bash -c ". ${gowork:env.sh} && GO111MODULE=on go get golang.org/x/tools/gopls@v0.4.3"
+  bash -c ". ${gowork:env.sh} && GO111MODULE=on go get golang.org/x/tools/gopls@v0.4.3 && cd ${go_github.com_caddyserver_caddy:location} && GO111MODULE=on go install -v github.com/caddyserver/caddy/..."
 
 
 [cli-utilities]
@@ -345,9 +362,7 @@ template =
 
 
 [instance]
-recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/${:filename}
-mode = 0644
+<= template-base
 output = ${buildout:directory}/instance.cfg
 
 [versions]

software/theia/test/test.py

@@ -32,6 +32,7 @@ import logging
 import subprocess
 import tempfile
 import time
+import re
 from six.moves.urllib.parse import urlparse, urljoin
 
 import pexpect
@@ -81,6 +82,16 @@ class TestTheia(SlapOSInstanceTestCase):
     self.assertEqual(requests.codes.ok, resp.status_code)
     self.assertTrue(resp.raw)
 
+    # there is a CSS referencing fonts
+    css_text = requests.get(urljoin(authenticated_url, '/css/slapos.css'), verify=False).text
+    css_urls = re.findall(r'url\([\'"]+([^\)]+)[\'"]+\)', css_text)
+    self.assertTrue(css_urls)
+    # and fonts are served
+    for url in css_urls:
+      resp = requests.get(urljoin(authenticated_url, url), verify=False)
+      self.assertEqual(requests.codes.ok, resp.status_code)
+      self.assertTrue(resp.raw)
+
   def test_theia_slapos(self):
     # Make sure we can use the shell and the integrated slapos command
     process = pexpect.spawnu(
@@ -134,7 +145,7 @@ class TestTheia(SlapOSInstanceTestCase):
     process.wait()
 
   def test_theia_shell_execute_tasks(self):
-    # shell needs to understand -c "comamnd" arguments for theia tasks feature
+    # shell needs to understand -c "command" arguments for theia tasks feature
     test_file = '{}/test file'.format(self.computer_partition_root_path)
     subprocess.check_call([
         '{}/bin/theia-shell'.format(self.computer_partition_root_path),

stack/slapos.cfg

@@ -180,7 +180,7 @@ slapos.libnetworkcache = 0.20
 slapos.rebootstrap = 4.5
 slapos.recipe.build = 0.46
 slapos.recipe.cmmi = 0.16
-slapos.toolbox = 0.111
+slapos.toolbox = 0.112
 stevedore = 1.21.0
 subprocess32 = 3.5.3
 unicodecsv = 0.14.1