1. 12 Jan, 2024 4 commits
    • Jérome Perrin's avatar
      stack/erp5: use caucase managed certificate for balancer · 55f3b5c9
      Jérome Perrin authored
      This reverts commit 620c9332 (stack/erp5: stop using caucase managed
      certificate for balancer, 2020-11-10) with an updated design. We add a
      caucase service for balancer in the balancer partition. The caucase
      service from the root partition (that was not used) is removed.
      
      The underlying idea is that the default configuration should use multiple
      caucases with limited scope, here we have one caucase to manage the
      certificate used by haproxy server in the balancer partition, so we put
      one caucase to manage this certificate and the caucase is configured to
      auto-accept one certificate only. The plan is that when we will add a
      certificate for mariadb server, we'll add another caucase inside this
      mariadb server.
      
      For more advanced usage and also to support the cases where a new
      certificate needs to be re-emitted for some reason, users can request
      with an existing caucase URL. In that case, they will have to accept
      the certificate requests.
      
      Notable changes:
      
      balancer/ssl/caucase-url is no longer documented in parameters, this is
      an internal parameter, users can pass one global caucase service to
      manage all partition
      
      CAUCASE environment variable is no longer set when running zope. There
      was no identified use case and with this new approach of multiple
      caucases, the term "caucase" alone became ambiguous.
      55f3b5c9
    • Jérome Perrin's avatar
      stack/erp5: remove not used "backend-path" · 5e84d4be
      Jérome Perrin authored
      This is not documented in schema and has no effect in erp5 (but this is
      still used for slapos-master)
      5e84d4be
    • Jérome Perrin's avatar
    • Jérome Perrin's avatar
      ERP5: rework frontend instance parameter · be00f177
      Jérome Perrin authored
      This change the format or the (mostly) unused frontend parameter to
      support requesting more than one frontend and also enable the request of
      a frontend by default, so that requesting a frontend separately is no
      longer needed.
      
      The `frontend` parameter now also supports requesting frontends for
      specific paths on the ERP5 backend, the example below requests a
      frontend serving directly a web site, with the necessary rewrite rules:
      
      ```js
      {
        "frontend": {
          "default": {
            "internal-path": "/erp5/web_site_module/renderjs_runner/"
          }
        }
      }
      ```
      
      The example below requests a default frontend to the erp5 root, to
      access the ZMI or erp5_xhtml_style interface and two web sites:
      
      ```js
      {
        "frontend": {
          "default": {},
          "erp5js": {
            "internal-path": "/erp5/web_site_module/renderjs_runner/"
          },
          "crm": {
            "internal-path": "/erp5/web_site_module/erp5_officejs_support_request_ui/"
          }
        }
      }
      ```
      
      The example below has an explicit definition of the zope families using
      `zope-partition-dict` parameter, because there is more than one zope
      family, no frontend is requested by default:
      
      ```js
      {
        "zope-partition-dict": {
          "backoffice": {
            "family": "backoffice"
          },
          "web": {
            "family": "web"
          },
          "activities": {
            "family": "activities"
          }
        }
      }
      ```
      
      Continuing this example, to have frontends for backoffice and web
      families, the frontend request can specify the families, like it is
      demonstrated in the example below. In this example, we don't specify an
      entry for "activities" family, so no frontend will be requested for
      this family.
      
      ```js
      {
        "frontend": {
          "backoffice": {
            "zope-family": "backoffice"
          },
          "web": {
            "zope-family": "web",
            "internal-path": "/erp5/web_site_module/web_site/"
          }
        }
        "zope-partition-dict": {
          "backoffice": {
            "family": "backoffice"
          },
          "web": {
            "family": "web"
          },
          "activities": {
            "family": "activities"
          }
        }
      }
      ```
      be00f177
  2. 11 Jan, 2024 3 commits
  3. 05 Jan, 2024 1 commit
    • Kirill Smelkov's avatar
      format-json, test: Don't force ASCII · cd75648d
      Kirill Smelkov authored
      Currently, due to ensure_ascii=True default of json.dumps, we are
      insisting on our JSON schemas to be ascii-only and all other characters
      to be represented by \uxxxx escapes. So far this was not problematic as
      all our schemas contains only ASCII characters, but upcoming
      ors-amarisoft changes want to use e.g. "→" symbol:
      
          https://lab.nexedi.com/kirr/slapos/blob/b51f5523/software/ors-amarisoft/software.cfg.json#L15
      
      which currently results in failure of json-schema test:
      
          FAIL: test_ors-amarisoft_software_cfg_json_format (slapos.test.test_json_schema.TestJSONSchemaValidation)
          ...
      
          First differing element 14:
          '      "title": "\\u2192  eNB/gNB | Radio Unit",'
          '      "title": "→  eNB/gNB | Radio Unit",'
      
      And in general, in 2023 I think there is no reason to insist on our schemas to
      be ASCII-only: say if one wants to describe something about "α" parameter. It
      would be good to use that α character directly and seeing it in the editor,
      instead of using escapes all the time.
      
      As indicated by below stackoverflow answer "JSON spec requires UTF-8 support by
      decoders": https://stackoverflow.com/a/594881/9456786 , and indeed checking
      JSON specification also confirms that by default JSON decoders shall use UTF-8:
      
          https://datatracker.ietf.org/doc/html/rfc7159#section-8.1
      
      This way, I think, we can switch to UTF-8 safely.
      
      /reviewed-by @jerome, @lu.xu
      /reviewed-on nexedi/slapos!1498
      cd75648d
  4. 04 Jan, 2024 1 commit
  5. 02 Jan, 2024 3 commits
  6. 29 Dec, 2023 1 commit
  7. 28 Dec, 2023 3 commits
  8. 25 Dec, 2023 8 commits
  9. 20 Dec, 2023 1 commit
    • Titouan Soulard's avatar
      software/rapid-cdn: avoid RegExp to validate hostnames · 11336190
      Titouan Soulard authored
      Using RegExp to validate hostnames is a bad practice, and has a lot of reasons to be wrong.
      On top of that, the JSON Schema specification allows, since draft 7, to validate hostnames
      against an IDN hostname, by using the `idn-hostname` format.
      
      With these changes, IDN are now supported (.рф and .中國 for instance), and long TLD
      should not be a problem anymore.
      11336190
  10. 19 Dec, 2023 1 commit
  11. 18 Dec, 2023 2 commits
  12. 15 Dec, 2023 1 commit
  13. 14 Dec, 2023 6 commits
  14. 13 Dec, 2023 5 commits