Commit 0aa55f43 by Łukasz Nowak

Update Release Candidate

2 parents 37758eee dae07f95
Showing 37 changed files with 94 additions and 119 deletions
......@@ -64,18 +64,18 @@ md5sum = 096c1c18b44c269808bd815d58c53c8f
[debian-amd64-jessie-netinst.iso]
<= debian-amd64-netinst-base
version = 8.10.0
md5sum = 19dcfc381bd3e609c6056216d203f5bc
version = 8.11.1
md5sum = df0ce86d0b1d81e232ad08eef58754ed
[debian-amd64-netinst.iso]
# Download the installer of Debian 9 (Stretch)
<= debian-amd64-netinst-base
version = 9.4.0
md5sum = 73bd8aaaeb843745ec939f6ae3906e48
version = 9.8.0
md5sum = e0a43cbb8b991735c1b38e7041019658
[debian-amd64-testing-netinst.iso]
# Download the installer of Debian Buster
<= debian-amd64-netinst-base
release = buster_di_alpha2
version = buster-DI-alpha2
md5sum = fbdc192f8857e2bd884e41481ed0fc09
release = buster_di_rc1
version = buster-DI-rc1
md5sum = cf8f8e3afef91f3ce3a09e7cc5f530f0
......@@ -49,6 +49,12 @@ debconf.debconf =
debian-squeeze/preseed.mirror/country = manual
debian-squeeze/preseed.mirror/http/hostname = archive.debian.org
debian-squeeze/preseed.mirror/http/directory = /debian
debian-wheezy/preseed.mirror/country = manual
debian-wheezy/preseed.mirror/http/hostname = archive.debian.org
debian-wheezy/preseed.mirror/http/directory = /debian
debian-jessie/preseed.mirror/country = manual
debian-jessie/preseed.mirror/http/hostname = archive.debian.org
debian-jessie/preseed.mirror/http/directory = /debian
# minimal size
preseed.apt-setup/enable-source-repositories = false
preseed.recommends = false
......
......@@ -17,16 +17,20 @@ import collections
def main():
exit_code = 0
for f in sys.argv[1:]:
print 'Processing %s' % (f,)
with open(f, 'rb') as infile:
try:
obj = json.load(infile, object_pairs_hook=collections.OrderedDict)
except ValueError as e:
raise SystemExit(e)
with open(f, 'wb') as outfile:
json.dump(obj, outfile, sort_keys=False, indent=2, separators=(',', ': '))
outfile.write('\n')
exit_code = 1
print e
else:
with open(f, 'wb') as outfile:
json.dump(obj, outfile, sort_keys=False, indent=2, separators=(',', ': '))
outfile.write('\n')
sys.exit(exit_code)
if __name__ == '__main__':
main()
......@@ -92,6 +92,27 @@ SSL keys and certificates are directly send to the frontend cluster in order to
*Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate. This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs.
Obtaining CA for KeDiFa
-----------------------
KeDiFa uses caucase and so it is required to obtain caucase CA certificate used to sign KeDiFa SSL certificate, in order to be sure that certificates are sent to valid KeDiFa.
The easiest way to do so is to use caucase.
On some secure and trusted box which will be used to upload certificate to master or slave frontend partition install caucase https://pypi.org/project/caucase/
Master and slave partition will return key ``kedifa-caucase-url``, so then create and start a ``caucase-updater`` service::
caucase-updater \
--ca-url "${kedifa-caucase-url}" \
--cas-ca "${frontend_name}.caucased.ca.crt" \
--ca "${frontend_name}.ca.crt" \
--crl "${frontend_name}.crl"
where ``frontend_name`` is a frontend cluster to which you will upload the certificate (it can be just one slave).
Make sure it is automatically started when trusted machine reboots: you want to have it running so you can forget about it. It will keep KeDiFa's CA certificate up to date when it gets renewed so you know you are still talking to the same service as when you previously uploaded the certificate, up to the original upload.
Master partition
----------------
......@@ -105,12 +126,12 @@ Example sessions is::
request(...)
curl -X GET master-key-generate-auth-url
curl -g -X GET --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" master-key-generate-auth-url
> authtoken
cat certificate.pem key.pem ca-bundle.pem > master.pem
curl -X PUT --data-binary @master.pem master-key-upload-url+authtoken
curl -g -X PUT --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" --data-binary @master.pem master-key-upload-url+authtoken
This replaces old request parameters:
......@@ -133,12 +154,12 @@ Example sessions is::
request(...)
curl -X GET key-generate-auth-url
curl -g -X GET --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" key-generate-auth-url
> authtoken
cat certificate.pem key.pem ca-bundle.pem > master.pem
curl -X PUT --data-binary @master.pem key-upload-url+authtoken
curl -g -X PUT --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" --data-binary @master.pem key-upload-url+authtoken
This replaces old request parameters:
......
......@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend]
filename = instance-apache-frontend.cfg.in
md5sum = bde0f62dfe2eeef8f10b4315535095cb
md5sum = 6abe3aae72a83ef90e484d00cc70490d
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
......@@ -30,7 +30,7 @@ md5sum = d62aefe002ec13875924e4c219914795
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = 75439cb035393e68c73672b224bead54
md5sum = 57f562311bac6dbf85cd35891eaa6743
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
......@@ -38,7 +38,7 @@ md5sum = 54ae95597a126ae552c3a913ddf29e5e
[template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in
md5sum = 38e9994be01ea1b8a379f8ff7aa05438
md5sum = eb9ca67763d60843483d95dab2c301b1
[template-caddy-frontend-configuration]
filename = templates/Caddyfile.in
......@@ -110,4 +110,4 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8
[template-kedifa]
filename = instance-kedifa.cfg.in
md5sum = cc6f32656e76f4b79b5e47567b930f74
md5sum = 2eecc01a16f6ae156c3a7889eef42c34
......@@ -24,7 +24,6 @@ parts =
promise-caddy-frontend-v6-http
promise-caddy-frontend-cached
promise-caddy-frontend-ssl-cached
promise-caddy-is-process-older-than-dependency-set
trafficserver-launcher
trafficserver-reload
......@@ -61,7 +60,6 @@ log = ${:var}/log
run = ${:var}/run
service = ${:etc}/service
etc-run = ${:etc}/run
promise = ${:etc}/promise
plugin = ${:etc}/plugin
ca-dir = ${:srv}/ssl
......@@ -261,7 +259,6 @@ extra-context =
section caddy_configuration caddy-configuration
key monitor_base_url monitor-instance-parameter:monitor-base-url
key plugin_directory directory:plugin
key promise_directory directory:promises
key report_directory directory:bin
key bin_directory :bin_directory
key enable_http2_by_default configuration:enable-http2-by-default
......@@ -634,11 +631,6 @@ name = caddy_ssl_cached.py
config-hostname = {{ instance_parameter['ipv4-random'] }}
config-port = ${caddy-configuration:ssl-cache-through-port}
[promise-caddy-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['bin_directory'] }}/is-process-older-than-dependency-set ${caddy-configuration:pid-file}
wrapper-path = ${directory:promise}/caddy-frontend-is-running-actual-software-release
#######
# Monitoring sections
#
......
......@@ -222,6 +222,7 @@ hash-files = ${buildout:directory}/software_release/buildout.cfg
{%- do slave_dict.__setitem__('key-generate-auth-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}/generateauth' % (slave_reference,)) -%}
{%- do slave_dict.__setitem__('key-upload-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}?auth=' % (slave_reference,)) -%}
{%- do slave_dict.__setitem__('key-download-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}' % (slave_reference,)) -%}
{%- do slave_dict.__setitem__('kedifa-caucase-url', caucase_url ) -%}
{%- do slave_kedifa_information.__setitem__(slave_reference, slave_dict) %}
[{{ slave_reference }}-auth-random-generate]
recipe = plone.recipe.command
......
......@@ -54,6 +54,10 @@
"description": "Certificate used to serve data on kedifa-csr_id-url.",
"type": "string"
},
"kedifa-caucase-url": {
"description": "Url to caucase used by KeDiFa.",
"type": "string"
},
"caddy-frontend-N-csr_id-url": {
"description": "URL on which frontend node number N publishes its csr_id sent to caucase.",
"type": "string"
......@@ -61,6 +65,14 @@
"caddy-frontend-N-csr_id-certificate": {
"description": "Certificate used to serve data on caddy-frontend-N-csr_id-url.",
"type": "string"
},
"warning-slave-dict": {
"description": "Dict of slaves which got warnings. Keys are slave references, values are lists of warnings on slaves.",
"type": "array"
},
"warning-list": {
"description": "List of warning found during the request.",
"type": "array"
}
},
"type": "object"
......
......@@ -96,7 +96,7 @@
],
"title": "Prefer gzip Encoding for Backend",
"type": "string"
},
}
},
"title": "Input Parameters",
"type": "object"
......
......@@ -8,11 +8,11 @@
},
"key-generate-auth-url": {
"description": "URL to GET once auth for key-upload-url",
"type": "array"
"type": "string"
},
"key-upload-url": {
"description": "URL to PUT PEM bundle of certificate and key",
"type": "array"
"type": "string"
},
"log-access-url": {
"description": "List of URLs to access logs",
......@@ -41,6 +41,14 @@
"request-error-list": {
"description": "In case if slave has been rejected by master or has error in the request, the list contains information about each problem",
"type": "array"
},
"warning-list": {
"description": "List of warning found during the request.",
"type": "array"
},
"kedifa-caucase-url": {
"description": "URL to caucase used by KeDiFa",
"type": "string"
}
},
"type": "object"
......
......@@ -442,6 +442,13 @@ command-line = {{ kedifa_updater }}
wrapper-path = {{ service_directory }}/kedifa-updater
hash-files = ${buildout:directory}/software_release/buildout.cfg
[kedifa-updater-run]
recipe = plone.recipe.command
# unfortunately slapos.cookbook:wrapper does not return generated wrapper path
# so it is needed to access it via service directory globbing
command = {{ service_directory }}/kedifa-updater* --once
update-command = ${:command}
[kedifa-updater-mapping]
recipe = slapos.recipe.template:jinja2
file = {{ kedifa_updater_mapping_file }}
......@@ -466,6 +473,7 @@ extends =
parts +=
kedifa-updater
kedifa-updater-run
caddy-log-access-header
{% for part in part_list %}
{{ ' %s' % part }}
......
......@@ -48,6 +48,7 @@
{% endif %}
{% do slave_information_dict[slave_reference].__setitem__('key-generate-auth-url', kedifa_dict['key-generate-auth-url']) %}
{% do slave_information_dict[slave_reference].__setitem__('key-upload-url', kedifa_dict['key-upload-url']) %}
{% do slave_information_dict[slave_reference].__setitem__('kedifa-caucase-url', kedifa_dict['kedifa-caucase-url']) %}
{% endif %}
{% endfor %}
......
......@@ -469,6 +469,12 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
base + r'\?auth=$'
)
kedifa_caucase_url = parameter_dict.pop('kedifa-caucase-url')
self.assertEqual(
kedifa_caucase_url,
'http://[%s]:%s' % (SLAPOS_TEST_IPV6, CAUCASE_PORT),
)
return generate_auth_url, upload_url
def assertKeyWithPop(self, key, d):
......@@ -546,8 +552,6 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
{
'monitor-base-url': None,
'domain': 'None',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'accepted-slave-amount': '0',
'rejected-slave-amount': '0',
'slave-amount': '0',
......@@ -580,8 +584,6 @@ class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin):
{
'monitor-base-url': None,
'domain': 'example.com',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'accepted-slave-amount': '0',
'rejected-slave-amount': '0',
'slave-amount': '0',
......@@ -744,7 +746,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
# run partition for slaves to be setup
cls.runComputerPartitionUntil(
cls.untilSlavePartitionReady)
cls.runKedifaUpdater()
# run once more slapos node instance, as kedifa-updater sets up
# certificates needed for caddy-frontend, and on this moment it can be
# not started yet
......@@ -1230,8 +1231,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'accepted-slave-amount': '48',
'rejected-slave-amount': '4',
'slave-amount': '52',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'rejected-slave-dict': {
"_apache_custom_http_s-rejected": ["slave not authorized"],
"_caddy_custom_http_s": ["slave not authorized"],
......@@ -3715,8 +3714,6 @@ class TestMalformedBackenUrlSlave(SlaveHttpFrontendTestCase,
'domain': 'example.com',
'accepted-slave-amount': '1',
'rejected-slave-amount': '2',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'slave-amount': '3',
'rejected-slave-dict': {
'_https-url': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
......@@ -3984,8 +3981,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
expected_parameter_dict = {
'monitor-base-url': None,
'domain': 'example.com',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'accepted-slave-amount': '8',
'rejected-slave-amount': '2',
'slave-amount': '10',
......@@ -4351,8 +4346,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
expected_parameter_dict = {
'monitor-base-url': None,
'domain': 'example.com',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'accepted-slave-amount': '1',
'rejected-slave-amount': '3',
'slave-amount': '4',
......@@ -4795,8 +4788,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
u"_ssl_key-ssl_crt-unsafe":
[u"slave ssl_key and ssl_crt does not match"]
},
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'warning-list': [
u'apache-certificate is obsolete, please use master-key-upload-url',
u'apache-key is obsolete, please use master-key-upload-url',
......@@ -5480,8 +5471,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
'rejected-slave-amount': '0',
'rejected-slave-dict': {},
'slave-amount': '1',
'kedifa-caucase-url': 'http://[%s]:%s' % (
SLAPOS_TEST_IPV6, CAUCASE_PORT),
'warning-list': [
u'apache-certificate is obsolete, please use master-key-upload-url',
u'apache-key is obsolete, please use master-key-upload-url',
......@@ -5532,7 +5521,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
})
self.runComputerPartition(max_quantity=1)
self.runKedifaUpdater()
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
......
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-3/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-3/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
T-1/etc/promise/caucased: OK
T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
......@@ -77,7 +77,6 @@ scripts =
monitor.runpromise
monitor.genstatus
monitor.configwrite
is-process-older-than-dependency-set
check-computer-memory
[monitor-eggs]
......
......@@ -14,7 +14,7 @@
# not need these here).
[template-erp5]
filename = instance-erp5.cfg.in
md5sum = edf81a602137858cd5835c050ac6e08c
md5sum = c4941a1c862474b71fd7255feb830299
[template-balancer]
filename = instance-balancer.cfg.in
......
......@@ -96,7 +96,7 @@ backup-caucased = ${:srv}/backup/caucased
{{ request('memcached-volatile', 'kumofs', 'memcached', {'tcpv4-port': 2010, 'ram-storage-size': 64}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
{{ request('mariadb', 'mariadb', 'mariadb', {'tcpv4-port': 2099, 'max-slowqueries-threshold': monitor_dict.get('max-slowqueries-threshold', 1000), 'slowest-query-threshold': monitor_dict.get('slowest-query-threshold', ''), 'test-database-amount': test_runner_total_database_count}, {'database-list': True, 'test-database-list': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
{% if has_posftix -%}
{{ request('smtp', 'postfix', 'smtp', {'tcpv4-port': 2025, 'smtpd-sasl-user': 'erp5@nowhere'}, key_config={'smtpd-sasl-password': 'publish-early:smtpd-sasl-password'}) }}
{{ request('smtp', 'postfix', 'smtp', {'tcpv4-port': 2025, 'smtpd-sasl-user': 'erp5@nowhere'}, key_config={'smtpd-sasl-password': 'publish-early:smtpd-sasl-password', 'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
{%- else %}
[request-smtp]
# Placeholder smtp service URL
......@@ -135,7 +135,7 @@ connection-url = smtp://127.0.0.2:0/
{% endif -%}
{% endfor -%}
{% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%}
{% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%}
{% set zope_address_list_id_dict = {} -%}
{% if zope_partition_dict -%}
......
......@@ -14,4 +14,4 @@
# not need these here).
[monitor2-template]
filename = instance-monitor.cfg.jinja2.in
md5sum = 8ba788b85f2649d8e0f8b9905edcf8a0
md5sum = da5fa743dba8709dfdd9c2d474741de8
......@@ -228,11 +228,6 @@ input = inline:#!/bin/sh
output = ${directory:bin}/xnice
mode = 700
[promise-monitor-httpd-is-process-older-than-dependency-set]
recipe = slapos.cookbook:wrapper
command-line = {{ bin_directory }}/is-process-older-than-dependency-set ${monitor-httpd-conf-parameter:pid-file}
wrapper-path = ${directory:promises}/promise-monitor-httpd-is-process-older-than-dependency-set
[monitor-globalstate-wrapper]
recipe = slapos.cookbook:wrapper
command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:rendered}'
......@@ -411,7 +406,6 @@ depends =
${monitor-bootstrap-promise:name}
${monitor-symlink:recipe}
${promise-check-slapgrid:recipe}
${promise-monitor-httpd-is-process-older-than-dependency-set:wrapper-path}
${logrotate-entry-monitor-httpd:name}
${logrotate-entry-monitor-data:name}
${logrotate-entry-monitor-promise-history:name}
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!