Update Release Candidate

0aa55f43 · Łukasz Nowak · 37758eee · dae07f95 · 0aa55f43 · 0aa55f43
Commit 0aa55f43 authored May 08, 2019 by Łukasz Nowak
37 changed files
--- a/component/qemu-kvm/buildout.cfg
+++ b/component/qemu-kvm/buildout.cfg
@@ -64,18 +64,18 @@ md5sum = 096c1c18b44c269808bd815d58c53c8f

 [debian-amd64-jessie-netinst.iso]
 <= debian-amd64-netinst-base
-version = 8.10.0
-md5sum = 19dcfc381bd3e609c6056216d203f5bc
+version = 8.11.1
+md5sum = df0ce86d0b1d81e232ad08eef58754ed

 [debian-amd64-netinst.iso]
 # Download the installer of Debian 9 (Stretch)
 <= debian-amd64-netinst-base
-version = 9.4.0
-md5sum = 73bd8aaaeb843745ec939f6ae3906e48
+version = 9.8.0
+md5sum = e0a43cbb8b991735c1b38e7041019658

 [debian-amd64-testing-netinst.iso]
 # Download the installer of Debian Buster
 <= debian-amd64-netinst-base
-release = buster_di_alpha2
-version = buster-DI-alpha2
-md5sum = fbdc192f8857e2bd884e41481ed0fc09
+release = buster_di_rc1
+version = buster-DI-rc1
+md5sum = cf8f8e3afef91f3ce3a09e7cc5f530f0
--- a/component/vm-img/debian.cfg
+++ b/component/vm-img/debian.cfg
@@ -49,6 +49,12 @@ debconf.debconf =
 debian-squeeze/preseed.mirror/country = manual
 debian-squeeze/preseed.mirror/http/hostname = archive.debian.org
 debian-squeeze/preseed.mirror/http/directory = /debian
+debian-wheezy/preseed.mirror/country = manual
+debian-wheezy/preseed.mirror/http/hostname = archive.debian.org
+debian-wheezy/preseed.mirror/http/directory = /debian
+debian-jessie/preseed.mirror/country = manual
+debian-jessie/preseed.mirror/http/hostname = archive.debian.org
+debian-jessie/preseed.mirror/http/directory = /debian
 # minimal size
 preseed.apt-setup/enable-source-repositories = false
 preseed.recommends = false

--- a/format-json
+++ b/format-json
@@ -17,16 +17,20 @@ import collections


 def main():
+  exit_code = 0
  for f in sys.argv[1:]:
+    print 'Processing %s' % (f,)
    with open(f, 'rb') as infile:
      try:
        obj = json.load(infile, object_pairs_hook=collections.OrderedDict)
      except ValueError as e:
-        raise SystemExit(e)
-
-    with open(f, 'wb') as outfile:
-      json.dump(obj, outfile, sort_keys=False, indent=2, separators=(',', ': '))
-      outfile.write('\n')
+        exit_code = 1
+        print e
+      else:
+        with open(f, 'wb') as outfile:
+          json.dump(obj, outfile, sort_keys=False, indent=2, separators=(',', ': '))
+          outfile.write('\n')
+  sys.exit(exit_code)

 if __name__ == '__main__':
  main()
--- a/software/caddy-frontend/README.caddy_frontend.rst
+++ b/software/caddy-frontend/README.caddy_frontend.rst
@@ -92,6 +92,27 @@ SSL keys and certificates are directly send to the frontend cluster in order to

 *Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate.  This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs.

+Obtaining CA for KeDiFa
+-----------------------
+
+KeDiFa uses caucase and so it is required to obtain caucase CA certificate used to sign KeDiFa SSL certificate, in order to be sure that certificates are sent to valid KeDiFa.
+
+The easiest way to do so is to use caucase.
+
+On some secure and trusted box which will be used to upload certificate to master or slave frontend partition install caucase https://pypi.org/project/caucase/
+
+Master and slave partition will return key ``kedifa-caucase-url``, so then create and start a ``caucase-updater`` service::
+
+  caucase-updater \
+    --ca-url "${kedifa-caucase-url}" \
+    --cas-ca "${frontend_name}.caucased.ca.crt" \
+    --ca "${frontend_name}.ca.crt" \
+    --crl "${frontend_name}.crl"
+
+where ``frontend_name`` is a frontend cluster to which you will upload the certificate (it can be just one slave).
+
+Make sure it is automatically started when trusted machine reboots: you want to have it running so you can forget about it. It will keep KeDiFa's CA certificate up to date when it gets renewed so you know you are still talking to the same service as when you previously uploaded the certificate, up to the original upload.
+
 Master partition
 ----------------

@@ -105,12 +126,12 @@ Example sessions is::

  request(...)

-  curl -X GET master-key-generate-auth-url
+  curl -g -X GET --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" master-key-generate-auth-url
  > authtoken

  cat certificate.pem key.pem ca-bundle.pem > master.pem

-  curl -X PUT --data-binary @master.pem master-key-upload-url+authtoken
+  curl -g -X PUT --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" --data-binary @master.pem master-key-upload-url+authtoken

 This replaces old request parameters:

@@ -133,12 +154,12 @@ Example sessions is::

  request(...)

-  curl -X GET key-generate-auth-url
+  curl -g -X GET --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" key-generate-auth-url
  > authtoken

  cat certificate.pem key.pem ca-bundle.pem > master.pem

-  curl -X PUT --data-binary @master.pem key-upload-url+authtoken
+  curl -g -X PUT --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" --data-binary @master.pem key-upload-url+authtoken

 This replaces old request parameters:


--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b

 [template-apache-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = bde0f62dfe2eeef8f10b4315535095cb
+md5sum = 6abe3aae72a83ef90e484d00cc70490d

 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -30,7 +30,7 @@ md5sum = d62aefe002ec13875924e4c219914795

 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 75439cb035393e68c73672b224bead54
+md5sum = 57f562311bac6dbf85cd35891eaa6743

 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -38,7 +38,7 @@ md5sum = 54ae95597a126ae552c3a913ddf29e5e

 [template-replicate-publish-slave-information]
 filename = templates/replicate-publish-slave-information.cfg.in
-md5sum = 38e9994be01ea1b8a379f8ff7aa05438
+md5sum = eb9ca67763d60843483d95dab2c301b1

 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
@@ -110,4 +110,4 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8

 [template-kedifa]
 filename = instance-kedifa.cfg.in
-md5sum = cc6f32656e76f4b79b5e47567b930f74
+md5sum = 2eecc01a16f6ae156c3a7889eef42c34
--- a/software/caddy-frontend/instance-apache-frontend.cfg.in
+++ b/software/caddy-frontend/instance-apache-frontend.cfg.in
@@ -24,7 +24,6 @@ parts =
  promise-caddy-frontend-v6-http
  promise-caddy-frontend-cached
  promise-caddy-frontend-ssl-cached
-  promise-caddy-is-process-older-than-dependency-set

  trafficserver-launcher
  trafficserver-reload
@@ -61,7 +60,6 @@ log = ${:var}/log
 run = ${:var}/run
 service = ${:etc}/service
 etc-run = ${:etc}/run
-promise = ${:etc}/promise
 plugin = ${:etc}/plugin

 ca-dir = ${:srv}/ssl
@@ -261,7 +259,6 @@ extra-context =
    section caddy_configuration caddy-configuration
    key monitor_base_url monitor-instance-parameter:monitor-base-url 
    key plugin_directory directory:plugin
-    key promise_directory directory:promises
    key report_directory directory:bin
    key bin_directory :bin_directory
    key enable_http2_by_default configuration:enable-http2-by-default
@@ -634,11 +631,6 @@ name = caddy_ssl_cached.py
 config-hostname = {{ instance_parameter['ipv4-random'] }}
 config-port = ${caddy-configuration:ssl-cache-through-port}

-[promise-caddy-is-process-older-than-dependency-set]
-recipe = slapos.cookbook:wrapper
-command-line = {{ parameter_dict['bin_directory'] }}/is-process-older-than-dependency-set ${caddy-configuration:pid-file} 
-wrapper-path = ${directory:promise}/caddy-frontend-is-running-actual-software-release
-
 #######
 # Monitoring sections
 #

--- a/software/caddy-frontend/instance-kedifa.cfg.in
+++ b/software/caddy-frontend/instance-kedifa.cfg.in
@@ -222,6 +222,7 @@ hash-files = ${buildout:directory}/software_release/buildout.cfg
 {%-   do slave_dict.__setitem__('key-generate-auth-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}/generateauth' % (slave_reference,)) -%}
 {%-   do slave_dict.__setitem__('key-upload-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}?auth=' % (slave_reference,)) -%}
 {%-   do slave_dict.__setitem__('key-download-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}' % (slave_reference,)) -%}
+{%-   do slave_dict.__setitem__('kedifa-caucase-url', caucase_url ) -%}
 {%-   do slave_kedifa_information.__setitem__(slave_reference, slave_dict) %}
 [{{ slave_reference }}-auth-random-generate]
 recipe = plone.recipe.command

--- a/software/caddy-frontend/instance-output-schema.json
+++ b/software/caddy-frontend/instance-output-schema.json
@@ -54,6 +54,10 @@
      "description": "Certificate used to serve data on kedifa-csr_id-url.",
      "type": "string"
    },
+    "kedifa-caucase-url": {
+      "description": "Url to caucase used by KeDiFa.",
+      "type": "string"
+    },
    "caddy-frontend-N-csr_id-url": {
      "description": "URL on which frontend node number N publishes its csr_id sent to caucase.",
      "type": "string"
@@ -61,6 +65,14 @@
    "caddy-frontend-N-csr_id-certificate": {
      "description": "Certificate used to serve data on caddy-frontend-N-csr_id-url.",
      "type": "string"
+    },
+    "warning-slave-dict": {
+      "description": "Dict of slaves which got warnings. Keys are slave references, values are lists of warnings on slaves.",
+      "type": "array"
+    },
+    "warning-list": {
+      "description": "List of warning found during the request.",
+      "type": "array"
    }
  },
  "type": "object"

--- a/software/caddy-frontend/instance-slave-caddy-simplified-input-schema.json
+++ b/software/caddy-frontend/instance-slave-caddy-simplified-input-schema.json
@@ -96,7 +96,7 @@
      ],
      "title": "Prefer gzip Encoding for Backend",
      "type": "string"
-    },
+    }
  },
  "title": "Input Parameters",
  "type": "object"

--- a/software/caddy-frontend/instance-slave-output-schema.json
+++ b/software/caddy-frontend/instance-slave-output-schema.json
@@ -8,11 +8,11 @@
    },
    "key-generate-auth-url": {
      "description": "URL to GET once auth for key-upload-url",
-      "type": "array"
+      "type": "string"
    },
    "key-upload-url": {
      "description": "URL to PUT PEM bundle of certificate and key",
-      "type": "array"
+      "type": "string"
    },
    "log-access-url": {
      "description": "List of URLs to access logs",
@@ -41,6 +41,14 @@
    "request-error-list": {
      "description": "In case if slave has been rejected by master or has error in the request, the list contains information about each problem",
      "type": "array"
+    },
+    "warning-list": {
+      "description": "List of warning found during the request.",
+      "type": "array"
+    },
+    "kedifa-caucase-url": {
+      "description": "URL to caucase used by KeDiFa",
+      "type": "string"
    }
  },
  "type": "object"

--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -442,6 +442,13 @@ command-line = {{ kedifa_updater }}
 wrapper-path = {{ service_directory }}/kedifa-updater
 hash-files = ${buildout:directory}/software_release/buildout.cfg

+[kedifa-updater-run]
+recipe = plone.recipe.command
+# unfortunately slapos.cookbook:wrapper does not return generated wrapper path
+# so it is needed to access it via service directory globbing
+command = {{ service_directory }}/kedifa-updater* --once
+update-command = ${:command}
+
 [kedifa-updater-mapping]
 recipe = slapos.recipe.template:jinja2
 file = {{ kedifa_updater_mapping_file }}
@@ -466,6 +473,7 @@ extends =

 parts +=
    kedifa-updater
+    kedifa-updater-run
    caddy-log-access-header
 {% for part in part_list %}
 {{ '    %s' % part }}

--- a/software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
+++ b/software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
@@ -48,6 +48,7 @@
 {%     endif %}
 {%     do slave_information_dict[slave_reference].__setitem__('key-generate-auth-url', kedifa_dict['key-generate-auth-url']) %}
 {%     do slave_information_dict[slave_reference].__setitem__('key-upload-url', kedifa_dict['key-upload-url']) %}
+{%     do slave_information_dict[slave_reference].__setitem__('kedifa-caucase-url', kedifa_dict['kedifa-caucase-url']) %}
 {%   endif %}
 {% endfor %}


--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -469,6 +469,12 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
      base + r'\?auth=$'
    )

+    kedifa_caucase_url = parameter_dict.pop('kedifa-caucase-url')
+    self.assertEqual(
+      kedifa_caucase_url,
+      'http://[%s]:%s' % (SLAPOS_TEST_IPV6, CAUCASE_PORT),
+    )
+
    return generate_auth_url, upload_url

  def assertKeyWithPop(self, key, d):
@@ -546,8 +552,6 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
      {
        'monitor-base-url': None,
        'domain': 'None',
-        'kedifa-caucase-url': 'http://[%s]:%s' % (
-           SLAPOS_TEST_IPV6, CAUCASE_PORT),
        'accepted-slave-amount': '0',
        'rejected-slave-amount': '0',
        'slave-amount': '0',
@@ -580,8 +584,6 @@ class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin):
      {
        'monitor-base-url': None,
        'domain': 'example.com',
-        'kedifa-caucase-url': 'http://[%s]:%s' % (
-           SLAPOS_TEST_IPV6, CAUCASE_PORT),
        'accepted-slave-amount': '0',
        'rejected-slave-amount': '0',
        'slave-amount': '0',
@@ -744,7 +746,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
    # run partition for slaves to be setup
    cls.runComputerPartitionUntil(
      cls.untilSlavePartitionReady)
-    cls.runKedifaUpdater()
    # run once more slapos node instance, as kedifa-updater sets up
    # certificates needed for caddy-frontend, and on this moment it can be
    # not started yet
@@ -1230,8 +1231,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
      'accepted-slave-amount': '48',
      'rejected-slave-amount': '4',
      'slave-amount': '52',
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-        SLAPOS_TEST_IPV6, CAUCASE_PORT),
      'rejected-slave-dict': {
        "_apache_custom_http_s-rejected": ["slave not authorized"],
        "_caddy_custom_http_s": ["slave not authorized"],
@@ -3715,8 +3714,6 @@ class TestMalformedBackenUrlSlave(SlaveHttpFrontendTestCase,
      'domain': 'example.com',
      'accepted-slave-amount': '1',
      'rejected-slave-amount': '2',
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-         SLAPOS_TEST_IPV6, CAUCASE_PORT),
      'slave-amount': '3',
      'rejected-slave-dict': {
        '_https-url': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
@@ -3984,8 +3981,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
    expected_parameter_dict = {
      'monitor-base-url': None,
      'domain': 'example.com',
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-         SLAPOS_TEST_IPV6, CAUCASE_PORT),
      'accepted-slave-amount': '8',
      'rejected-slave-amount': '2',
      'slave-amount': '10',
@@ -4351,8 +4346,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
    expected_parameter_dict = {
      'monitor-base-url': None,
      'domain': 'example.com',
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-         SLAPOS_TEST_IPV6, CAUCASE_PORT),
      'accepted-slave-amount': '1',
      'rejected-slave-amount': '3',
      'slave-amount': '4',
@@ -4795,8 +4788,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
        u"_ssl_key-ssl_crt-unsafe":
        [u"slave ssl_key and ssl_crt does not match"]
      },
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-         SLAPOS_TEST_IPV6, CAUCASE_PORT),
      'warning-list': [
        u'apache-certificate is obsolete, please use master-key-upload-url',
        u'apache-key is obsolete, please use master-key-upload-url',
@@ -5480,8 +5471,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
      'rejected-slave-amount': '0',
      'rejected-slave-dict': {},
      'slave-amount': '1',
-      'kedifa-caucase-url': 'http://[%s]:%s' % (
-         SLAPOS_TEST_IPV6, CAUCASE_PORT),
      'warning-list': [
        u'apache-certificate is obsolete, please use master-key-upload-url',
        u'apache-key is obsolete, please use master-key-upload-url',
@@ -5532,7 +5521,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(

    })
    self.runComputerPartition(max_quantity=1)
-    self.runKedifaUpdater()

    result = self.fakeHTTPSResult(
      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')

--- a/software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
-T-3/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-3/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlave.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_promise_run_promise-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_promise_run_promise-CADDY.txt
-T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
 T-1/etc/promise/caucased: OK
-T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK
-T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK
\ No newline at end of file
--- a/software/monitor/software.cfg
+++ b/software/monitor/software.cfg
@@ -77,7 +77,6 @@ scripts =
  monitor.runpromise
  monitor.genstatus
  monitor.configwrite
-  is-process-older-than-dependency-set
  check-computer-memory

 [monitor-eggs]

--- a/software/slapos-master/buildout.hash.cfg
+++ b/software/slapos-master/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template-erp5]
 filename = instance-erp5.cfg.in
-md5sum = edf81a602137858cd5835c050ac6e08c
+md5sum = c4941a1c862474b71fd7255feb830299

 [template-balancer]
 filename = instance-balancer.cfg.in

--- a/software/slapos-master/instance-erp5.cfg.in
+++ b/software/slapos-master/instance-erp5.cfg.in
@@ -96,7 +96,7 @@ backup-caucased = ${:srv}/backup/caucased
 {{ request('memcached-volatile', 'kumofs', 'memcached', {'tcpv4-port': 2010, 'ram-storage-size': 64}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
 {{ request('mariadb', 'mariadb', 'mariadb', {'tcpv4-port': 2099, 'max-slowqueries-threshold': monitor_dict.get('max-slowqueries-threshold', 1000), 'slowest-query-threshold': monitor_dict.get('slowest-query-threshold', ''), 'test-database-amount': test_runner_total_database_count}, {'database-list': True, 'test-database-list': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
 {% if has_posftix -%}
-{{   request('smtp', 'postfix', 'smtp', {'tcpv4-port': 2025, 'smtpd-sasl-user': 'erp5@nowhere'}, key_config={'smtpd-sasl-password': 'publish-early:smtpd-sasl-password'}) }}
+{{   request('smtp', 'postfix', 'smtp', {'tcpv4-port': 2025, 'smtpd-sasl-user': 'erp5@nowhere'}, key_config={'smtpd-sasl-password': 'publish-early:smtpd-sasl-password', 'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
 {%- else %}
 [request-smtp]
 # Placeholder smtp service URL
@@ -135,7 +135,7 @@ connection-url = smtp://127.0.0.2:0/
 {%   endif -%}
 {% endfor -%}

-{% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%}
+
 {% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%}
 {% set zope_address_list_id_dict = {} -%}
 {% if zope_partition_dict -%}

--- a/stack/monitor/buildout.hash.cfg
+++ b/stack/monitor/buildout.hash.cfg
@@ -14,4 +14,4 @@
 # not need these here).
 [monitor2-template]
 filename = instance-monitor.cfg.jinja2.in
-md5sum = 8ba788b85f2649d8e0f8b9905edcf8a0
+md5sum = da5fa743dba8709dfdd9c2d474741de8
--- a/stack/monitor/instance-monitor.cfg.jinja2.in
+++ b/stack/monitor/instance-monitor.cfg.jinja2.in
@@ -228,11 +228,6 @@ input = inline:#!/bin/sh
 output = ${directory:bin}/xnice
 mode = 700

-[promise-monitor-httpd-is-process-older-than-dependency-set]
-recipe = slapos.cookbook:wrapper
-command-line = {{ bin_directory }}/is-process-older-than-dependency-set ${monitor-httpd-conf-parameter:pid-file}
-wrapper-path = ${directory:promises}/promise-monitor-httpd-is-process-older-than-dependency-set
-
 [monitor-globalstate-wrapper]
 recipe = slapos.cookbook:wrapper
 command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:rendered}'
@@ -411,7 +406,6 @@ depends =
  ${monitor-bootstrap-promise:name}
  ${monitor-symlink:recipe}
  ${promise-check-slapgrid:recipe}
-  ${promise-monitor-httpd-is-process-older-than-dependency-set:wrapper-path}
  ${logrotate-entry-monitor-httpd:name}
  ${logrotate-entry-monitor-data:name}
  ${logrotate-entry-monitor-promise-history:name}