Commit 550acc12 by Łukasz Nowak

Update Release Candidate

2 parents 77a44a36 2a6967d6
Showing 70 changed files with 311 additions and 145 deletions
......@@ -26,6 +26,7 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import errno
import io
import logging
import os
......@@ -33,6 +34,7 @@ import sys
import inspect
import re
import shutil
import stat
import urllib
import urlparse
......@@ -92,9 +94,27 @@ class GenericBaseRecipe(object):
"""Create a file with content
The parent directory should exists, else it would raise IOError"""
with open(name, 'w') as fileobject:
fileobject.write(content)
os.chmod(fileobject.name, mode)
if not isinstance(content, bytes):
content = content.encode('utf-8')
# Try to reuse existing file. This is particularly
# important to avoid excessive IO during update.
try:
with open(name, 'rb') as f:
if f.read(len(content)+1) == content:
if None is not mode != stat.S_IMODE(os.fstat(f.fileno()).st_mode):
os.fchmod(f.fileno(), mode)
return os.path.abspath(name)
except (IOError, OSError) as e:
pass
try:
os.unlink(name)
except OSError as e:
if e.errno != errno.ENOENT:
raise
with open(name, 'wb') as f:
if mode is not None:
os.fchmod(f.fileno(), mode)
f.write(content)
return os.path.abspath(name)
def createExecutable(self, name, content, mode=0700):
......
......@@ -24,18 +24,17 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import json
import re
import logging, os
import zc.buildout.easy_install
from pprint import pformat
from slapos.recipe.librecipe import GenericBaseRecipe
script_template = '''# This script is auto generated by slapgrid, do not edit!
import json
import sys
sys.path[0:0] = %(path)s
extra_config_dict = json.loads("""%(config)s""", strict=False)
extra_config_dict = %(config)s
# We want to cleanup all imported modules from slapos namespace, because
# they will conflict with slapos.core.
......@@ -69,12 +68,9 @@ class Recipe(GenericBaseRecipe):
"""Return a mapping where to store generated working sets.
from https://github.com/buildout/buildout/blob/master/zc.recipe.egg_/src/zc/recipe/egg/egg.py#L170
"""
cache_storage = getattr(
self.buildout,
self._WORKING_SET_CACHE_NAME,
None
)
if cache_storage is None:
try:
return getattr(self.buildout, self._WORKING_SET_CACHE_NAME)
except AttributeError:
cache_storage = {}
try:
setattr(
......@@ -83,29 +79,29 @@ class Recipe(GenericBaseRecipe):
cache_storage
)
except AttributeError:
if type(self.buildout) == type({}):
# failed to set attribute in test mode, cache not used
pass
else:
if not isinstance(self.buildout, dict):
raise
# failed to set attribute in test mode, cache not used
return cache_storage
def install(self):
develop_eggs_dir = self.options['develop-eggs-directory']
eggs_dir = self.options['eggs-directory']
egg_list = [
egg_list = tuple(
egg.strip()
for egg in self.options['eggs'].split('\n')
for egg in self.options['eggs'].splitlines()
if egg.strip()
]
)
cache_storage = self._get_cache_storage()
cache_key = (
tuple(egg_list),
egg_list,
eggs_dir,
develop_eggs_dir,
)
if cache_key not in cache_storage:
try:
working_set = cache_storage[cache_key]
except KeyError:
if develop_eggs_dir and eggs_dir:
working_set = zc.buildout.easy_install.working_set(
egg_list,
......@@ -114,8 +110,6 @@ class Recipe(GenericBaseRecipe):
cache_storage[cache_key] = working_set
else:
working_set = set()
else:
working_set = cache_storage[cache_key]
regex = r"^[\w_\-\.\s]+$"
import_path = self.options.get('import', '').strip()
......@@ -129,24 +123,14 @@ class Recipe(GenericBaseRecipe):
if not re.search(regex, content_string):
raise ValueError("Promise content %r is not valid" % content_string)
output = self.options['output']
mode = self.options.get('mode', '0644')
path_list = []
for dist in working_set:
path_list.append(dist.location)
config_dict = dict()
for key in self.options:
if key.startswith('config-'):
config_dict[key[7:]] = self.options[key]
option_dict = dict(path=json.dumps(path_list, indent=2),
content=content_string,
config=json.dumps(config_dict, indent=2, sort_keys=True))
with open(output, 'w') as f:
f.write(script_template % option_dict)
config_dict = {key[7:]: self.options[key]
for key in self.options
if key.startswith('config-')}
os.chmod(output, int(mode, 8))
return (output,)
return self.createFile(self.options['output'], script_template % {
'path': pformat([dist.location for dist in working_set], indent=2),
'content': content_string,
'config': pformat(config_dict, indent=2),
}, int(self.options.get('mode', '0644'), 8)),
update = install
......@@ -26,7 +26,7 @@ md5sum = 72e8ff0773fd0325dcbe994786156570
[template-caddy-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = ef06c04a5aa33b103dc1d25d0dfe8217
md5sum = 99ec567c429ff82571d08818eaaed390
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
......
......@@ -72,6 +72,7 @@ context =
{% set authorized_slave_string_list = slapparameter_dict.pop('-frontend-authorized-slave-string', '').split() %}
{% set authorized_slave_list = [] %}
{% set rejected_slave_dict = {} %}
{% set rejected_slave_title_dict = {} %}
{% set warning_slave_dict = {} %}
{% set used_host_list = [] %}
{% set unauthorized_message = 'slave not authorized' %}
......@@ -175,6 +176,7 @@ context =
{% do authorized_slave_list.append(slave) %}
{% else %}
{% do rejected_slave_dict.__setitem__(slave.get('slave_reference'), slave_error_list) %}
{% do rejected_slave_title_dict.__setitem__(slave.get('slave_title'), slave_error_list) %}
{% endif %}
{% if len(slave_warning_list) > 0 %}
{% do warning_slave_dict.__setitem__(slave.get('slave_reference'), slave_warning_list) %}
......@@ -239,7 +241,8 @@ domain = {{ slapparameter_dict.get('domain') }}
slave-amount = {{ slave_instance_list | length }}
accepted-slave-amount = {{ authorized_slave_list | length }}
rejected-slave-amount = {{ rejected_slave_dict | length }}
rejected-slave-dict = {{ dumps(json_module.dumps(rejected_slave_dict)) }}
rejected-slave-dict = {{ dumps(json_module.dumps(rejected_slave_title_dict)) }}
rejected-slave-promise-url = ${rejected-slave-promise:config-url}
master-key-upload-url = ${request-kedifa:connection-master-key-upload-url}
master-key-generate-auth-url = ${request-kedifa:connection-master-key-generate-auth-url}
kedifa-caucase-url = ${request-kedifa:connection-caucase-url}
......@@ -463,6 +466,105 @@ update-command = ${:command}
{% endfor %}
{% endif %}
[rejected-slave-json]
recipe = slapos.recipe.template:jinja2
filename = rejected-slave.json
directory = ${directory:promise-output}
rendered = ${:directory}/${:filename}
template = {{ parameter_dict['template_empty'] }}
{% if rejected_slave_title_dict %}
content = {{ dumps(json_module.dumps(rejected_slave_title_dict, indent=2)) }}
{% else %}
content =
{% endif %}
context =
key content :content
[directory]
plugin = ${:etc}/plugin
service = ${:etc}/service
promise-output = ${:srv}/promise-output
[rejected-slave-publish-configuration]
ip = {{ instance_parameter['ipv6-random'] }}
port = 14455
[rejected-slave-publish]
directory = ${rejected-slave-json:directory}
url = https://${rejected-slave-password:user}:${rejected-slave-password:passwd}@[${rejected-slave-publish-configuration:ip}]:${rejected-slave-publish-configuration:port}/${rejected-slave-json:filename}
recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['caddy'] }}
-conf ${rejected-slave-template:rendered}
-log stderr
-http2=true
-disable-http-challenge
-disable-tls-alpn-challenge
-root ${:directory}
wrapper-path = ${directory:service}/rejected-slave-publish
hash-files =
${buildout:directory}/software_release/buildout.cfg
${rejected-slave-template:rendered}
${rejected-slave-certificate:certificate}
[rejected-slave-certificate]
recipe = plone.recipe.command
certificate = ${directory:etc}/rejected-slave.pem
key = ${:certificate}
stop-on-error = True
update-command = ${:command}
command =
[ -f ${:certificate} ] && find ${:certificate} -type f -mtime +3 -delete
if ! [ -f ${:certificate} ] ; then
openssl req -new -newkey rsa:2048 -sha256 -subj \
"/CN=${rejected-slave-publish-configuration:ip}" \
-days 5 -nodes -x509 -keyout ${:certificate} -out ${:certificate}
fi
[rejected-slave-password]
recipe = slapos.cookbook:generate.password
storage-path = ${directory:etc}/.rejected-slave.passwd
bytes = 8
user = admin
[rejected-slave-template]
recipe = slapos.recipe.template:jinja2
template = inline:
https://:${rejected-slave-publish-configuration:port}/ {
basicauth / ${rejected-slave-password:user} ${rejected-slave-password:passwd}
tls ${rejected-slave-certificate:certificate} ${rejected-slave-certificate:key}
bind ${rejected-slave-publish-configuration:ip}
log stderr
errors stderr
}
rendered = ${directory:etc}/Caddyfile-rejected-slave
[promise-plugin-base]
recipe = slapos.cookbook:promise.plugin
eggs =
slapos.toolbox
content =
from slapos.promise.plugin.${:module} import RunPromise
output = ${directory:plugin}/${:name}
[promise-rejected-slave-publish-ip-port]
<= promise-plugin-base
module = check_port_listening
name = rejected-slave-publish-ip-port-listening.py
config-hostname = ${rejected-slave-publish-configuration:ip}
config-port = ${rejected-slave-publish-configuration:port}
[rejected-slave-promise]
<= promise-plugin-base
module = check_port_listening
module = check_file_state
name = rejected-slave.py
config-filename = ${rejected-slave-json:rendered}
config-state = empty
config-url = ${rejected-slave-publish:url}
[buildout]
extends =
{{ common_profile }}
......@@ -472,6 +574,8 @@ parts =
publish-slave-information
publish-information
request-kedifa
rejected-slave-promise
promise-rejected-slave-publish-ip-port
{% for part in part_list %}
{{ ' %s' % part }}
{% endfor %}
......
......@@ -12,9 +12,9 @@
"type": "integer"
},
"apache-certificate": {
"description": "SSL Certificate used by the server. Deprecated, please use master-key-upload-url.",
"description": "SSL Certificate used by the server. By appending to it CA certificate it is possible to use this field to replace not implemented apache-ca-certificate. Deprecated, please use master-key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Certificate",
"title": "[DEPRECATED] SSL Certificate, with optional CA certificate",
"type": "string"
},
"apache-key": {
......
......@@ -168,6 +168,13 @@
"textarea": true,
"title": "[DEPRECATED] SSL Key",
"type": "string"
},
"ssl_ca_crt": {
"default": "",
"description": "Content of the CA certificate file. Deprecated, please use key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Certificate Authority's Certificate",
"type": "string"
},
"ssl_proxy_ca_crt": {
"default": "",
......
......@@ -258,6 +258,25 @@ print json.dumps(module.extra_config_dict)
class TestDataMixin(object):
def assertRejectedSlavePromiseWithPop(self, parameter_dict):
rejected_slave_promise_url = parameter_dict.pop(
'rejected-slave-promise-url')
try:
result = requests.get(rejected_slave_promise_url, verify=False)
if result.text == '':
result_json = {}
else:
result_json = result.json()
self.assertEqual(
parameter_dict['rejected-slave-dict'],
result_json
)
except AssertionError:
raise
except Exception as e:
self.fail(e)
@staticmethod
def generateHashFromFiles(file_list):
import hashlib
......@@ -364,6 +383,16 @@ class TestDataMixin(object):
'caddy-%s' % (partition_id)] = self.generateHashFromFiles(
hash_file_list + [caddy_wrapper_path]
)
for rejected_slave_publish_path in glob.glob(os.path.join(
self.instance_path, '*', 'etc', 'Caddyfile-rejected-slave')):
partition_id = rejected_slave_publish_path.split('/')[-3]
rejected_slave_pem_path = os.path.join(
self.instance_path, partition_id, 'etc', 'rejected-slave.pem')
hash_value_dict[
'rejected-slave-publish'
] = self.generateHashFromFiles(
hash_file_list + [rejected_slave_publish_path, rejected_slave_pem_path]
)
runtime_data = self.getTrimmedProcessInfo()
self.assertTestData(runtime_data, hash_value_dict=hash_value_dict)
......@@ -570,6 +599,7 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertRejectedSlavePromiseWithPop(parameter_dict)
self.assertEqual(
{
'monitor-base-url': None,
......@@ -601,6 +631,7 @@ class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin):
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertRejectedSlavePromiseWithPop(parameter_dict)
self.assertEqual(
{
......@@ -1307,6 +1338,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertRejectedSlavePromiseWithPop(parameter_dict)
expected_parameter_dict = {
'monitor-base-url': None,
......@@ -3801,6 +3833,7 @@ class TestMalformedBackenUrlSlave(SlaveHttpFrontendTestCase,
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertRejectedSlavePromiseWithPop(parameter_dict)
expected_parameter_dict = {
'monitor-base-url': None,
......@@ -4070,6 +4103,7 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertRejectedSlavePromiseWithPop(parameter_dict)
expected_parameter_dict = {
'monitor-base-url': None,
......@@ -4435,6 +4469,7 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertRejectedSlavePromiseWithPop(parameter_dict)
expected_parameter_dict = {
'monitor-base-url': None,
......@@ -4868,6 +4903,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertRejectedSlavePromiseWithPop(parameter_dict)
expected_parameter_dict = {
'monitor-base-url': None,
......@@ -5556,6 +5592,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
parameter_dict = self.parseConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertRejectedSlavePromiseWithPop(parameter_dict)
expected_parameter_dict = {
'monitor-base-url': None,
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch EXITED
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: ERROR
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: ERROR
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: ERROR
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: ERROR
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: ERROR
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: ERROR
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
T-0/etc/plugin/check-free-disk-space.py: OK
T-0/etc/plugin/monitor-bootstrap-status.py: OK
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
T-0/etc/plugin/rejected-slave.py: OK
T-1/etc/plugin/buildout-T-1-status.py: OK
T-1/etc/plugin/check-free-disk-space.py: OK
T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK
......
......@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
......
......@@ -19,11 +19,11 @@ md5sum = 028b6a6456d744c11b1bb2c51ecd51b2
[template-kvm]
filename = instance-kvm.cfg.jinja2
md5sum = c298aaa20a368ddc118b8bb22dc84dc3
md5sum = 26a947c75792072a7b526cb18b617b10
[template-kvm-cluster]
filename = instance-kvm-cluster.cfg.jinja2.in
md5sum = 63fa784d8946d0b6e3fbd6381e1ea9f4
md5sum = 2bbee46d39aec87e92c8462efab292b6
[template-kvm-resilient]
filename = instance-kvm-resilient.cfg.jinja2
......
......@@ -129,7 +129,12 @@ return =
backend-url
{% if str(use_nat).lower() == 'true' -%}
{% for port in nat_rules_list -%}
{{ ' ' }}nat-rule-url-{{ port }}
{% if ':' in port -%}
{% set proto, port = port.split(':') -%}
{% else -%}
{% set proto, port = 'tcp', port -%}
{% endif -%}
{{ ' ' }}nat-rule-url-{{proto}}-{{ port }}
{% endfor -%}
{% endif -%}
{{ ' ' }}monitor-base-url
......
......@@ -444,7 +444,7 @@ maximum-extra-disk-amount = {{ disk_number }}
{% set external_port = 10000 + port|int() -%}
nat-rule-port-{{proto}}-{{port}} = ${slap-network-information:global-ipv6} : ${6tunnel-{{proto}}-{{external_port}}:ipv6-port}
{% if slapparameter_dict.get('publish-nat-url', False) -%}
nat-rule-url-{{port}} = [${slap-network-information:global-ipv6}]:${6tunnel-{{external_port}}:ipv6-port}
nat-rule-url-{{proto}}-{{port}} = [${slap-network-information:global-ipv6}]:${6tunnel-{{proto}}-{{external_port}}:ipv6-port}
{% endif -%}
{% endfor -%}
{% endif -%}
......
......@@ -22,6 +22,7 @@ context =
key ipv6_set slap-configuration:ipv6
key slapparameter_dict slap-configuration:configuration
raw logrotate_cfg {{ template_logrotate_base }}
raw template_monitor {{ template_monitor }}