Update Release Candidate

slapos/recipe/librecipe/generic.py

@@ -26,6 +26,7 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 #
 ##############################################################################
+import errno
 import io
 import logging
 import os
@@ -33,6 +34,7 @@ import sys
 import inspect
 import re
 import shutil
+import stat
 import urllib
 import urlparse
 
@@ -92,9 +94,27 @@ class GenericBaseRecipe(object):
     """Create a file with content
 
     The parent directory should exists, else it would raise IOError"""
-    with open(name, 'w') as fileobject:
-      fileobject.write(content)
-      os.chmod(fileobject.name, mode)
+    if not isinstance(content, bytes):
+      content = content.encode('utf-8')
+    # Try to reuse existing file. This is particularly
+    # important to avoid excessive IO during update.
+    try:
+      with open(name, 'rb') as f:
+        if f.read(len(content)+1) == content:
+          if None is not mode != stat.S_IMODE(os.fstat(f.fileno()).st_mode):
+            os.fchmod(f.fileno(), mode)
+          return os.path.abspath(name)
+    except (IOError, OSError) as e:
+      pass
+    try:
+      os.unlink(name)
+    except OSError as e:
+      if e.errno != errno.ENOENT:
+        raise
+    with open(name, 'wb') as f:
+      if mode is not None:
+        os.fchmod(f.fileno(), mode)
+      f.write(content)
     return os.path.abspath(name)
 
   def createExecutable(self, name, content, mode=0700):

slapos/recipe/promise_plugin.py

@@ -24,18 +24,17 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 #
 ##############################################################################
-import json
 import re
 import logging, os
 import zc.buildout.easy_install
+from pprint import pformat
 from slapos.recipe.librecipe import GenericBaseRecipe
 
 script_template = '''# This script is auto generated by slapgrid, do not edit!
-import json
 import sys
 sys.path[0:0] = %(path)s
 
-extra_config_dict = json.loads("""%(config)s""", strict=False)
+extra_config_dict = %(config)s
 
 # We want to cleanup all imported modules from slapos namespace, because
 # they will conflict with slapos.core.
@@ -69,12 +68,9 @@ class Recipe(GenericBaseRecipe):
     """Return a mapping where to store generated working sets.
     from https://github.com/buildout/buildout/blob/master/zc.recipe.egg_/src/zc/recipe/egg/egg.py#L170
     """
-    cache_storage = getattr(
-      self.buildout,
-      self._WORKING_SET_CACHE_NAME,
-      None
-    )
-    if cache_storage is None:
+    try:
+      return getattr(self.buildout, self._WORKING_SET_CACHE_NAME)
+    except AttributeError:
       cache_storage = {}
       try:
         setattr(
@@ -83,29 +79,29 @@ class Recipe(GenericBaseRecipe):
           cache_storage
         )
       except AttributeError:
-        if type(self.buildout) == type({}):
-          # failed to set attribute in test mode, cache not used
-          pass
-        else:
+        if not isinstance(self.buildout, dict):
           raise
+        # failed to set attribute in test mode, cache not used
     return cache_storage
 
   def install(self):
     develop_eggs_dir = self.options['develop-eggs-directory']
     eggs_dir = self.options['eggs-directory']
-    egg_list = [
+    egg_list = tuple(
       egg.strip()
-      for egg in self.options['eggs'].split('\n')
+      for egg in self.options['eggs'].splitlines()
       if egg.strip()
-    ]
+    )
 
     cache_storage = self._get_cache_storage()
     cache_key = (
-      tuple(egg_list),
+      egg_list,
       eggs_dir,
       develop_eggs_dir,
     )
-    if cache_key not in cache_storage:
+    try:
+      working_set = cache_storage[cache_key]
+    except KeyError:
       if develop_eggs_dir and eggs_dir:
         working_set = zc.buildout.easy_install.working_set(
           egg_list,
@@ -114,8 +110,6 @@ class Recipe(GenericBaseRecipe):
         cache_storage[cache_key] = working_set
       else:
         working_set = set()
-    else:
-      working_set = cache_storage[cache_key]
 
     regex = r"^[\w_\-\.\s]+$"
     import_path = self.options.get('import', '').strip()
@@ -129,24 +123,14 @@ class Recipe(GenericBaseRecipe):
       if not re.search(regex, content_string):
         raise ValueError("Promise content %r is not valid" % content_string)
 
-    output = self.options['output']
-    mode = self.options.get('mode', '0644')
-    path_list = []
-    for dist in working_set:
-      path_list.append(dist.location)
-
-    config_dict = dict()
-    for key in self.options:
-      if key.startswith('config-'):
-        config_dict[key[7:]] = self.options[key]
-
-    option_dict = dict(path=json.dumps(path_list, indent=2),
-                       content=content_string,
-                       config=json.dumps(config_dict, indent=2, sort_keys=True))
-    with open(output, 'w') as f:
-      f.write(script_template % option_dict)
+    config_dict = {key[7:]: self.options[key]
+      for key in self.options
+      if key.startswith('config-')}
 
-    os.chmod(output, int(mode, 8))
-    return (output,)
+    return self.createFile(self.options['output'], script_template % {
+      'path': pformat([dist.location for dist in working_set], indent=2),
+      'content': content_string,
+      'config': pformat(config_dict, indent=2),
+      }, int(self.options.get('mode', '0644'), 8)),
 
   update = install

software/caddy-frontend/buildout.hash.cfg

@@ -26,7 +26,7 @@ md5sum = 72e8ff0773fd0325dcbe994786156570
 
 [template-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = ef06c04a5aa33b103dc1d25d0dfe8217
+md5sum = 99ec567c429ff82571d08818eaaed390
 
 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in

software/caddy-frontend/instance-apache-replicate.cfg.in

@@ -72,6 +72,7 @@ context =
 {% set authorized_slave_string_list = slapparameter_dict.pop('-frontend-authorized-slave-string', '').split() %}
 {% set authorized_slave_list = [] %}
 {% set rejected_slave_dict = {} %}
+{% set rejected_slave_title_dict = {} %}
 {% set warning_slave_dict = {} %}
 {% set used_host_list = [] %}
 {% set unauthorized_message = 'slave not authorized' %}
@@ -175,6 +176,7 @@ context =
 {%     do authorized_slave_list.append(slave) %}
 {%   else %}
 {%     do rejected_slave_dict.__setitem__(slave.get('slave_reference'), slave_error_list) %}
+{%     do rejected_slave_title_dict.__setitem__(slave.get('slave_title'), slave_error_list) %}
 {%   endif %}
 {%   if len(slave_warning_list) > 0 %}
 {%     do warning_slave_dict.__setitem__(slave.get('slave_reference'), slave_warning_list) %}
@@ -239,7 +241,8 @@ domain = {{ slapparameter_dict.get('domain') }}
 slave-amount = {{ slave_instance_list | length }}
 accepted-slave-amount = {{ authorized_slave_list | length }}
 rejected-slave-amount = {{ rejected_slave_dict | length }}
-rejected-slave-dict = {{ dumps(json_module.dumps(rejected_slave_dict)) }}
+rejected-slave-dict = {{ dumps(json_module.dumps(rejected_slave_title_dict)) }}
+rejected-slave-promise-url = ${rejected-slave-promise:config-url}
 master-key-upload-url = ${request-kedifa:connection-master-key-upload-url}
 master-key-generate-auth-url = ${request-kedifa:connection-master-key-generate-auth-url}
 kedifa-caucase-url = ${request-kedifa:connection-caucase-url}
@@ -463,6 +466,105 @@ update-command = ${:command}
 {% endfor %}
 {% endif %}
 
+[rejected-slave-json]
+recipe = slapos.recipe.template:jinja2
+filename = rejected-slave.json
+directory = ${directory:promise-output}
+rendered = ${:directory}/${:filename}
+template = {{ parameter_dict['template_empty'] }}
+{% if rejected_slave_title_dict %}
+content = {{ dumps(json_module.dumps(rejected_slave_title_dict, indent=2)) }}
+{% else %}
+content =
+{% endif %}
+context =
+  key content :content
+
+[directory]
+plugin = ${:etc}/plugin
+service = ${:etc}/service
+promise-output = ${:srv}/promise-output
+
+[rejected-slave-publish-configuration]
+ip = {{ instance_parameter['ipv6-random'] }}
+port = 14455
+
+[rejected-slave-publish]
+directory = ${rejected-slave-json:directory}
+url = https://${rejected-slave-password:user}:${rejected-slave-password:passwd}@[${rejected-slave-publish-configuration:ip}]:${rejected-slave-publish-configuration:port}/${rejected-slave-json:filename}
+recipe = slapos.cookbook:wrapper
+command-line = {{ parameter_dict['caddy'] }}
+  -conf ${rejected-slave-template:rendered}
+  -log stderr
+  -http2=true
+  -disable-http-challenge
+  -disable-tls-alpn-challenge
+  -root ${:directory}
+
+wrapper-path = ${directory:service}/rejected-slave-publish
+hash-files =
+  ${buildout:directory}/software_release/buildout.cfg
+  ${rejected-slave-template:rendered}
+  ${rejected-slave-certificate:certificate}
+
+[rejected-slave-certificate]
+recipe = plone.recipe.command
+certificate = ${directory:etc}/rejected-slave.pem
+key = ${:certificate}
+
+stop-on-error = True
+update-command = ${:command}
+command =
+  [ -f ${:certificate} ] && find ${:certificate} -type f -mtime +3 -delete
+  if ! [ -f ${:certificate} ] ; then
+    openssl req -new -newkey rsa:2048 -sha256 -subj \
+      "/CN=${rejected-slave-publish-configuration:ip}" \
+      -days 5 -nodes -x509 -keyout ${:certificate} -out ${:certificate}
+  fi
+
+[rejected-slave-password]
+recipe = slapos.cookbook:generate.password
+storage-path = ${directory:etc}/.rejected-slave.passwd
+bytes = 8
+user = admin
+
+[rejected-slave-template]
+recipe = slapos.recipe.template:jinja2
+template = inline:
+  https://:${rejected-slave-publish-configuration:port}/ {
+    basicauth / ${rejected-slave-password:user} ${rejected-slave-password:passwd}
+    tls ${rejected-slave-certificate:certificate} ${rejected-slave-certificate:key}
+    bind ${rejected-slave-publish-configuration:ip}
+    log stderr
+    errors stderr
+  }
+
+rendered = ${directory:etc}/Caddyfile-rejected-slave
+
+[promise-plugin-base]
+recipe = slapos.cookbook:promise.plugin
+eggs =
+  slapos.toolbox
+content =
+  from slapos.promise.plugin.${:module} import RunPromise
+output = ${directory:plugin}/${:name}
+
+[promise-rejected-slave-publish-ip-port]
+<= promise-plugin-base
+module = check_port_listening
+name = rejected-slave-publish-ip-port-listening.py
+config-hostname = ${rejected-slave-publish-configuration:ip}
+config-port = ${rejected-slave-publish-configuration:port}
+
+[rejected-slave-promise]
+<= promise-plugin-base
+module = check_port_listening
+module = check_file_state
+name = rejected-slave.py
+config-filename = ${rejected-slave-json:rendered}
+config-state = empty
+config-url = ${rejected-slave-publish:url}
+
 [buildout]
 extends =
   {{ common_profile }}
@@ -472,6 +574,8 @@ parts =
   publish-slave-information
   publish-information
   request-kedifa
+  rejected-slave-promise
+  promise-rejected-slave-publish-ip-port
 {% for part in part_list %}
 {{ '  %s' % part }}
 {% endfor %}

software/caddy-frontend/instance-caddy-input-schema.json

@@ -12,9 +12,9 @@
       "type": "integer"
     },
     "apache-certificate": {
-      "description": "SSL Certificate used by the server. Deprecated, please use master-key-upload-url.",
+      "description": "SSL Certificate used by the server. By appending to it CA certificate it is possible to use this field to replace not implemented apache-ca-certificate. Deprecated, please use master-key-upload-url.",
       "textarea": true,
-      "title": "[DEPRECATED] SSL Certificate",
+      "title": "[DEPRECATED] SSL Certificate, with optional CA certificate",
       "type": "string"
     },
     "apache-key": {

software/caddy-frontend/instance-slave-caddy-input-schema.json

@@ -168,6 +168,13 @@
       "textarea": true,
       "title": "[DEPRECATED] SSL Key",
       "type": "string"
+   },
+    "ssl_ca_crt": {
+      "default": "",
+      "description": "Content of the CA certificate file. Deprecated, please use key-upload-url.",
+      "textarea": true,
+      "title": "[DEPRECATED] SSL Certificate Authority's Certificate",
+      "type": "string"
     },
     "ssl_proxy_ca_crt": {
       "default": "",

software/caddy-frontend/test/test.py

@@ -258,6 +258,25 @@ print json.dumps(module.extra_config_dict)
 
 
 class TestDataMixin(object):
+  def assertRejectedSlavePromiseWithPop(self, parameter_dict):
+    rejected_slave_promise_url = parameter_dict.pop(
+      'rejected-slave-promise-url')
+
+    try:
+      result = requests.get(rejected_slave_promise_url, verify=False)
+      if result.text == '':
+        result_json = {}
+      else:
+        result_json = result.json()
+      self.assertEqual(
+        parameter_dict['rejected-slave-dict'],
+        result_json
+      )
+    except AssertionError:
+      raise
+    except Exception as e:
+      self.fail(e)
+
   @staticmethod
   def generateHashFromFiles(file_list):
     import hashlib
@@ -364,6 +383,16 @@ class TestDataMixin(object):
         'caddy-%s' % (partition_id)] = self.generateHashFromFiles(
         hash_file_list + [caddy_wrapper_path]
       )
+    for rejected_slave_publish_path in glob.glob(os.path.join(
+      self.instance_path, '*', 'etc', 'Caddyfile-rejected-slave')):
+      partition_id = rejected_slave_publish_path.split('/')[-3]
+      rejected_slave_pem_path = os.path.join(
+        self.instance_path, partition_id, 'etc', 'rejected-slave.pem')
+      hash_value_dict[
+        'rejected-slave-publish'
+      ] = self.generateHashFromFiles(
+        hash_file_list + [rejected_slave_publish_path, rejected_slave_pem_path]
+      )
 
     runtime_data = self.getTrimmedProcessInfo()
     self.assertTestData(runtime_data, hash_value_dict=hash_value_dict)
@@ -570,6 +599,7 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
     parameter_dict = self.parseConnectionParameterDict()
     self.assertKeyWithPop('monitor-setup-url', parameter_dict)
     self.assertKedifaKeysWithPop(parameter_dict, 'master-')
+    self.assertRejectedSlavePromiseWithPop(parameter_dict)
     self.assertEqual(
       {
         'monitor-base-url': None,
@@ -601,6 +631,7 @@ class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin):
     parameter_dict = self.parseConnectionParameterDict()
     self.assertKeyWithPop('monitor-setup-url', parameter_dict)
     self.assertKedifaKeysWithPop(parameter_dict, 'master-')
+    self.assertRejectedSlavePromiseWithPop(parameter_dict)
 
     self.assertEqual(
       {
@@ -1307,6 +1338,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     parameter_dict = self.parseConnectionParameterDict()
     self.assertKeyWithPop('monitor-setup-url', parameter_dict)
     self.assertKedifaKeysWithPop(parameter_dict, 'master-')
+    self.assertRejectedSlavePromiseWithPop(parameter_dict)
 
     expected_parameter_dict = {
       'monitor-base-url': None,
@@ -3801,6 +3833,7 @@ class TestMalformedBackenUrlSlave(SlaveHttpFrontendTestCase,
     parameter_dict = self.parseConnectionParameterDict()
     self.assertKeyWithPop('monitor-setup-url', parameter_dict)
     self.assertKedifaKeysWithPop(parameter_dict, 'master-')
+    self.assertRejectedSlavePromiseWithPop(parameter_dict)
 
     expected_parameter_dict = {
       'monitor-base-url': None,
@@ -4070,6 +4103,7 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
     parameter_dict = self.parseConnectionParameterDict()
     self.assertKeyWithPop('monitor-setup-url', parameter_dict)
     self.assertKedifaKeysWithPop(parameter_dict, 'master-')
+    self.assertRejectedSlavePromiseWithPop(parameter_dict)
 
     expected_parameter_dict = {
       'monitor-base-url': None,
@@ -4435,6 +4469,7 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
     parameter_dict = self.parseConnectionParameterDict()
     self.assertKeyWithPop('monitor-setup-url', parameter_dict)
     self.assertKedifaKeysWithPop(parameter_dict, 'master-')
+    self.assertRejectedSlavePromiseWithPop(parameter_dict)
 
     expected_parameter_dict = {
       'monitor-base-url': None,
@@ -4868,6 +4903,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
     parameter_dict = self.parseConnectionParameterDict()
     self.assertKeyWithPop('monitor-setup-url', parameter_dict)
     self.assertKedifaKeysWithPop(parameter_dict, 'master-')
+    self.assertRejectedSlavePromiseWithPop(parameter_dict)
 
     expected_parameter_dict = {
       'monitor-base-url': None,
@@ -5556,6 +5592,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
     parameter_dict = self.parseConnectionParameterDict()
     self.assertKeyWithPop('monitor-setup-url', parameter_dict)
     self.assertKedifaKeysWithPop(parameter_dict, 'master-')
+    self.assertRejectedSlavePromiseWithPop(parameter_dict)
 
     expected_parameter_dict = {
       'monitor-base-url': None,

software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch EXITED
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: ERROR
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: ERROR
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlave.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: ERROR
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestSlave.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: ERROR
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: ERROR
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: ERROR
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_promise_run_plugin-CADDY.txt

@@ -2,6 +2,8 @@ T-0/etc/plugin/buildout-T-0-status.py: OK
 T-0/etc/plugin/check-free-disk-space.py: OK
 T-0/etc/plugin/monitor-bootstrap-status.py: OK
 T-0/etc/plugin/monitor-httpd-listening-on-tcp.py: OK
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py: OK
+T-0/etc/plugin/rejected-slave.py: OK
 T-1/etc/plugin/buildout-T-1-status.py: OK
 T-1/etc/plugin/check-free-disk-space.py: OK
 T-1/etc/plugin/expose-csr_id-ip-port-listening.py: OK

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_supervisor_state-CADDY.txt

@@ -3,6 +3,7 @@ T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
 T-1:bootstrap-monitor EXITED
 T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING

software/kvm/buildout.hash.cfg

@@ -19,11 +19,11 @@ md5sum = 028b6a6456d744c11b1bb2c51ecd51b2
 
 [template-kvm]
 filename = instance-kvm.cfg.jinja2
-md5sum = c298aaa20a368ddc118b8bb22dc84dc3
+md5sum = 26a947c75792072a7b526cb18b617b10
 
 [template-kvm-cluster]
 filename = instance-kvm-cluster.cfg.jinja2.in
-md5sum = 63fa784d8946d0b6e3fbd6381e1ea9f4
+md5sum = 2bbee46d39aec87e92c8462efab292b6
 
 [template-kvm-resilient]
 filename = instance-kvm-resilient.cfg.jinja2

software/kvm/instance-kvm-cluster.cfg.jinja2.in

@@ -129,7 +129,12 @@ return =
   backend-url
 {% if str(use_nat).lower() == 'true' -%}
 {%   for port in nat_rules_list -%}
-{{ '  ' }}nat-rule-url-{{ port }}
+{%     if ':' in port -%}
+{%       set proto, port = port.split(':') -%}
+{%     else -%}
+{%       set proto, port = 'tcp', port -%}
+{%     endif -%}
+{{ '  ' }}nat-rule-url-{{proto}}-{{ port }}
 {%   endfor -%}
 {% endif -%}
 {{ '  ' }}monitor-base-url

software/kvm/instance-kvm.cfg.jinja2

@@ -444,7 +444,7 @@ maximum-extra-disk-amount = {{ disk_number }}
 {%       set external_port = 10000 + port|int() -%}
 nat-rule-port-{{proto}}-{{port}} = ${slap-network-information:global-ipv6} : ${6tunnel-{{proto}}-{{external_port}}:ipv6-port}
 {%       if slapparameter_dict.get('publish-nat-url', False) -%}
-nat-rule-url-{{port}} = [${slap-network-information:global-ipv6}]:${6tunnel-{{external_port}}:ipv6-port}
+nat-rule-url-{{proto}}-{{port}} = [${slap-network-information:global-ipv6}]:${6tunnel-{{proto}}-{{external_port}}:ipv6-port}
 {%       endif -%}
 {%     endfor -%}
 {%   endif -%}

software/neoppod/instance-common.cfg.in

@@ -22,6 +22,7 @@ context =
     key ipv6_set slap-configuration:ipv6
     key slapparameter_dict slap-configuration:configuration
     raw logrotate_cfg {{ template_logrotate_base }}
+    raw template_monitor {{ template_monitor }}
     raw bin_directory {{ bin_directory }}
     ${:extra-context}
 

software/neoppod/root-common.cfg.in

@@ -27,6 +27,7 @@ computer-id = ${slap-connection:computer-id}
 partition-id = ${slap-connection:partition-id}
 
 [buildout]
+extends = {{ template_monitor }}
 parts =
   publish
   {{ part_list | join('\n\t') }}

software/neoppod/software-common.cfg

@@ -8,6 +8,7 @@
 extends =
     ../../stack/slapos.cfg
     ../../stack/logrotate/buildout.cfg
+    ../../stack/monitor/buildout.cfg
     ../../component/cython-zstd/buildout.cfg
 #LXML
     ../../component/lxml-python/buildout.cfg
@@ -93,7 +94,7 @@ mode = 644
 recipe = slapos.recipe.template:jinja2
 template = ${:_profile_base_location_}/${:_buildout_section_name_}.cfg.in
 rendered = ${buildout:directory}/${:_buildout_section_name_}.cfg
-md5sum = b867ba222a436807954f732642fb116d
+md5sum = c0e22816537b56bceef0b4c2b40f6219
 context =
     key bin_directory buildout:bin-directory
     key develop_eggs_directory buildout:develop-eggs-directory
@@ -102,6 +103,7 @@ context =
     key neo_master instance-neo-master:target
     key neo instance-neo:target
     key template_logrotate_base template-logrotate-base:rendered
+    key template_monitor monitor2-template:rendered
     ${:adapter-context}
 adapter-context =
     key mariadb_location mariadb:location
@@ -109,7 +111,7 @@ adapter-context =
 
 [root-common]
 <= download-base-neo
-md5sum = f3259726bd5d824c569dc7db6b7d26a0
+md5sum = 66055aa82f9097c5301864c07e6e5d80
 
 [instance-neo-admin]
 <= download-base-neo

software/slapos-master/buildout.hash.cfg

@@ -14,11 +14,11 @@
 # not need these here).
 [template-erp5]
 filename = instance-erp5.cfg.in
-md5sum = c4941a1c862474b71fd7255feb830299
+md5sum = 0c929dcaba31e024d94c63c4aee181d6
 
 [template-balancer]
 filename = instance-balancer.cfg.in
-md5sum = 1a6a00153441d6a8e7ff9d27039e541e
+md5sum = b7504fcbd8eaecb91709abbcb5bcabe8
 
 [template-apache-backend-conf]
 filename = apache-backend.conf.in

software/slapos-master/instance-balancer.cfg.in

@@ -289,7 +289,6 @@ password = {{ slapparameter_dict['monitor-passwd'] }}
 
 [buildout]
 extends =
-  {{ logrotate_cfg }}
-  {{ parameter_dict['template-monitor'] }}
+  {{ template_monitor }}
 parts +=
   {{ part_list | join('\n  ') }}

software/slapos-master/instance-erp5.cfg.in

@@ -290,7 +290,7 @@ certs = ${:ca-dir}/certs
 newcerts = ${:ca-dir}/newcerts
 crl = ${:ca-dir}/crl
 
-[apache-certificate-authority]
+[{{root_common.section('apache-certificate-authority')}}]
 recipe = slapos.cookbook:certificate_authority
 openssl-binary = {{ openssl_location }}/bin/openssl
 ca-dir = ${directory:ca-dir}
@@ -308,7 +308,7 @@ company = {{ dumps(slapparameter_dict.get('company', 'Compagny')) }}
 
 # XXX - Big hack: Change access for certificate authority configuration
 #       To allow apache to read openssl.cnf in this folder
-[fix-ca-folder]
+[{{root_common.section('fix-ca-folder')}}]
 recipe = plone.recipe.command
 stop-on-error = true
 command =
@@ -457,14 +457,6 @@ monitor-httpd-port = 8386
 
 {{ root_common.common_section() }}
 
-[buildout]
-extends = {{ template_monitor }}
-
-parts +=
-  apache-certificate-authority
-  fix-ca-folder
-  monitor-base
-
 [monitor-conf-parameters]
 monitor-title = ERP5
 password = ${monitor-htpasswd:passwd}

software/slaprunner/buildout.hash.cfg

@@ -18,7 +18,7 @@ md5sum = c44a7481bb85e3258128afe3fcf23f44
 
 [template-runner]
 filename = instance-runner.cfg
-md5sum = 8882bc63d615d8a2cd6de3d32b1013e0
+md5sum = 8f1da15d78ed08d9904ae94844a6893d
 
 [template-runner-import-script]
 filename = template/runner-import.sh.jinja2

software/slaprunner/instance-runner.cfg

@@ -665,7 +665,7 @@ frontend-domain =
 slapos-repository = https://lab.nexedi.com/nexedi/slapos.git
 slapos-software =
 slapos-software-type =
-slapos-reference = master
+slapos-reference = 1.0
 auto-deploy = false
 auto-deploy-instance = true
 autorun = false

software/wendelin/software.cfg

@@ -78,20 +78,4 @@ branch = master
 [versions]
 msgpack = 0.6.1
 msgpack-numpy = 0.4.4.3
-wendelin.core = 0.12
-
-
-# Test Suite: WENDELIN-MASTER-DEV ran at 2019/06/17 07:35:10.410214 UTC
-#             0 failures, 0 errors, 10 total, status: PASS
-
-[erp5]
-revision = e1d23b8193a36661b0666f0f2a11f40aaded77af
-
-
-[wendelin]
-revision = 16647db28c5c209fc7205ca5e833c5eb6fa2f2c2
-
-
-[wendelin.core]
-revision = 7fd83b615a27c782f92cad7d83afaa19b14e7199
-
+wendelin.core = 0.13

stack/erp5/buildout.cfg

@@ -61,7 +61,6 @@ extends =
   ../../component/postfix/buildout.cfg
   ../../component/zbarlight/buildout.cfg
   ../../component/perl/buildout.cfg
-  ../monitor/buildout.cfg
   ../../stack/caucase/buildout.cfg
   ../../software/jupyter/software.cfg
   ../../software/neoppod/software-common.cfg
@@ -294,7 +293,6 @@ context =
     key template_kumofs template-kumofs:target
     key template_mariadb template-mariadb:target
     key template_mariadb_initial_setup template-mariadb-initial-setup:target
-    key template_monitor monitor2-template:rendered
     key template_my_cnf template-my-cnf:target
     key template_postfix template-postfix:target
     key template_postfix_aliases template-postfix-aliases:target

stack/erp5/buildout.hash.cfg

@@ -26,11 +26,11 @@ md5sum = d95e8500bdc72d1f40b97cc414656e7e
 
 [template-mariadb]
 filename = instance-mariadb.cfg.in
-md5sum = 2d687117150528fb5aad503874a1ad33
+md5sum = b2fea225fbeadcbf004eb2e2e3a68156
 
 [template-kumofs]
 filename = instance-kumofs.cfg.in
-md5sum = fe6ae121134a0e5bdb060073478be44e
+md5sum = 13315c109deab534b81e7a45e7320eea
 
 [template-zope-conf]
 filename = zope.conf.in
@@ -50,7 +50,7 @@ md5sum = dec33a617fa1b307c8ddb883efcfe3ce
 
 [template-postfix]
 filename = instance-postfix.cfg.in
-md5sum = d920170577b611f973145c5807b01fce
+md5sum = cbcb5f4c2885e3f2589770e76a422be7
 
 [template-postfix-master-cf]
 filename = postfix_master.cf.in
@@ -70,7 +70,7 @@ md5sum = c64f35f825200fe35328641b2b8e0fdd
 
 [template]
 filename = instance.cfg.in
-md5sum = 1f88fb841394a1d24b7cc01f966c7b21
+md5sum = f81f4c9881bf868882cd56fe6a769666
 
 [monitor-template-dummy]
 filename = dummy.cfg
@@ -78,19 +78,19 @@ md5sum = d41d8cd98f00b204e9800998ecf8427e
 
 [template-erp5]
 filename = instance-erp5.cfg.in
-md5sum = 4e03b3fba30162019eae76132555dcde
+md5sum = ff2f4d9f806fa783421d34204f2a74c8
 
 [template-zeo]
 filename = instance-zeo.cfg.in
-md5sum = d400c3d449ce437a0ded77ee3d5c5df2
+md5sum = 10a01b85c966ad9fe13bc981f1ddabe8
 
 [template-zope]
 filename = instance-zope.cfg.in
-md5sum = 5cbfcc02ffe6c2ae8cdf412134addd8f
+md5sum = d9da770b4a83a58db8637f0eba97f4e8
 
 [template-balancer]
 filename = instance-balancer.cfg.in
-md5sum = 3034ccaa76dbb94f4fe07150a4681843
+md5sum = 10c620e934397390dc9b737453aab387
 
 [template-haproxy-cfg]
 filename = haproxy.cfg.in

stack/erp5/instance-balancer.cfg.in

@@ -264,7 +264,6 @@ password = {{ slapparameter_dict['monitor-passwd'] }}
 
 [buildout]
 extends =
-  {{ logrotate_cfg }}
-  {{ parameter_dict['template-monitor'] }}
+  {{ template_monitor }}
 parts +=
   {{ part_list | join('\n  ') }}

stack/erp5/instance-erp5.cfg.in

@@ -414,12 +414,6 @@ monitor-httpd-port = 8386
 
 {{ root_common.common_section() }}
 
-[buildout]
-extends = {{ template_monitor }}
-
-parts +=
-  monitor-base
-
 [monitor-conf-parameters]
 monitor-title = ERP5
 password = ${monitor-htpasswd:passwd}

stack/erp5/instance-kumofs.cfg.in

 {% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
 [buildout]
 extends =
-  {{ logrotate_cfg }}
-  {{ parameter_dict['template-monitor'] }}
+  {{ template_monitor }}
 parts +=
   publish
   kumofs-instance

stack/erp5/instance-mariadb.cfg.in

@@ -362,7 +362,6 @@ password = {{ slapparameter_dict['monitor-passwd'] }}
 
 [buildout]
 extends =
-  {{ logrotate_cfg }}
-  {{ parameter_dict['template-monitor'] }}
+  {{ template_monitor }}
 parts +=
   {{ part_list | join('\n  ') }}

stack/erp5/instance-postfix.cfg.in

@@ -278,7 +278,6 @@ password = {{ slapparameter_dict['monitor-passwd'] }}
 
 [buildout]
 extends =
-    {{ logrotate_cfg }}
-    {{ parameter_dict['template-monitor'] }}
+    {{ template_monitor }}
 parts =
     {{ part_list | join('\n  ') }}

stack/erp5/instance-zeo.cfg.in

@@ -212,8 +212,7 @@ password = {{ slapparameter_dict['monitor-passwd'] }}
 
 [buildout]
 extends =
-  {{ logrotate_cfg }}
-  {{ parameter_dict['template-monitor'] }}
+  {{ template_monitor }}
 parts +=
   {{ part_list | join('\n  ') }}
   publish

stack/erp5/instance-zope.cfg.in

@@ -521,8 +521,7 @@ password = {{ slapparameter_dict['monitor-passwd'] }}
 
 [buildout]
 extends =
-  {{ logrotate_cfg }}
-  {{ parameter_dict['template-monitor'] }}
+  {{ template_monitor }}
 parts +=
   {{ '\n  '.join(part_list) }}
   publish

stack/erp5/instance.cfg.in

@@ -18,7 +18,6 @@ postfix-location = {{ postfix_location }}
 template-postfix-aliases = {{ template_postfix_aliases }}
 template-postfix-main-cf = {{ template_postfix_main_cf }}
 template-postfix-master-cf = {{ template_postfix_master_cf }}
-template-monitor = {{ dumps(template_monitor) }}
 
 [dynamic-template-postfix]
 < = jinja2-template-base
@@ -33,7 +32,6 @@ extra-context =
 default-cloudooo-url =  {{ dumps(default_cloudooo_url) }}
 jupyter-enable-default = {{ jupyter_enable_default }}
 local-bt5-repository = {{ ' '.join(local_bt5_repository.split()) }}
-template-monitor = {{ dumps(template_monitor) }}
 
 [context]
 root-common = {{ root_common }}
@@ -47,7 +45,6 @@ extra-context =
     key default_cloudooo_url dynamic-template-erp5-parameters:default-cloudooo-url
     key jupyter_enable_default dynamic-template-erp5-parameters:jupyter-enable-default
     key local_bt5_repository dynamic-template-erp5-parameters:local-bt5-repository
-    key template_monitor dynamic-template-erp5-parameters:template-monitor
     key openssl_location :openssl-location
     import urlparse urlparse
 import-list =
@@ -66,7 +63,6 @@ run-apachedex-location = {{ bin_directory }}/runApacheDex
 promise-check-apachedex-result = {{ bin_directory }}/check-apachedex-result
 template-haproxy-cfg = {{ template_haproxy_cfg }}
 template-apache-conf = {{ template_apache_conf }}
-template-monitor = {{ dumps(template_monitor) }}
 
 [dynamic-template-balancer]
 <= jinja2-template-base
@@ -80,7 +76,6 @@ import-list =
 
 [dynamic-template-zeo-parameters]
 <= default-dynamic-template-parameters
-template-monitor = {{ dumps(template_monitor) }}
 
 [dynamic-template-zeo]
 <= jinja2-template-base
@@ -105,7 +100,6 @@ jsl = {{ jsl_location }}
 link-binary = {{ dumps(zope_link_binary) }}
 userhosts = {{ userhosts_location }}
 site-zcml = {{ site_zcml }}
-template-monitor = {{ dumps(template_monitor) }}
 extra-path-list = {{ dumps(extra_path_list) }}
 matplotlibrc = {{ matplotlibrc_location }}
 erp5-location = {{ erp5_location }}
@@ -129,7 +123,6 @@ dcron-location = {{ dcron_location }}
 gzip-location = {{ gzip_location }}
 kumo-location = {{ kumo_location }}
 logrotate-location = {{ logrotate_location }}
-template-monitor = {{ dumps(template_monitor) }}
 
 [dynamic-template-kumofs]
 <= jinja2-template-base
@@ -154,7 +147,6 @@ mariadb-slow-query-report-script = {{ mariadb_slow_query_report_script }}
 mariadb-start-clone-from-backup = {{ mariadb_start_clone_from_backup }}
 promise-check-slow-queries-digest-result = {{ bin_directory }}/check-slow-queries-digest-result
 percona-tools-location = {{ percona_toolkit_location }}
-template-monitor = {{ template_monitor }}
 unixodbc-location = {{ unixodbc_location }}
 
 [dynamic-template-mariadb]

stack/monitor/buildout.hash.cfg

@@ -14,4 +14,4 @@
 # not need these here).
 [monitor2-template]
 filename = instance-monitor.cfg.jinja2.in
-md5sum = da5fa743dba8709dfdd9c2d474741de8
+md5sum = e713bc55b68e3102f20902abc9f34f4b

stack/monitor/instance-monitor.cfg.jinja2.in

@@ -97,7 +97,7 @@ parameter-file-path = ${monitor-instance-parameter:configuration-file-path}
 
 parameter-list =
   raw monitor-user ${monitor-instance-parameter:username}
-  htpasswd monitor-password ${httpd-monitor-htpasswd:password-file} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path}
+  htpasswd monitor-password ${monitor-htpasswd:storage-path} ${monitor-instance-parameter:username} ${httpd-monitor-htpasswd:htpasswd-path}
   file min-free-disk-MB ${promise-check-free-disk-space:config-threshold-file}
   ${monitor-instance-parameter:instance-configuration}
 # htpasswd entry:  htpasswd key password-file username htpasswd-file
@@ -147,17 +147,13 @@ bytes = 8
 [httpd-monitor-htpasswd]
 recipe = plone.recipe.command
 stop-on-error = true
-password-file = ${directory:etc}/.monitor_pwd
 htpasswd-path = ${monitor-directory:etc}/monitor-htpasswd
 # Keep multiple lines as password can end with newline char.
 command =
   if [ ! -s "${:htpasswd-path}" ]; then
-    {{ apache_location }}/bin/htpasswd -cb ${:htpasswd-path} ${:user} ${:password}
+    {{ apache_location }}/bin/htpasswd -cb ${:htpasswd-path} ${monitor-instance-parameter:username} ${monitor-instance-parameter:password}
   fi
-  if [ ! -s "${:password-file}" ]; then echo "${monitor-instance-parameter:password}" > ${:password-file}; fi
 update-command = ${:command}
-user = ${monitor-instance-parameter:username}
-password = ${monitor-instance-parameter:password}
 
 [monitor-symlink]
 recipe = cns.recipe.symlink
@@ -399,7 +395,6 @@ depends =
   ${cron-entry-logrotate:name}
   ${logrotate-entry-cron:name}
   ${certificate-authority-service:wrapper-path}
-  ${monitor-conf:rendered}
   ${start-monitor:wrapper-path}
   ${ca-monitor-httpd-service:wrapper-path}
   ${monitor-httpd-promise:name}

stack/slapos.cfg

@@ -140,9 +140,9 @@ slapos.extension.strip = 0.4
 slapos.extension.shared = 1.0
 slapos.libnetworkcache = 0.17
 slapos.rebootstrap = 4.1
-slapos.recipe.build = 0.40
+slapos.recipe.build = 0.41
 slapos.recipe.cmmi = 0.10
-slapos.toolbox = 0.92
+slapos.toolbox = 0.94
 stevedore = 1.21.0
 subprocess32 = 3.5.3
 unicodecsv = 0.14.1
@@ -154,7 +154,7 @@ paramiko = 2.1.3
 Flask = 0.12
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 GitPython = 2.1.11
 
 # Required by:
@@ -166,23 +166,23 @@ gitdb2 = 2.0.5
 smmap2 = 2.0.5
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 PyRSS2Gen = 1.1
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 apache-libcloud = 2.4.0
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 atomize = 0.2.0
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 croniter = 0.3.25
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 dnspython = 1.15.0
 
 # Required by:
@@ -190,11 +190,11 @@ dnspython = 1.15.0
 enum34 = 1.1.6
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 erp5.util = 0.4.51
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 feedparser = 5.2.1
 
 # Required by:
@@ -218,7 +218,7 @@ ipaddress = 1.0.18
 jsonschema = 3.0.0a3
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 lockfile = 0.12.2
 
 # Required by:
@@ -231,11 +231,11 @@ netifaces = 0.10.4
 packaging = 16.8
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 passlib = 1.7.1
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 pyasn1 = 0.4.5
 
 # Required by:
@@ -243,15 +243,15 @@ pyasn1 = 0.4.5
 pycparser = 2.17
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 pycurl = 7.43.0
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 python-dateutil = 2.7.3
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 rpdb = 0.1.5
 
 # Required by:
@@ -259,7 +259,7 @@ rpdb = 0.1.5
 supervisor = 3.3.3
 
 # Required by:
-# slapos.toolbox==0.92
+# slapos.toolbox==0.94
 tzlocal = 1.5.1
 
 # Required by: