caddy-frontend: Monitor backend connection on each slave

d40d3d53 · Łukasz Nowak · 8a0342e3 · d40d3d53 · d40d3d53 · d40d3d53
Commit d40d3d53 authored Jun 05, 2019 by Łukasz Nowak
11 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -30,7 +30,7 @@ md5sum = ef06c04a5aa33b103dc1d25d0dfe8217

 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 28e4da4b27a42bf8b8d261d45b3dfa58
+md5sum = aec6bb977304b5efebfb546ecbfb3341

 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in

--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -179,10 +179,14 @@ bytes = 8
 {% do slave_parameter_dict.__setitem__('certificate', certificate )%}

 {# Set ssl certificates for each slave #}
+{%   set ssl_proxy_ca_crt_file = None %}
 {%   for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
 {%     if cert_name in slave_instance %}
 {%       set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
 {%       set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
+{%       if cert_name == 'ssl_proxy_ca_crt' %}
+{%         set ssl_proxy_ca_crt_file = cert_file %}
+{%       endif %}
 {%       do part_list.append(cert_title) %}
 {%       do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
 {%       do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
@@ -269,6 +273,20 @@ extra-context =
 filename = {{ '%s.conf' % slave_reference }}
 {{ '\n' }}

+{%   for k in ['url', 'https-url'] %}
+{%     set v = slave_instance.get(k) %}
+{%     if v %}
+{%       set check_url_access_section_title = 'check-http-access-%s-%s' % (slave_instance.get('slave_reference'), k) %}
+{%       do part_list.append(check_url_access_section_title) %}
+[{{ check_url_access_section_title }}]
+<= promise-plugin-base
+module = check_http_access
+name = {{ check_url_access_section_title }}.py
+config-url = {{ v }}
+config-ssl-proxy-verify = {{ slave_instance.get('ssl-proxy-verify') }}
+config-ssl-proxy-ca-crt-file = {{ ssl_proxy_ca_crt_file or '' }}
+{%     endif %}
+{%   endfor %}

 {%   set check_error_log_section_title = 'check-%s-error-log-last-hour' % slave_instance.get('slave_reference') %}
 {%   do part_list.append(check_error_log_section_title) %}

--- a/software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_promise_run_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_promise_run_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-2/etc/plugin/caddy_ssl_cached.py: OK
 T-2/etc/plugin/check-_test-error-log-last-day.py: OK
 T-2/etc/plugin/check-_test-error-log-last-hour.py: OK
 T-2/etc/plugin/check-free-disk-space.py: OK
+T-2/etc/plugin/check-http-access-_test-url.py: OK
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py: OK
 T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
 T-2/etc/plugin/monitor-bootstrap-status.py: OK

--- a/software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_promise_run_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_promise_run_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-2/etc/plugin/caddy_ssl_cached.py: ERROR
 T-2/etc/plugin/check-_url-error-log-last-day.py: OK
 T-2/etc/plugin/check-_url-error-log-last-hour.py: OK
 T-2/etc/plugin/check-free-disk-space.py: OK
+T-2/etc/plugin/check-http-access-_url-url.py: OK
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py: OK
 T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
 T-2/etc/plugin/monitor-bootstrap-status.py: OK

--- a/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_promise_run_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_promise_run_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-2/etc/plugin/caddy_ssl_cached.py: ERROR
 T-2/etc/plugin/check-_replicate-error-log-last-day.py: OK
 T-2/etc/plugin/check-_replicate-error-log-last-hour.py: OK
 T-2/etc/plugin/check-free-disk-space.py: OK
+T-2/etc/plugin/check-http-access-_replicate-url.py: OK
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py: OK
 T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
 T-2/etc/plugin/monitor-bootstrap-status.py: OK
@@ -34,6 +35,7 @@ T-3/etc/plugin/caddy_ssl_cached.py: OK
 T-3/etc/plugin/check-_replicate-error-log-last-day.py: OK
 T-3/etc/plugin/check-_replicate-error-log-last-hour.py: OK
 T-3/etc/plugin/check-free-disk-space.py: OK
+T-3/etc/plugin/check-http-access-_replicate-url.py: OK
 T-3/etc/plugin/expose-csr_id-ip-port-listening.py: OK
 T-3/etc/plugin/frontend-caddy-configuration-promise.py: OK
 T-3/etc/plugin/monitor-bootstrap-status.py: OK

--- a/software/caddy-frontend/test/test_data/test.TestSlave.test_promise_run_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test_promise_run_plugin-CADDY.txt
@@ -115,6 +115,57 @@ T-2/etc/plugin/check-_type-zope-virtualhostroot-https-port-error-log-last-hour.p
 T-2/etc/plugin/check-_url_https-url-error-log-last-day.py: OK
 T-2/etc/plugin/check-_url_https-url-error-log-last-hour.py: OK
 T-2/etc/plugin/check-free-disk-space.py: OK
+T-2/etc/plugin/check-http-access-_Url-url.py: OK
+T-2/etc/plugin/check-http-access-_apache_custom_http_s-accepted-url.py: OK
+T-2/etc/plugin/check-http-access-_caddy_custom_http_s-accepted-url.py: OK
+T-2/etc/plugin/check-http-access-_custom_domain-url.py: OK
+T-2/etc/plugin/check-http-access-_custom_domain_ssl_crt_ssl_key-url.py: OK
+T-2/etc/plugin/check-http-access-_custom_domain_ssl_crt_ssl_key_ssl_ca_crt-url.py: OK
+T-2/etc/plugin/check-http-access-_custom_domain_wildcard-url.py: OK
+T-2/etc/plugin/check-http-access-_disabled-cookie-list-url.py: OK
+T-2/etc/plugin/check-http-access-_enable-http2-default-url.py: OK
+T-2/etc/plugin/check-http-access-_enable-http2-false-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-disable-no-cache-request-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-disable-no-cache-request-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-disable-via-header-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-disable-via-header-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify-unverified-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify-unverified-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-url.py: OK
+T-2/etc/plugin/check-http-access-_https-only-url.py: OK
+T-2/etc/plugin/check-http-access-_prefer-gzip-encoding-to-backend-url.py: OK
+T-2/etc/plugin/check-http-access-_server-alias-duplicated-url.py: OK
+T-2/etc/plugin/check-http-access-_server-alias-url.py: OK
+T-2/etc/plugin/check-http-access-_server-alias-wildcard-url.py: OK
+T-2/etc/plugin/check-http-access-_server-alias_custom_domain-duplicated-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl-proxy-verify-unverified-url.py: ERROR
+T-2/etc/plugin/check-http-access-_ssl-proxy-verify_ssl_proxy_ca_crt-unverified-url.py: ERROR
+T-2/etc/plugin/check-http-access-_ssl-proxy-verify_ssl_proxy_ca_crt-url.py: ERROR
+T-2/etc/plugin/check-http-access-_ssl_ca_crt_does_not_match-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl_ca_crt_garbage-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl_ca_crt_only-url.py: OK
+T-2/etc/plugin/check-http-access-_type-notebook-url.py: OK
+T-2/etc/plugin/check-http-access-_type-redirect-url.py: OK
+T-2/etc/plugin/check-http-access-_type-websocket-url.py: OK
+T-2/etc/plugin/check-http-access-_type-websocket-websocket-path-list-url.py: OK
+T-2/etc/plugin/check-http-access-_type-websocket-websocket-path-list-websocket-transparent-false-url.py: OK
+T-2/etc/plugin/check-http-access-_type-websocket-websocket-transparent-false-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-default-path-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-path-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-prefer-gzip-encoding-to-backend-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-ssl-proxy-verify-unverified-url.py: ERROR
+T-2/etc/plugin/check-http-access-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-url.py: ERROR
+T-2/etc/plugin/check-http-access-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-url.py: ERROR
+T-2/etc/plugin/check-http-access-_type-zope-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-virtualhostroot-http-port-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-virtualhostroot-https-port-url.py: OK
+T-2/etc/plugin/check-http-access-_url_https-url-https-url.py: OK
+T-2/etc/plugin/check-http-access-_url_https-url-url.py: OK
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py: OK
 T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
 T-2/etc/plugin/monitor-bootstrap-status.py: OK

--- a/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_promise_run_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_promise_run_plugin-CADDY.txt
@@ -35,6 +35,10 @@ T-2/etc/plugin/check-_virtualhostroot-http-port-unsafe-error-log-last-hour.py: O
 T-2/etc/plugin/check-_virtualhostroot-https-port-unsafe-error-log-last-day.py: OK
 T-2/etc/plugin/check-_virtualhostroot-https-port-unsafe-error-log-last-hour.py: OK
 T-2/etc/plugin/check-free-disk-space.py: OK
+T-2/etc/plugin/check-http-access-_default-path-unsafe-url.py: OK
+T-2/etc/plugin/check-http-access-_server-alias-same-url.py: OK
+T-2/etc/plugin/check-http-access-_virtualhostroot-http-port-unsafe-url.py: OK
+T-2/etc/plugin/check-http-access-_virtualhostroot-https-port-unsafe-url.py: OK
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py: OK
 T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
 T-2/etc/plugin/monitor-bootstrap-status.py: OK

--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_run_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_run_plugin-CADDY.txt
@@ -115,6 +115,57 @@ T-2/etc/plugin/check-_type-zope-virtualhostroot-https-port-error-log-last-hour.p
 T-2/etc/plugin/check-_url_https-url-error-log-last-day.py: OK
 T-2/etc/plugin/check-_url_https-url-error-log-last-hour.py: OK
 T-2/etc/plugin/check-free-disk-space.py: OK
+T-2/etc/plugin/check-http-access-_Url-url.py: OK
+T-2/etc/plugin/check-http-access-_apache_custom_http_s-accepted-url.py: OK
+T-2/etc/plugin/check-http-access-_caddy_custom_http_s-accepted-url.py: OK
+T-2/etc/plugin/check-http-access-_custom_domain-url.py: OK
+T-2/etc/plugin/check-http-access-_custom_domain_ssl_crt_ssl_key-url.py: OK
+T-2/etc/plugin/check-http-access-_custom_domain_ssl_crt_ssl_key_ssl_ca_crt-url.py: OK
+T-2/etc/plugin/check-http-access-_custom_domain_wildcard-url.py: OK
+T-2/etc/plugin/check-http-access-_disabled-cookie-list-url.py: OK
+T-2/etc/plugin/check-http-access-_enable-http2-default-url.py: OK
+T-2/etc/plugin/check-http-access-_enable-http2-false-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-disable-no-cache-request-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-disable-no-cache-request-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-disable-via-header-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-disable-via-header-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify-unverified-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify-unverified-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-https-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-url.py: OK
+T-2/etc/plugin/check-http-access-_enable_cache-url.py: OK
+T-2/etc/plugin/check-http-access-_https-only-url.py: OK
+T-2/etc/plugin/check-http-access-_prefer-gzip-encoding-to-backend-url.py: OK
+T-2/etc/plugin/check-http-access-_server-alias-duplicated-url.py: OK
+T-2/etc/plugin/check-http-access-_server-alias-url.py: OK
+T-2/etc/plugin/check-http-access-_server-alias-wildcard-url.py: OK
+T-2/etc/plugin/check-http-access-_server-alias_custom_domain-duplicated-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl-proxy-verify-unverified-url.py: ERROR
+T-2/etc/plugin/check-http-access-_ssl-proxy-verify_ssl_proxy_ca_crt-unverified-url.py: ERROR
+T-2/etc/plugin/check-http-access-_ssl-proxy-verify_ssl_proxy_ca_crt-url.py: ERROR
+T-2/etc/plugin/check-http-access-_ssl_ca_crt_does_not_match-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl_ca_crt_garbage-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl_ca_crt_only-url.py: OK
+T-2/etc/plugin/check-http-access-_type-notebook-url.py: OK
+T-2/etc/plugin/check-http-access-_type-redirect-url.py: OK
+T-2/etc/plugin/check-http-access-_type-websocket-url.py: OK
+T-2/etc/plugin/check-http-access-_type-websocket-websocket-path-list-url.py: OK
+T-2/etc/plugin/check-http-access-_type-websocket-websocket-path-list-websocket-transparent-false-url.py: OK
+T-2/etc/plugin/check-http-access-_type-websocket-websocket-transparent-false-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-default-path-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-path-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-prefer-gzip-encoding-to-backend-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-ssl-proxy-verify-unverified-url.py: ERROR
+T-2/etc/plugin/check-http-access-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-url.py: ERROR
+T-2/etc/plugin/check-http-access-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-url.py: ERROR
+T-2/etc/plugin/check-http-access-_type-zope-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-virtualhostroot-http-port-url.py: OK
+T-2/etc/plugin/check-http-access-_type-zope-virtualhostroot-https-port-url.py: OK
+T-2/etc/plugin/check-http-access-_url_https-url-https-url.py: OK
+T-2/etc/plugin/check-http-access-_url_https-url-url.py: OK
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py: OK
 T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
 T-2/etc/plugin/monitor-bootstrap-status.py: OK

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_promise_run_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_promise_run_plugin-CADDY.txt
@@ -40,6 +40,18 @@ T-2/etc/plugin/check-_type-notebook-ssl_from_slave-error-log-last-hour.py: OK
 T-2/etc/plugin/check-_type-notebook-ssl_from_slave_kedifa_overrides-error-log-last-day.py: OK
 T-2/etc/plugin/check-_type-notebook-ssl_from_slave_kedifa_overrides-error-log-last-hour.py: OK
 T-2/etc/plugin/check-free-disk-space.py: OK
+T-2/etc/plugin/check-http-access-_custom_domain_ssl_crt_ssl_key-url.py: OK
+T-2/etc/plugin/check-http-access-_custom_domain_ssl_crt_ssl_key_ssl_ca_crt-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl_ca_crt_does_not_match-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl_ca_crt_garbage-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl_from_master-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl_from_master_kedifa_overrides-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl_from_slave-url.py: OK
+T-2/etc/plugin/check-http-access-_ssl_from_slave_kedifa_overrides-url.py: OK
+T-2/etc/plugin/check-http-access-_type-notebook-ssl_from_master-url.py: OK
+T-2/etc/plugin/check-http-access-_type-notebook-ssl_from_master_kedifa_overrides-url.py: OK
+T-2/etc/plugin/check-http-access-_type-notebook-ssl_from_slave-url.py: OK
+T-2/etc/plugin/check-http-access-_type-notebook-ssl_from_slave_kedifa_overrides-url.py: OK
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py: OK
 T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
 T-2/etc/plugin/monitor-bootstrap-status.py: OK

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_promise_run_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_promise_run_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-2/etc/plugin/caddy_ssl_cached.py: ERROR
 T-2/etc/plugin/check-_ssl_from_master_kedifa_overrides_master_certificate-error-log-last-day.py: OK
 T-2/etc/plugin/check-_ssl_from_master_kedifa_overrides_master_certificate-error-log-last-hour.py: OK
 T-2/etc/plugin/check-free-disk-space.py: OK
+T-2/etc/plugin/check-http-access-_ssl_from_master_kedifa_overrides_master_certificate-url.py: OK
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py: OK
 T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
 T-2/etc/plugin/monitor-bootstrap-status.py: OK

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_promise_run_plugin-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_promise_run_plugin-CADDY.txt
@@ -18,6 +18,7 @@ T-2/etc/plugin/caddy_ssl_cached.py: ERROR
 T-2/etc/plugin/check-_ssl_from_master-error-log-last-day.py: OK
 T-2/etc/plugin/check-_ssl_from_master-error-log-last-hour.py: OK
 T-2/etc/plugin/check-free-disk-space.py: OK
+T-2/etc/plugin/check-http-access-_ssl_from_master-url.py: OK
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py: OK
 T-2/etc/plugin/frontend-caddy-configuration-promise.py: OK
 T-2/etc/plugin/monitor-bootstrap-status.py: OK