slapos:master commitshttps://lab.nexedi.com/tomo/slapos/-/commits/master2024-03-19T10:28:49+01:00https://lab.nexedi.com/tomo/slapos/-/commit/3abbbd812e60bda342311093907af3b08310382cstack/slapos.cfg: version up zc.buildout and rubygemsrecipe2024-03-19T10:28:49+01:00Thomas Gambierthomas.gambier@nexedi.com
See:
<a href="https://lab.nexedi.com/nexedi/rubygemsrecipe/-/merge_requests/10" data-original="https://lab.nexedi.com/nexedi/rubygemsrecipe/-/merge_requests/10" data-link="false" data-link-reference="true" data-project="1274" data-merge-request="7626" data-project-path="nexedi/rubygemsrecipe" data-iid="10" data-mr-title="Adapt imports to moved path in slapos.recipe.build" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">nexedi/rubygemsrecipe!10</a>
<a href="https://lab.nexedi.com/nexedi/slapos.buildout/-/merge_requests/29" data-original="https://lab.nexedi.com/nexedi/slapos.buildout/-/merge_requests/29" data-link="false" data-link-reference="true" data-project="55" data-merge-request="7412" data-project-path="nexedi/slapos.buildout" data-iid="29" data-mr-title="Fix bootstrapping zc.buildout 3+ from older zc.buildout" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">nexedi/slapos.buildout!29</a>https://lab.nexedi.com/tomo/slapos/-/commit/a45c5d8969b061e0f50622cce67129ad14068352stack/slapos: version up slapos.recipe.cmmi 0.20, slapos.recipe.build 0.572024-03-19T11:07:58+09:00Jérome Perrinjerome@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/dae3ad0181105c86085bf4c3f35909af946c4c5eslapos.test: Test if software.cfg.json don't have duplicated entries2024-03-19T02:22:23+01:00Rafael Monneratrafael@nexedi.com
See merge request <a href="/nexedi/slapos/-/merge_requests/1552" data-original="nexedi/slapos!1552" data-link="false" data-link-reference="false" data-project="15" data-merge-request="7637" data-project-path="nexedi/slapos" data-iid="1552" data-mr-title="slapos.test: Test if software.cfg.json don't have duplicated entries" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!1552</a>https://lab.nexedi.com/tomo/slapos/-/commit/9bc6a32da6608102a3b28cd9fdcf0c143adbb241slapos.test: Test if software.cfg.json don't have duplicated entries2024-03-18T17:49:26+01:00Rafael Monneratrafael@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/f21c630f32d9a2b6d70fecd1afa1fd829dcaa07aslapos.test: Support more recent JSON Schema validators2024-03-18T17:49:25+01:00Rafael Monneratrafael@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/352479825300d15db1096cd4a678b9eed2675d05component/openssh: version up 9.7p1, including security fixes.2024-03-18T13:09:54+01:00Kazuhiko SHIOZAKIkazuhiko@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/281e4e029141954d57eb946ea12b73406561ce19component/libexpat: version up 2.6.2, including security fixes.2024-03-18T13:09:54+01:00Kazuhiko SHIOZAKIkazuhiko@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/683645021d53bf6c0930f28c775381b81b04bfbccomponent/curl: version up 8.6.0, including security fixes.2024-03-18T13:09:54+01:00Kazuhiko SHIOZAKIkazuhiko@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/567fb6aa74e95c146dbeb7d4ad32da104151da42component/tar: version up 1.35, including security fixes.2024-03-18T10:32:56+01:00Kazuhiko SHIOZAKIkazuhiko@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/32357948b55bf9b7099f94afd797288c3e60fe61software/ors-amarisoft: Add fixed-ips option for core network2024-03-15T09:10:11+01:00Thomas Gambierthomas.gambier@nexedi.com
This option will give fixed IP to each SIM card.https://lab.nexedi.com/tomo/slapos/-/commit/c1f2b72e3a171960fd92e3fad8111ef544516bdcsoftware/ors-amarisoft: render ue-db.cfg inside core-network buildout2024-03-15T09:10:11+01:00Thomas Gambierthomas.gambier@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/649249ca895162a7696a0bc53341fbab4c510024component/qjs-wrapper: v↑ qjs-wrapper (1.3 -> 2.0)2024-03-13T16:29:11+01:00Leo-Paul Geneauleo-paul.geneau@nexedi.com
component/mavsdk: v↑ mavsdk (0.39.0 -> 1.4.13)
component/gwsocket: add gwsocket websocket server
software/js-drone: add frontend for subscriber
software/js-drone: use WebSocket for subscriber
slapos/software: run quickjs as a servicehttps://lab.nexedi.com/tomo/slapos/-/commit/be75d8256fe89e37d505627a8ba44da888e4cc61rapid-cdn: Fix re6st-verification-url testing2024-03-12T10:13:22+01:00Łukasz Nowakluke@nexedi.com
* the default is already tested so drop TestRe6stVerificationUrlDefaultSlave
* use locally provided URL to check re6st-verification-url, to not depend
on external resources
<a href="/nexedi/slapos/-/merge_requests/1501" data-original="slapos!1501" data-link="false" data-link-reference="false" data-project="15" data-merge-request="7422" data-project-path="nexedi/slapos" data-iid="1501" data-mr-title="software/rapid-cdn: make re6st-verification-url optional" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!1501</a> did a good job with making default disabled, but during the code
review tests changes were not well checked.https://lab.nexedi.com/tomo/slapos/-/commit/00586554a2aafe3849eb2b037bfcfb0c26f2ea9arapid-cdn: fix failing test2024-03-12T08:32:53+01:00Titouan Soulardtitouan.soulard@rapid.space
logrotate test for the rapid-cdn SR have been failing for quite some
time because of a squid.log file created (and henceforth rotated) on
any slave instance of the CDN:
```
Traceback (most recent call last):
self.assertEqual(
AssertionError: Items in the second set but not the first:
'squid.log_10.0.160.212.20240306.23h57m09s-20240307.00h00m02s.old.xz'
```
Since we do not want to test this file in that specific test, this
commit instead loosely check the content of the rotated files
directory.
In other words, the test now checks for the presence of the two
files to be tested, but avoid failing if other files exist.
This goes in line with the two following lines of that same test,
loosely checking for file absence instead of an empty directory.
/cc <a href="/tomo" data-user="737" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Thomas Gambier">@tomo</a> <a href="/luke" data-user="302" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Łukasz Nowak">@luke</a>
/approved-by <a href="/luke" data-user="302" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Łukasz Nowak">@luke</a>
/reviewed-on <a href="/nexedi/slapos/-/merge_requests/1541" data-original="!1541" data-link="false" data-link-reference="false" data-project="15" data-merge-request="7598" data-project-path="nexedi/slapos" data-iid="1541" data-mr-title="rapid-cdn: fix failing test" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!1541</a>https://lab.nexedi.com/tomo/slapos/-/commit/de5e381d2e28a3a26b57f9d2200a3ba89de0d9a4mariadb: build without tests to save space2024-03-08T17:16:37+01:00Julien Muchembledjm@nexedi.com
This saves 380MB, by removing:
- bin/mysql_client_test (and the bin/mariadb-client-test symlink)
- mysql-test/https://lab.nexedi.com/tomo/slapos/-/commit/4468f182de7c49434ebac3ebbfce6eb433e96030As beremiz-runtime compiles PLC code at runtime it needs2024-03-08T15:20:34+01:00Ivan Tyagovivan@nexedi.com
See merge request <a href="/nexedi/slapos/-/merge_requests/1543" data-original="nexedi/slapos!1543" data-link="false" data-link-reference="false" data-project="15" data-merge-request="7601" data-project-path="nexedi/slapos" data-iid="1543" data-mr-title="As beremiz-runtime compiles PLC code at runtime it needs" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!1543</a>https://lab.nexedi.com/tomo/slapos/-/commit/e0a517837d10c4d5732d80efa22bd132be21672fAs beremiz-runtime compiles PLC code at runtime it needs2024-03-08T13:48:53+02:00Ivan Tyagovivan@nexedi.comOPENSSL's libraries in this case SlapOS ones.https://lab.nexedi.com/tomo/slapos/-/commit/4d14cd1b487c8d8a4bfbe75b1f3326e22464a4bbsoftware/beremiz-runtime: fix compilation2024-03-05T10:42:04+01:00Thomas Gambierthomas.gambier@nexedi.com
The SR didn't compile without libssl-dev package. Correctly use the
openssl lib from slapos.https://lab.nexedi.com/tomo/slapos/-/commit/ccbe9a265da3c3fa1da02db548aa441b61a72720stack/erp5: patch RestrictedPython to compile with print_function2024-03-01T23:10:05+09:00Jérome Perrinjerome@nexedi.com
Every restricted python code on python2 will be compiled as if it had
`from __future__ import print_function`, to ease transition away from
python2.
To update project code, 2to3 from python2.7 seems to do a good job.
Invoking like from the root of a repository rewrite all scripts:
2to3 --write --nobackups --no-diffs --fix=print .https://lab.nexedi.com/tomo/slapos/-/commit/a0d10c8442e98b4b9960024dc65e2821a04c37f4rapid-cdn: Fix redirect for standard ports2024-02-29T10:46:57+01:00Łukasz Nowakluke@nexedi.com
When the backend to redirect to uses scheme standard port it's cleaner to
redirect to URL without the port.
See <a href="https://www.rfc-editor.org/rfc/rfc9110.html#name-https-normalization-and-com" rel="nofollow noreferrer noopener" target="_blank">https://www.rfc-editor.org/rfc/rfc9110.html#name-https-normalization-and-com</a>:
"If the port is equal to the default port for a scheme, the normal form is to
omit the port subcomponent."https://lab.nexedi.com/tomo/slapos/-/commit/d096e4ef7ebff453e0924c1848b5e6c1580f9929rapid-cdn: Flake8ize test2024-02-29T10:46:57+01:00Łukasz Nowakluke@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/d33d2ec3c6d0103fe23f48bebddcd6acb31ef315software/slapos-master: update hashes2024-02-29T09:52:05+01:00Titouan Soulardtitouan.soulard@rapid.space
I forgot to update hashes after commits <a href="/nexedi/slapos/-/commit/b6959875cbf867e10a15f5a5008ded957a853e0d" data-original="b6959875cbf867e10a15f5a5008ded957a853e0d" data-link="false" data-link-reference="false" data-project="15" data-commit="b6959875cbf867e10a15f5a5008ded957a853e0d" data-reference-type="commit" data-container="body" data-placement="top" data-html="true" title="software/slapos-master: allow disabling CRL check (fixup)" class="gfm gfm-commit has-tooltip">b6959875</a> and <a href="/nexedi/slapos/-/commit/7906b01c522fdb5533f23b451d84cdf3cab328dc" data-original="7906b01c522fdb5533f23b451d84cdf3cab328dc" data-link="false" data-link-reference="false" data-project="15" data-commit="7906b01c522fdb5533f23b451d84cdf3cab328dc" data-reference-type="commit" data-container="body" data-placement="top" data-html="true" title="software/slapos-master: allow disabling CRL check" class="gfm gfm-commit has-tooltip">7906b01c</a>.
This commit solves the problem by updating slapos-master hashes.https://lab.nexedi.com/tomo/slapos/-/commit/b6959875cbf867e10a15f5a5008ded957a853e0dsoftware/slapos-master: allow disabling CRL check (fixup)2024-02-27T15:05:56+01:00Titouan Soulardtitouan.soulard@rapid.spacehttps://lab.nexedi.com/tomo/slapos/-/commit/dc649be11fa2ea8aa0fd05185551fac76e0c40b1software/ors-amarisoft: reindent test python files with 2 spaces2024-02-27T11:56:42+01:00Thomas Gambierthomas.gambier@nexedi.com
I used the following commands:
autopep8 test_ors.py --select=E101 --ignore=E121 --indent-size=2 --in-place
autopep8 test.py --select=E101 --ignore=E121 --indent-size=2 --in-placehttps://lab.nexedi.com/tomo/slapos/-/commit/7a904f23847bb13019090668efcf439e9e7dde54software/ors-amarisoft: cleanup trailing spaces2024-02-26T17:19:34+01:00Thomas Gambierthomas.gambier@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/7906b01c522fdb5533f23b451d84cdf3cab328dcsoftware/slapos-master: allow disabling CRL check2024-02-26T15:32:44+01:00Titouan Soulardtitouan.soulard@rapid.spacehttps://lab.nexedi.com/tomo/slapos/-/commit/31c5f1246bff1c51f489730eb4c6645a0e0703bdstack/erp5,software/slapos-master: remove unused traces of wsgi parameter2024-02-22T12:19:35+09:00Jérome Perrinjerome@nexedi.com
This parameter no longer exists, this was not removed correctlyhttps://lab.nexedi.com/tomo/slapos/-/commit/a21d8d031bfb33b4f8b03cbd80ac5b9e89ae9082erp5: restore ZODB using the --with-verify option of "repozo --recover"2024-02-22T11:22:00+09:00Nicolas Wavrantnicolas.wavrant@nexedi.com
"repozo --verify" is not working as this code expects it to: it simply
prints errors in stdout, and doesn't return an error code in case of
error. Thus, running it had absolutely no effect, except wasting IO
and CPU time.
This commit introduces the use of "repozo --recover --with-verify",
which runs the verify and the recover in a same step, and has the
advantage to raise (it doesn't exit with 0) in case of error. Also, as
it does the verification and the recovery at the same time, it uses
half the IO for the read. On a production server using SSDs, with a
ZODB of 1Tb, runner-import-restore now takes 14h instead of 26h, iow a
performance increase of 46%.https://lab.nexedi.com/tomo/slapos/-/commit/b9a6392d44c68da1b8a626eee0ed49033796d53derp5: Allow other software release provide custom default bt5 to install2024-02-21T13:31:52+01:00Rafael Monneratrafael@nexedi.com
See merge request <a href="/nexedi/slapos/-/merge_requests/1534" data-original="nexedi/slapos!1534" data-link="false" data-link-reference="false" data-project="15" data-merge-request="7540" data-project-path="nexedi/slapos" data-iid="1534" data-mr-title="erp5: Allow other software release provide custom default bt5 to install" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">nexedi/slapos!1534</a>https://lab.nexedi.com/tomo/slapos/-/commit/49a7f256ff89e44fbf6e8bf593aabe2017490f19erp5: Allow other software release provide custom default bt5 to install2024-02-20T14:27:56+01:00Rafael Monneratrafael@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/aed29e5976c9c5de1af188b22dbbbb19ef09d481component/python-pim-dm: correctly use cython to build pim-dm2024-02-19T09:32:35+01:00Thomas Gambierthomas.gambier@nexedi.com
This is needed since version up of pim-dm in <a href="/tsoulard/slapos/-/commit/cfb05d8219e77a16e92eb790e241e1dd220905b9" data-original="cfb05d8219e77a16e92eb790e241e1dd220905b9" data-link="false" data-link-reference="false" data-project="1657" data-commit="cfb05d8219e77a16e92eb790e241e1dd220905b9" data-reference-type="commit" data-container="body" data-placement="top" data-html="true" title="stack/slapos.cfg: version up pim-dm 1.4.0nxd002" class="gfm gfm-commit has-tooltip">cfb05d82</a>https://lab.nexedi.com/tomo/slapos/-/commit/ed138c6e6b4b75486c6d0bde8fce3990852581a9software/ors-amarisoft: MultiRU2024-02-18T05:57:01+00:00Kirill Smelkovkirr@nexedi.com
Hello up there. This merge-request brings in major update to ors-amarisoft
software release: first eNB is significantly restructured to prepare base for
further changes, and then we add support for working with multiple radio units
and multiple cells with all LTE/NR and FDD/TDD simultaneously. All kinds of
Carrier Aggregation - LTE+LTE, NR+NR and LTE+NR are now supported. All kinds of
Handover - Intra-ENB, Inter-ENB with LTE→NR and NR→LTE are now supported as
well. UE simulator is also updated to support multiple radio units, cells and
UEs. In the new system configuration of RU, CELL, PEERCELL, PEER and UE objects
are done via shared instances attached to the main eNB or UEsim instance.
Most of the parameters become runtime settings instead of being static choice
of particular software template. There is no longer multiple rendered
softwares - all that remain is
1. `software.cfg` for generic software, and
2. `software-ors.cfg` for ORS.
Switching to configuring things at runtime became possible because SlapOS Master
recently switched to new JSON-editor with support for `oneOf`, arrays and
conditionals - bits that make it possible to configure settings in the WEB UI
with multiple choices for e.g. RF mode, cell or radio unit type.
For ORS full backward compatibility is preserved via special proxy which
translates ORS input schema to configuration objects of the new generic eNB.
Since most our current ORS deployments are TDD, `software-tdd-ors.cfg` link to
`software-ors.cfg` is also provided to preserve backward compatibility at
software-release URL level for those instances.
eNB and gNB are merged along the way. Unittests are improved. JSON schemas
become primary source for defaults(*). Unnecessary parameters are removed and
are now computed automatically. For example it is no longer needed to
explicitly specify SSB NR-ARFCN for peer NR cell, or `txa0cc00_center_frequency`
for Lopcomm RU. `tx_gain` and `rx_gain` become generic parameters that
semantically apply uniformly to all Radio Units.
A protection against buildout code injection via specially-crafted references
of shared instances is installed. The problem was noticed because instantiation
was failing with spaces in the references - a condition that is present by
default on the testnodes. Solving the problem generally via custom "buildout
encoding" was not hard and probably the solution might be useful not only for
ors-amarisoft software release. Please see the patch `"Protect from buildout
code injection"` for details.
There are more minor enhancements and bug fixes in there.
Please see individual patches for details.
Kirill
/cc <a href="/jhuge" data-user="3135" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Joanne Hugé">@jhuge</a>, <a href="/lu.xu" data-user="1242" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Lu Xu">@lu.xu</a>, <a href="/xavier_thompson" data-user="3136" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Xavier Thompson">@xavier_thompson</a>, <a href="/Daetalus" data-user="50" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Boxiang Sun">@Daetalus</a>
/approved-by <a href="/tomo" data-user="737" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Thomas Gambier">@tomo</a>
/reviewed-on <a href="https://lab.nexedi.com/nexedi/slapos/-/merge_requests/1533" data-original="https://lab.nexedi.com/nexedi/slapos/-/merge_requests/1533" data-link="false" data-link-reference="true" data-project="15" data-merge-request="7525" data-project-path="nexedi/slapos" data-iid="1533" data-mr-title="software/ors-amarisoft: MultiRU" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!1533</a>
(*) this goes in line with similar design choice to make JSON schemas primary
source of defaults in Rapid-CDN: <a href="https://lab.nexedi.com/nexedi/slapos/-/merge_requests/1380" data-original="https://lab.nexedi.com/nexedi/slapos/-/merge_requests/1380" data-link="false" data-link-reference="true" data-project="15" data-merge-request="6692" data-project-path="nexedi/slapos" data-iid="1380" data-mr-title="WIP: Feature/rapid cdn clean cluster" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!1380</a> .https://lab.nexedi.com/tomo/slapos/-/commit/7989e6ce8a3b462b575ea9c2bf8047869707a968software/ors-amarisoft: Do not recreate slaptapX-* on every idempotent `slapo...2024-02-18T05:44:13+00:00Kirill Smelkovkirr@nexedi.com
To run tapsplit we use plone.recipe.command with both command and
update-command set to `tapsplit ...`. But tapsplit, when run, currently fully
recreates and reinitializes subtap interfaces, which leads to interfering with
running enb because subtap interfaces, that enb started to use, are removed.
This is not desirable behaviour.
What we need:
1) create subtap interfaces only once and keep them stable
2) until configuration changes which should lead to
* subtaps recreated, and
* enb restarted
3) if subtap interfaces disappear for any reason, recreate it
-> Rework tapsplit to keep its promise, that it "brings tap interface into state
with several children interfaces each covering part of original interface
address space", without recreating those children on every run and instead
doing any action only if their state is not what is desired.
In other words those interfaces now are only created when they do not exist
before. Addresses and routes are added only if they are not there before
tapsplit is run, etc.
After the patch the first run of tapsplit to split by 2 looks like
# ./pythonwitheggs ru/tapsplit slaptap16 2
slaptap16: split 2401:5180:0:66:a200::/71 by 2
preserve 2401:5180:0:66:a200::/73
-> slaptap16-1 2401:5180:0:66:a280::/73
# ip tuntap add dev slaptap16-1 mode tap user slapuser16
# ip link set slaptap16-1 up
# ip addr add 2401:5180:0:66:a280::/73 dev slaptap16-1 noprefixroute
# ip route add 2401:5180:0:66:a280::1 dev slaptap16-1
# ip route add 2401:5180:0:66:a280::/73 dev slaptap16-1 via 2401:5180:0:66:a280::1
-> slaptap16-2 2401:5180:0:66:a300::/73
# ip tuntap add dev slaptap16-2 mode tap user slapuser16
# ip link set slaptap16-2 up
# ip addr add 2401:5180:0:66:a300::/73 dev slaptap16-2 noprefixroute
# ip route add 2401:5180:0:66:a300::1 dev slaptap16-2
# ip route add 2401:5180:0:66:a300::/73 dev slaptap16-2 via 2401:5180:0:66:a300::1
The second run with the same arguments looks as
# ./pythonwitheggs ru/tapsplit slaptap16 2
slaptap16: split 2401:5180:0:66:a200::/71 by 2
preserve 2401:5180:0:66:a200::/73
-> slaptap16-1 2401:5180:0:66:a280::/73
# slaptap16-1: already exists
# slaptap16-1: already up
# slaptap16-1: already has 2401:5180:0:66:a280::/73 addr
# slaptap16-1: already has 2401:5180:0:66:a280::1 route
# slaptap16-1: already has 2401:5180:0:66:a280::/73 route
-> slaptap16-2 2401:5180:0:66:a300::/73
# slaptap16-2: already exists
# slaptap16-2: already up
# slaptap16-2: already has 2401:5180:0:66:a300::/73 addr
# slaptap16-2: already has 2401:5180:0:66:a300::1 route
# slaptap16-2: already has 2401:5180:0:66:a300::/73 route
where it could be seen that no actions had been taken.
And if, for example, the user manipulates slaptap16-2 and manually sets it
down, the third run restores it to desired 'UP' state and readds the address
and routes because the kernel removed them when link went down:
# ip -6 addr show dev slaptap16-2
157: slaptap16-2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
inet6 2401:5180:0:66:a300::/73 scope global tentative noprefixroute
valid_lft forever preferred_lft forever
# ip -6 route show dev slaptap16-2
2401:5180:0:66:a300::1 metric 1024 linkdown pref medium
2401:5180:0:66:a300::/73 via 2401:5180:0:66:a300::1 metric 1024 linkdown pref medium
# ip link set slaptap16-2 down
# ip -6 addr show dev slaptap16-2
# ip -6 route show dev slaptap16-2
# ./pythonwitheggs ru/tapsplit slaptap16 2
slaptap16: split 2401:5180:0:66:a200::/71 by 2
preserve 2401:5180:0:66:a200::/73
-> slaptap16-1 2401:5180:0:66:a280::/73
# slaptap16-1: already exists
# slaptap16-1: already up
# slaptap16-1: already has 2401:5180:0:66:a280::/73 addr
# slaptap16-1: already has 2401:5180:0:66:a280::1 route
# slaptap16-1: already has 2401:5180:0:66:a280::/73 route
-> slaptap16-2 2401:5180:0:66:a300::/73
# slaptap16-2: already exists
# ip link set slaptap16-2 up
# ip addr add 2401:5180:0:66:a300::/73 dev slaptap16-2 noprefixroute
# ip route add 2401:5180:0:66:a300::1 dev slaptap16-2
# ip route add 2401:5180:0:66:a300::/73 dev slaptap16-2 via 2401:5180:0:66:a300::1
The first version of this patch tried to solve the problem by setting
update-command to be noop instead of reworking tapsplit itself. But as Thomas
noted this does not satisfy requirement "3".
Amends <a href="/nexedi/slapos/-/commit/49ce8ef523c595195dfaeebd098f2616832a763a" data-original="49ce8ef5" data-link="false" data-link-reference="false" data-project="15" data-commit="49ce8ef523c595195dfaeebd098f2616832a763a" data-reference-type="commit" data-container="body" data-placement="top" data-html="true" title="software/ors-amarisoft: Provide dedicated TAP interface for each Radio Unit" class="gfm gfm-commit has-tooltip">49ce8ef5</a> (software/ors-amarisoft: Provide dedicated TAP interface for each Radio Unit)
/helped-by <a href="/tomo" data-user="737" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Thomas Gambier">@tomo</a>
/cc <a href="/jhuge" data-user="3135" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Joanne Hugé">@jhuge</a>, <a href="/lu.xu" data-user="1242" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Lu Xu">@lu.xu</a>, <a href="/xavier_thompson" data-user="3136" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Xavier Thompson">@xavier_thompson</a>, <a href="/Daetalus" data-user="50" data-reference-type="user" data-container="body" data-placement="top" data-html="true" class="gfm gfm-project_member" title="Boxiang Sun">@Daetalus</a>
/reviewed-on <a href="https://lab.nexedi.com/nexedi/slapos/-/merge_requests/1508" data-original="https://lab.nexedi.com/nexedi/slapos/-/merge_requests/1508" data-link="false" data-link-reference="true" data-project="15" data-merge-request="7440" data-project-path="nexedi/slapos" data-iid="1508" data-mr-title="software/ors-amarisoft: Do not recreate slaptapX-* on every idempotent `slapos node instance` run" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">!1508</a>https://lab.nexedi.com/tomo/slapos/-/commit/7ff438246c0e596554212f87766df6b21dddcb46ERP5: Move frontend virtualhost logic on backend2024-02-16T15:40:49+01:00Jérome Perrinjerome@nexedi.com
- use caucase for balancer certificate
- move virtual host logic on the backend
- change "frontend" parameter to request "" type (and no longer "zope")
See merge request <a href="/nexedi/slapos/-/merge_requests/1504" data-original="nexedi/slapos!1504" data-link="false" data-link-reference="false" data-project="15" data-merge-request="7426" data-project-path="nexedi/slapos" data-iid="1504" data-mr-title="ERP5: Move frontend virtualhost logic on backend" data-reference-type="merge_request" data-container="body" data-placement="top" data-html="true" title="" class="gfm gfm-merge_request">nexedi/slapos!1504</a>https://lab.nexedi.com/tomo/slapos/-/commit/6e735808469a5e030653d62b32b02ce6f9347ee5stack/erp5: implement Zope's rewrite rules in ERP5 balancer partition2024-02-16T23:40:07+09:00Jérome Perrinjerome@nexedi.com
The strategy for compatibility is that:
- haproxy still listen on the same port as before, without rewrite rule.
This is called "legacy" port.
- for each frontend from request parameters, we introduce an haproxy
frontend with a rewrite for the corresponding `internal-path`
parameter.
- the shared frontend instance is updated to use this new frontend
entry from haproxy. This will cause a small downtime until the shared
frontend is updated to the new URL on ERP5, but since this feature
was not used, it's OK.
Technical details are that we:
- split haproxy config to have frontends and backends.
- introduce one frontend in haproxy for each frontend from request
parameters.
- routing-rule-list argument is still honored the same way, globally
and after path from frontend.
- change the shared frontend requests to use "" type, no longer "zope"
type.
- we don't do automatic detection of /VirtualHostRoot in URL but always
add it, because it could be used to trick zope into thinking it
serves requests for an arbitrary host and do open redirects
- before using the request's host header in virtualhost path, we check
that it does not contain /, to prevent injection of virutalhost path
elements through the host header.
- we don't use the "path" parameter from shared frontend, because we
want the frontend to be simple, so we don't want it to rewrite the
request path (which is also the reason why we deprecated "zope" type)
- the tests have changed a lot, because they were using what's now the
"legacy" URL types, so we updated it to use the new URL types with
all the /VirtualHostRoot/../ in path and also because they use IPv6
URL, no longer IPv4https://lab.nexedi.com/tomo/slapos/-/commit/5b3fc1f2a64b6d9518adf8bd7cea844a149c1b01stack/erp5: backport zope fix for IPv6 redirects2024-02-16T23:40:04+09:00Jérome Perrinjerome@nexedi.comhttps://lab.nexedi.com/tomo/slapos/-/commit/2fc522bf58e49de649f23864fdfce5b89817be70stack/erp5: use slapos.recipe.build to manage haproxy parameters2024-02-16T23:39:52+09:00Jérome Perrinjerome@nexedi.com
and save the already allocated ports in a state file, so that requesting
new families does not change already allocated ports.https://lab.nexedi.com/tomo/slapos/-/commit/d49914a68ab07269df844f6db1e7148054481470stack/erp5: use caucase managed certificate for balancer2024-02-16T23:39:35+09:00Jérome Perrinjerome@nexedi.com
This reverts commit <a href="/paul.graydon/slapos/-/commit/620c9332cd3c8f8b61f4930b69b63a67ad947a3c" data-original="620c9332c" data-link="false" data-link-reference="false" data-project="1717" data-commit="620c9332cd3c8f8b61f4930b69b63a67ad947a3c" data-reference-type="commit" data-container="body" data-placement="top" data-html="true" title="stack/erp5: stop using caucase managed certificate for balancer" class="gfm gfm-commit has-tooltip">620c9332</a> (stack/erp5: stop using caucase managed
certificate for balancer, 2020-11-10) with an updated design. We add a
caucase service for balancer in the balancer partition. The caucase
service from the root partition (that was not used) is removed.
The underlying idea is that the default configuration should use multiple
caucases with limited scope, here we have one caucase to manage the
certificate used by haproxy server in the balancer partition, so we put
one caucase to manage this certificate and the caucase is configured to
auto-accept one certificate only. The plan is that when we will add a
certificate for mariadb server, we'll add another caucase inside this
mariadb server.
For more advanced usage and also to support the cases where a new
certificate needs to be re-emitted for some reason, users can request
with an existing caucase URL. In that case, they will have to accept
the certificate requests.
Notable changes:
balancer/ssl/caucase-url is no longer documented in parameters, this is
an internal parameter, users can pass one global caucase service to
manage all partition
CAUCASE environment variable is no longer set when running zope. There
was no identified use case and with this new approach of multiple
caucases, the term "caucase" alone became ambiguous.https://lab.nexedi.com/tomo/slapos/-/commit/16c9df39837f85f8b5fbc73450959851689133b2stack/erp5: remove not used "backend-path"2024-02-16T23:39:29+09:00Jérome Perrinjerome@nexedi.com
This is not documented in schema and has no effect in erp5 (but this is
still used for slapos-master)https://lab.nexedi.com/tomo/slapos/-/commit/55449aca611894dfac36250b5614fad4347c25ecsoftware/erp5: describe the allowed formats for family and frontend names2024-02-16T23:39:26+09:00Jérome Perrinjerome@nexedi.com