1. 22 Jan, 2021 1 commit
  2. 15 Jan, 2021 1 commit
  3. 13 Jan, 2021 1 commit
  4. 07 Jan, 2021 1 commit
  5. 05 Jan, 2021 1 commit
  6. 03 Jan, 2021 1 commit
  7. 31 Dec, 2020 3 commits
  8. 28 Dec, 2020 2 commits
  9. 24 Dec, 2020 4 commits
  10. 23 Dec, 2020 1 commit
  11. 22 Dec, 2020 2 commits
  12. 21 Dec, 2020 4 commits
    • Jérome Perrin's avatar
      cafa2ec5
    • Jérome Perrin's avatar
      software/erp5: simple SlapOS upgrade test · 8a61ff90
      Jérome Perrin authored
      Confirms SlapOS ERP5 software release can be updated from
      a reference version to current version
      8a61ff90
    • Jérome Perrin's avatar
      stack/erp5: new promise to check software release URL of zope instances · a8271791
      Jérome Perrin authored
      When root instance is updated to a new software release URL, it will re-request
      all the instances with the new software release URL.
      To make sure the new root instance does not appear has ready when it is
      re-requested with new software release URL, introduce a promise that will check
      that the instances requested by the root instance have the same software
      release URL. For now we do this only for Zope instances, because they are
      stateless and restart automatically on configuration changes, unlike stateful
      instances like mariadb or ZEO that we don't restart automatically (yet ?).
      a8271791
    • Jérome Perrin's avatar
      stack/erp5: restart zopes on configuration changes · 59745322
      Jérome Perrin authored
      We are using this pattern for most of our services since several
      months without any issue, so let's also use it for zopes. This
      makes automatic upgrade possible.
      
      Also remove "zope running current products" promise, since we
      restart we no longer need to check this.
      59745322
  13. 17 Dec, 2020 2 commits
  14. 16 Dec, 2020 1 commit
  15. 15 Dec, 2020 2 commits
  16. 14 Dec, 2020 2 commits
  17. 10 Dec, 2020 1 commit
  18. 09 Dec, 2020 3 commits
  19. 07 Dec, 2020 5 commits
    • Kirill Smelkov's avatar
      Move wendelin.core from Wendelin to ERP5 · 7f877621
      Kirill Smelkov authored
      We are starting to use wendelin.core not only in Wendelin context.
      So it makes sense to have it installed in base ERP5, like we already do for
      example for NumPy and SciPy.
      
      /reviewed-by @rafael, @jp
      /reviewed-on nexedi/slapos!874
      7f877621
    • Kirill Smelkov's avatar
      wendelin.core: Always use git checkout for both release and development version · ad34ff4a
      Kirill Smelkov authored
      Having only one section [wendelin.core] instead of [wendelin.core] and
      [wendelin.core-dev] is easier to handle in "we want to use such and such
      particular version" scenarious without deciding in advance whether an SR needs
      to inherit from wendelin/software.cfg or wendelin/software-dev.cfg
      
      /reviewed-on nexedi/slapos!874
      ad34ff4a
    • Jérome Perrin's avatar
      stack/erp5: socat wrapper to get haproxy stats · 82a249b6
      Jérome Perrin authored
      haproxy can be controlled with this socket, so it might be useful
      to "expose" it - it's not really expose because we only use a
      UNIX socket.
      82a249b6
    • Jérome Perrin's avatar
      stack/erp5: leave apachedex reports with wrong microsecond timing for now · 06ce6b17
      Jérome Perrin authored
      The apachedex reports when produced on backend will be wrong, because haproxy
      logs timings in milliseconds and apachedex parses as microsecond, but as far as
      I know we produce reports from frontend logs, so it should not really affect
      our operations.
      06ce6b17
    • Jérome Perrin's avatar
      stack/erp5: remove httpd and use haproxy instead · 6a8f58c5
      Jérome Perrin authored
      Two main differences of haproxy are file format for certificates and logs.
      
      HAProxy also uses certificates in PEM format, but it expect its own server
      certificate and the key to be in the same file (although recent version seems
      to accept separate files, we don't use this now) and the CRL and CA certificates
      also all together in the same file.
      We change to use the same file for certificate and key and for CA and CRL, in
      the updater script we we build PEM files by containing all CA certificates and
      all CRL together.
      Also, since haproxy needs to be reloaded when certificate change, we run it in
      master-worker mode, with a pid file so that we can signal it to reload.
      
      For the logs, since haproxy does not log to file, we introduce a rsyslogd to
      log to a file. The log format is same as with httpd, except that timing are not
      in microseconds but in milliseconds - this did not seem to be configurable.
      This is a problem for apachedex reports on log, for that we plan to use an
      updated version of apachedex with support for `%{ms}T` for durations.
      
      HAProxy is configured with same timeouts, except:
       - "connect" timeout has been increased a bit (from 5 to 10s), because the
         comment "The connection should be immediate on LAN" was no longer true, now
         that haproxy is accessed from frontend.
       - the server entries for testrunner are a very long timeout (8h) because some
         ERP5 functional tests exceeed the 305s timeout.
      
      The SSL configuration is with current "modern" config from https://ssl-config.mozilla.org/
      
      Tests have been modified a bit, because haproxy uses HTTP/2.0 and not 1.1
      like httpd was doing several haproxy features (keep alive and gzip
      compression) are only available when backend uses HTTP/1.1, so we adjusted
      tests to use a 1.1 backend.
      
      There was also differences with logs, because of the time being in milliseconds.
      
      TestPublishedURLIsReachableMixin._checkERP5IsReachable was also updated, it
      was working by chance because when accessed behind httpd->haproxy->zope, zope
      was producing a redirect URL that was the URL of haproxy, which could be
      resolved by chance. This test was updated to access zope with a path that
      contains VirtualHostMonster magic, as the shared frontend ( with "zope" software
      type) is supposed to set.
      
      This should hopefuly solve the "502 Proxy Error" that we are observing with httpd.
      6a8f58c5
  20. 04 Dec, 2020 1 commit
  21. 03 Dec, 2020 1 commit