caddy-frontend: Switch to full CSR analysis

Instead of trusting CSR id published by the node which tries to join the
cluster add a tool which is able to compare exposed CSR with one in caucase
and then decide to accept node in the cluster. This tool does what usual user
would do, and it's logic implemented as a script leads to much simpler profiles.

For sake of clean profiles csr_id has been removed, except when it's used for
self joining of the user to the cluster.

software/caddy-frontend/buildout.hash.cfg

@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 
 [profile-caddy-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = 0950e09ad1f03f0789308f5f7a7eb1b8
+md5sum = 334d0613557849cdbdea769510ba0cca
 
 [profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = c5d1e235959a877b4f3157369c6f5e10
+md5sum = bd784414ab53978820a50242f125b8fd
 
 [profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = 9e77ca5d41541787f66a4e1872556418
+md5sum = cc3c94eefd5659c82df1c894226d6b08
 
 [profile-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
@@ -94,15 +94,15 @@ md5sum = 8c150e1e6c993708d31936742f3a7302
 
 [caddyprofiledeps-setup]
 filename = setup.py
-md5sum = 8e1c6c06c09beb921965b3ce98c67c9e
+md5sum = edc8cfd96d331f79648014b6a0e8d184
 
 [caddyprofiledeps-dummy]
 filename = caddyprofiledummy.py
-md5sum = 59cb33f11272ee09eccea74981d2304a
+md5sum = 119380238fd72436fbe54ac72af65491
 
 [profile-kedifa]
 filename = instance-kedifa.cfg.in
-md5sum = 483e834e689f9a943346683e4d81eab4
+md5sum = f29cf4e9591f8892430693a8915c5aba
 
 [template-backend-haproxy-rsyslogd-conf]
 _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in

software/caddy-frontend/caddyprofiledummy.py

+from __future__ import print_function
+
+import caucase.client
+import caucase.utils
+import os
+import ssl
+import sys
+import urllib
 import urlparse
 
+from cryptography import x509
+from cryptography.hazmat.primitives import serialization
+
 class Recipe(object):
   def __init__(self, *args, **kwargs):
     pass
@@ -19,3 +30,85 @@ def validate_netloc(netloc):
   else:
     hostname = parsed.hostname
   return netloc == '%s:%s' % (hostname, parsed.port)
+
+
+def _check_certificate(url, certificate):
+  parsed = urlparse.urlparse(url)
+  got_certificate = ssl.get_server_certificate((parsed.hostname, parsed.port))
+  if certificate.strip() != got_certificate.strip():
+    raise ValueError('Certificate for %s does not match expected one' % (url,))
+
+
+def _get_exposed_csr(url, certificate):
+  _check_certificate(url, certificate)
+  self_signed = ssl.create_default_context()
+  self_signed.check_hostname = False
+  self_signed.verify_mode = ssl.CERT_NONE
+  return urllib.urlopen(url, context=self_signed).read()
+
+
+def _get_caucase_client(ca_url, ca_crt, user_key):
+  return caucase.client.CaucaseClient(
+    ca_url=ca_url + '/cas',
+    ca_crt_pem_list=caucase.utils.getCertList(ca_crt),
+    user_key=user_key,
+  )
+
+
+def _get_caucase_csr_list(ca_url, ca_crt, user_key):
+  csr_list = []
+  for entry in _get_caucase_client(
+    ca_url, ca_crt, user_key).getPendingCertificateRequestList():
+    csr = caucase.utils.load_certificate_request(
+      caucase.utils.toBytes(entry['csr']))
+    csr_list.append({
+      'csr_id': entry['id'],
+      'csr': csr.public_bytes(serialization.Encoding.PEM).decode()
+    })
+  return csr_list
+
+
+def _csr_match(*csr_list):
+  number_list = set([])
+  for csr in csr_list:
+    number_list.add(
+      x509.load_pem_x509_csr(str(csr)).public_key().public_numbers())
+  return len(number_list) == 1
+
+
+def _sign_csr(ca_url, ca_crt, user_key, csr, csr_list):
+  signed = False
+  client = _get_caucase_client(ca_url, ca_crt, user_key)
+  for csr_entry in csr_list:
+    if _csr_match(csr, csr_entry['csr']):
+      client.createCertificate(int(csr_entry['csr_id']))
+      print('Signed csr with id %s' % (csr_entry['csr_id'],))
+      signed = True
+      break
+  return signed
+
+
+def _mark_done(filename):
+  with open(filename, 'w') as fh:
+    fh.write('done')
+  print('Marked file %s' % (filename,))
+
+
+def _is_done(filename):
+  if os.path.exists(filename):
+    return True
+  return False
+
+
+def smart_sign():
+  ca_url, ca_crt, done_file, user_key, csr_url, \
+    csr_url_certificate = sys.argv[1:]
+  if _is_done(done_file):
+    return
+  exposed_csr = _get_exposed_csr(csr_url, csr_url_certificate)
+  caucase_csr_list = _get_caucase_csr_list(ca_url, ca_crt, user_key)
+  if _sign_csr(
+    ca_url, ca_crt, user_key, exposed_csr, caucase_csr_list):
+    _mark_done(done_file)
+  else:
+    print('Failed to sign %s' % (csr_url,))

software/caddy-frontend/instance-apache-frontend.cfg.in

@@ -89,10 +89,10 @@ bbb-ssl-dir = ${:srv}/bbb-ssl
 
 frontend_cluster = ${:var}/frontend_cluster
 
-# csr_id publication
-csr_id = ${:srv}/csr_id
-certificate-csr_id = ${:etc}/certificate-csr_id
-expose-csr_id-var = ${:var}/expose-csr_id
+# CSR publication
+csr = ${:srv}/csr
+certificate-csr = ${:etc}/certificate-csr
+expose-csr-var = ${:var}/expose-csr
 
 # slave introspection
 slave-introspection-var = ${:var}/slave-introspection
@@ -295,8 +295,8 @@ extra-context =
     key master_key_download_url :master_key_download_url
     key autocert caddy-directory:autocert
     key caddy_log_directory caddy-directory:slave-log
-    key expose_csr_id_organization :organization
-    key expose_csr_id_organizational_unit :organizational-unit
+    key expose_csr_organization :organization
+    key expose_csr_organizational_unit :organizational-unit
     key global_ipv6 slap-configuration:ipv6-random
     key empty_template software-release-path:template-empty
     key template_default_slave_configuration software-release-path:template-default-slave-virtualhost

software/caddy-frontend/instance-apache-replicate.cfg.in

@@ -286,7 +286,7 @@ config-monitor-username = ${monitor-instance-parameter:username}
 config-monitor-password = ${monitor-htpasswd:passwd}
 
 software-type = {{frontend_type}}
-return = slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate backend-haproxy-statistic-url
+return = slave-instance-information-list monitor-base-url backend-client-csr-url kedifa-csr-url csr-certificate backend-haproxy-statistic-url
 
 {#- Send only needed parameters to frontend nodes #}
 {%- set base_node_configuration_dict = {} %}
@@ -362,15 +362,15 @@ warning-slave-dict = {{ dumps(json_module.dumps(warning_slave_dict, sort_keys=Tr
 {% if not aikc_enabled or not aibcc_enabled %}
 {% for frontend in frontend_list %}
   {% set section_part = '${request-' + frontend %}
-{{ frontend }}-csr_id-certificate = {{ section_part }}:connection-csr_id-certificate}
+{{ frontend }}-csr-certificate = {{ section_part }}:connection-csr-certificate}
 {% endfor %}
 {% endif %}
 {% if not aikc_enabled %}
-kedifa-csr_id-url = ${request-kedifa:connection-csr_id-url}
-kedifa-csr_id-certificate = ${request-kedifa:connection-csr_id-certificate}
+kedifa-csr-url = ${request-kedifa:connection-kedifa-csr-url}
+kedifa-csr-certificate = ${request-kedifa:connection-csr-certificate}
 {% for frontend in frontend_list %}
   {% set section_part = '${request-' + frontend %}
-{{ frontend }}-csr_id-url = {{ section_part }}:connection-csr_id-url}
+{{ frontend }}-kedifa-csr-url = {{ section_part }}:connection-kedifa-csr-url}
 {% endfor %}
 {% endif %}
 {% for frontend in frontend_list %}
@@ -380,7 +380,7 @@ kedifa-csr_id-certificate = ${request-kedifa:connection-csr_id-certificate}
 {% if not aibcc_enabled %}
 {% for frontend in frontend_list %}
   {% set section_part = '${request-' + frontend %}
-{{ frontend }}-backend-client-csr_id-url = {{ section_part }}:connection-backend-client-csr_id-url}
+{{ frontend }}-backend-client-csr-url = {{ section_part }}:connection-backend-client-csr-url}
 {% endfor %}
 {% endif %}
 
@@ -431,7 +431,7 @@ software-url = ${slap-connection:software-release-url}
 {% endif %}
 software-type = kedifa
 name = kedifa
-return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url csr_id-url csr_id-certificate  monitor-base-url
+return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate  monitor-base-url
 {% set sla_kedifa_key = "-sla-kedifa-" %}
 {% set sla_kedifa_key_length = sla_kedifa_key | length %}
 {% for key in slapparameter_dict.keys() %}
@@ -505,7 +505,6 @@ crl = ${directory:aikc}/crl.pem
 user-ca-certificate = ${directory:aikc}/user-ca-certificate.pem
 user-crl = ${directory:aikc}/user-crl.pem
 user-created = ${directory:aikc}/user-created
-csr_id = ${directory:aikc}/csr_id
 data_dir = ${directory:aikc}/caucase-updater
 
 [aikc-user-csr]
@@ -552,11 +551,12 @@ recipe = plone.recipe.command
 {#- The called command is smart enough to survive errors and retry #}
 stop-on-error = False
 update-command = ${:command}
+csr_id = ${directory:aikc}/csr_id
 command =
   if ! [ -f ${aikc-config:user-created} ] ; then
-    ${aikc-caucase-wrapper:rendered} --mode user --send-csr ${aikc-user-csr:csr} > ${aikc-config:csr_id} || exit 1
-    cut -d ' ' -f 1 ${aikc-config:csr_id} || exit 1
-    csr_id=`cut -d ' ' -f 1 ${aikc-config:csr_id}`
+    ${aikc-caucase-wrapper:rendered} --mode user --send-csr ${aikc-user-csr:csr} > ${:csr_id} || exit 1
+    cut -d ' ' -f 1 ${:csr_id} || exit 1
+    csr_id=`cut -d ' ' -f 1 ${:csr_id}`
     sleep 1
     ${aikc-caucase-wrapper:rendered} --mode user --get-crt $csr_id ${aikc-config:key} || exit 1
     touch ${aikc-config:user-created}
@@ -578,43 +578,17 @@ command =
 )}}
 
 
-[aikc-check-certificate]
-recipe = slapos.recipe.template:jinja2
-rendered = ${directory:bin}/aikc-check-certificate
-template = inline:
-  import sys
-  import ssl
-  import urlparse
-  certificate = sys.argv[2]
-  parsed = urlparse.urlparse(sys.argv[1])
-  got_certificate = ssl.get_server_certificate((parsed.hostname, parsed.port))
-  sys.exit(0) if certificate.strip() == got_certificate.strip() else sys.exit(1)
-
 {% for csr in frontend_list + ['kedifa'] %}
 [aikc-{{ csr }}-wrapper]
-{# jinja2 instead of wrapper is used with context to remove py'u' #}
-recipe = slapos.recipe.template:jinja2
-context =
-  key csr_id_url request-{{ csr }}:connection-csr_id-url
-  key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate
-template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
-  test -f ${directory:aikc}/{{ csr }}-done && exit 0
-  ${buildout:executable} ${aikc-check-certificate:rendered} \
-{# raw block to use context #}
-{% raw %}
-  {{ csr_id_url }} \
-  """{{ csr_id_certificate }}"""
-{% endraw %}
-  if [ $? = 0 ]; then
-    csr_id=`{{ software_parameter_dict['curl'] }}/bin/curl -s -k -g \
-{% raw %}
-  {{ csr_id_url }} \
-{% endraw %}
-  ` || exit 1
-    ${aikc-caucase-wrapper:rendered} --user-key ${aikc-config:key} --sign-csr $csr_id && touch ${directory:aikc}/{{ csr }}-done
-  fi
-rendered = ${directory:bin}/aikc-{{ csr }}-wrapper
-mode = 0700
+recipe = slapos.cookbook:wrapper
+wrapper-path = ${directory:bin}/aikc-{{ csr }}-wrapper
+command-line = {{ software_parameter_dict['smart_caucase_signer'] }}
+  ${aikc-config:caucase-url}
+  ${aikc-config:ca-certificate}
+  ${directory:aikc}/{{ csr }}-done
+  ${aikc-config:key}
+  ${request-{{ csr }}:connection-kedifa-csr-url}
+  "${request-{{ csr }}:connection-csr-certificate}"
 
 {% do part_list.append('aikc-%s' % (csr,)) %}
 [aikc-{{ csr }}]
@@ -622,7 +596,7 @@ recipe = plone.recipe.command
 {#- The called command is smart enough to survive errors and retry #}
 stop-on-error = False
 command =
-  ${aikc-{{ csr }}-wrapper:rendered}
+  ${aikc-{{ csr }}-wrapper:wrapper-path}
 update-command = ${:command}
 {% endfor %}
 {% endif %} {# if aikc_enabled #}
@@ -641,7 +615,6 @@ crl = ${directory:aibcc}/crl.pem
 user-ca-certificate = ${directory:aibcc}/user-ca-certificate.pem
 user-crl = ${directory:aibcc}/user-crl.pem
 user-created = ${directory:aibcc}/user-created
-csr_id = ${directory:aibcc}/csr_id
 data_dir = ${directory:aibcc}/caucase-updater
 
 [aibcc-user-csr]
@@ -668,6 +641,7 @@ recipe = slapos.recipe.template:jinja2
 context =
   key caucase_url aibcc-config:caucase-url
 template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
+
   exec {{ software_parameter_dict['bin_directory'] }}/caucase \
 {# raw block to use context #}
 {% raw %}
@@ -690,11 +664,12 @@ recipe = plone.recipe.command
 {#- XXX: Create promise #}
 stop-on-error = False
 update-command = ${:command}
+csr_id = ${directory:aibcc}/csr_id
 command =
   if ! [ -f ${aibcc-config:user-created} ] ; then
-    ${aibcc-caucase-wrapper:rendered} --mode user --send-csr ${aibcc-user-csr:csr} > ${aibcc-config:csr_id} || exit 1
-    cut -d ' ' -f 1 ${aibcc-config:csr_id} || exit 1
-    csr_id=`cut -d ' ' -f 1 ${aibcc-config:csr_id}`
+    ${aibcc-caucase-wrapper:rendered} --mode user --send-csr ${aibcc-user-csr:csr} > ${:csr_id} || exit 1
+    cut -d ' ' -f 1 ${:csr_id} || exit 1
+    csr_id=`cut -d ' ' -f 1 ${:csr_id}`
     sleep 1
     ${aibcc-caucase-wrapper:rendered} --mode user --get-crt $csr_id ${aibcc-config:key} || exit 1
     touch ${aibcc-config:user-created}
@@ -715,43 +690,17 @@ command =
      mode='user',
 )}}
 
-[aibcc-check-certificate]
-recipe = slapos.recipe.template:jinja2
-rendered = ${directory:bin}/aibcc-check-certificate
-template = inline:
-  import sys
-  import ssl
-  import urlparse
-  certificate = sys.argv[2]
-  parsed = urlparse.urlparse(sys.argv[1])
-  got_certificate = ssl.get_server_certificate((parsed.hostname, parsed.port))
-  sys.exit(0) if certificate.strip() == got_certificate.strip() else sys.exit(1)
-
 {% for csr in frontend_list %}
 [aibcc-{{ csr }}-wrapper]
-{# jinja2 instead of wrapper is used with context to remove py'u' #}
-recipe = slapos.recipe.template:jinja2
-context =
-  key csr_id_url request-{{ csr }}:connection-backend-client-csr_id-url
-  key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate
-template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
-  test -f ${directory:aibcc}/{{ csr }}-done && exit 0
-  ${buildout:executable} ${aibcc-check-certificate:rendered} \
-{# raw block to use context #}
-{% raw %}
-  {{ csr_id_url }} \
-  """{{ csr_id_certificate }}"""
-{% endraw %}
-  if [ $? = 0 ]; then
-    csr_id=`{{ software_parameter_dict['curl'] }}/bin/curl -s -k -g \
-{% raw %}
-  {{ csr_id_url }} \
-{% endraw %}
-  ` || exit 1
-    ${aibcc-caucase-wrapper:rendered} --user-key ${aibcc-config:key} --sign-csr $csr_id && touch ${directory:aibcc}/{{ csr }}-done
-  fi
-rendered = ${directory:bin}/aibcc-{{ csr }}-wrapper
-mode = 0700
+recipe = slapos.cookbook:wrapper
+wrapper-path = ${directory:bin}/aibcc-{{ csr }}-wrapper
+command-line = {{ software_parameter_dict['smart_caucase_signer'] }}
+  ${aibcc-config:caucase-url}
+  ${aibcc-config:ca-certificate}
+  ${directory:aibcc}/{{ csr }}-done
+  ${aibcc-config:key}
+  ${request-{{ csr }}:connection-backend-client-csr-url}
+  "${request-{{ csr }}:connection-csr-certificate}"
 
 {% do part_list.append('aibcc-%s' % (csr,)) %}
 [aibcc-{{ csr }}]
@@ -759,7 +708,7 @@ recipe = plone.recipe.command
 {#- The called command is smart enough to survive errors and retry #}
 stop-on-error = False
 command =
-  ${aibcc-{{ csr }}-wrapper:rendered}
+  ${aibcc-{{ csr }}-wrapper:wrapper-path}
 update-command = ${:command}
 {% endfor %}
 {% endif %} {# if aibcc_enabled #}

software/caddy-frontend/instance-caddy-input-schema.json

@@ -69,7 +69,7 @@
     },
     "automatic-internal-kedifa-caucase-csr": {
       "default": "true",
-      "description": "Automatically signs CSRs sent to KeDiFa's caucase, based on csr_id and matching certificate.",
+      "description": "Automatically signs CSRs sent to KeDiFa's caucase, based on CSR comparison.",
       "enum": [
         "true",
         "false"
@@ -79,7 +79,7 @@
     },
     "automatic-internal-backend-client-caucase-csr": {
       "default": "true",
-      "description": "Automatically signs CSRs sent to Backend Client's caucase, based on csr_id and matching certificate.",
+      "description": "Automatically signs CSRs sent to Backend Client's caucase, based on CSR comparison.",
       "enum": [
         "true",
         "false"

software/caddy-frontend/instance-kedifa.cfg.in

@@ -17,8 +17,7 @@ parts =
   caucased
   caucased-promise
   caucase-updater
-  expose-csr_id
-  promise-expose-csr_id-ip-port
+  promise-expose-csr-ip-port
   promise-logrotate-setup
 
 [monitor-instance-parameter]
@@ -74,10 +73,10 @@ backup-caucased = ${:backup}/caucased
 # reservation
 reservation = ${:srv}/reservation
 
-# csr_id publication
-csr_id = ${:srv}/csr_id
-certificate-csr_id = ${:var}/certificate-csr_id
-expose-csr_id-var = ${:var}/expose-csr_id
+# CSR publication
+csr = ${:srv}/csr
+certificate-csr = ${:var}/certificate-csr
+expose-csr-var = ${:var}/expose-csr
 
 [kedifa-csr]
 recipe = plone.recipe.command
@@ -113,30 +112,19 @@ stop-on-error = True
      template_csr='${kedifa-csr:template-csr}'
 )}}
 
-[store-csr_id]
+[store-csr]
 recipe = plone.recipe.command
-
-csr_id_path = ${directory:csr_id}/csr_id.txt
-csr_work_path = ${directory:tmp}/${:_buildout_section_name_}
-
+filename = csr.pem
+csr_path = ${directory:csr}/${:filename}
 stop-on-error = False
 update-command = ${:command}
 command =
-  [ -f {:csr_id_path} ] && exit 0
-  {{ software_parameter_dict['bin_directory'] }}/caucase \
-    --ca-url {{ caucase_url }} \
-    --ca-crt ${kedifa-config:ca-certificate} \
-    --crl ${kedifa-config:crl} \
-    --mode service \
-{#- XXX: Need to use caucase-updater-csr:csr, as there is no way to obatin csr_id from caucase-updater -#}
-{#- XXX: nor directly path to the generated CSR #}
-    --send-csr ${caucase-updater-csr:csr} > ${:csr_work_path} && \
-  cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path}
-
-[certificate-csr_id]
+  ln -sf ${caucase-updater-csr:csr} ${:csr_path}
+
+[certificate-csr]
 recipe = plone.recipe.command
-certificate = ${directory:certificate-csr_id}/certificate.pem
-key = ${directory:certificate-csr_id}/key.pem
+certificate = ${directory:certificate-csr}/certificate.pem
+key = ${directory:certificate-csr}/key.pem
 
 {#- Can be stopped on error, as does not rely on self provided service #}
 stop-on-error = True
@@ -148,22 +136,22 @@ command =
       -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
   fi
 
-[expose-csr_id-configuration]
+[expose-csr-configuration]
 ip = {{ instance_parameter_dict['ipv6-random'] }}
 port = 17000
-key = ${certificate-csr_id:key}
-certificate = ${certificate-csr_id:certificate}
-error-log = ${directory:log}/expose-csr_id.log
+key = ${certificate-csr:key}
+certificate = ${certificate-csr:certificate}
+error-log = ${directory:log}/expose-csr.log
 
-[expose-csr_id-template]
+[expose-csr-template]
 recipe = slapos.recipe.template:jinja2
-var = ${directory:expose-csr_id-var}
-pid = ${directory:var}/nginx-expose-csr_id.pid
-rendered = ${directory:etc}/nginx-expose-csr_id.conf
+var = ${directory:expose-csr-var}
+pid = ${directory:var}/nginx-expose-csr.pid
+rendered = ${directory:etc}/nginx-expose-csr.conf
 template = inline:
   daemon off;
   pid ${:pid};
-  error_log ${expose-csr_id-configuration:error-log};
+  error_log ${expose-csr-configuration:error-log};
   events {
   }
   http {
@@ -171,11 +159,11 @@ template = inline:
     server {
       server_name_in_redirect off;
       port_in_redirect off;
-      error_log ${expose-csr_id-configuration:error-log};
+      error_log ${expose-csr-configuration:error-log};
       access_log /dev/null;
-      listen [${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port} ssl;
-      ssl_certificate ${expose-csr_id-configuration:certificate};
-      ssl_certificate_key ${expose-csr_id-configuration:key};
+      listen [${expose-csr-configuration:ip}]:${expose-csr-configuration:port} ssl;
+      ssl_certificate ${expose-csr-configuration:certificate};
+      ssl_certificate_key ${expose-csr-configuration:key};
       default_type application/octet-stream;
       client_body_temp_path ${:var} 1 2;
       proxy_temp_path ${:var} 1 2;
@@ -184,7 +172,7 @@ template = inline:
       scgi_temp_path ${:var} 1 2;
 
       location / {
-        alias ${directory:csr_id}/;
+        alias ${directory:csr}/;
         autoindex off;
         sendfile on;
         sendfile_max_chunk 1m;
@@ -192,26 +180,26 @@ template = inline:
     }
   }
 
-[promise-expose-csr_id-ip-port]
+[promise-expose-csr-ip-port]
 <= monitor-promise-base
 promise = check_socket_listening
-name = expose-csr_id-ip-port-listening.py
-config-host = ${expose-csr_id-configuration:ip}
-config-port = ${expose-csr_id-configuration:port}
+name = expose-csr-ip-port-listening.py
+config-host = ${expose-csr-configuration:ip}
+config-port = ${expose-csr-configuration:port}
 
-[expose-csr_id]
-depends = ${store-csr_id:command}
+[expose-csr]
 recipe = slapos.cookbook:wrapper
 command-line = {{ software_parameter_dict['nginx'] }}
-  -c ${expose-csr_id-template:rendered}
+  -c ${expose-csr-template:rendered}
+url = https://[${expose-csr-configuration:ip}]:${expose-csr-configuration:port}
 
-wrapper-path = ${directory:service}/expose-csr_id
+wrapper-path = ${directory:service}/expose-csr
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 
-[get-csr_id-certificate]
+[get-csr-certificate]
 recipe = collective.recipe.shelloutput
 commands =
-  certificate = cat ${certificate-csr_id:certificate}
+  certificate = cat ${certificate-csr:certificate}
 
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
@@ -326,8 +314,8 @@ caucase-url = {{ caucase_url }}
 master-key-generate-auth-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}/generateauth
 master-key-upload-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}?auth=
 master-key-download-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}
-csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt
-csr_id-certificate = ${get-csr_id-certificate:certificate}
+kedifa-csr-url = ${expose-csr:url}/${store-csr:filename}
+csr-certificate = ${get-csr-certificate:certificate}
 monitor-base-url = ${monitor-instance-parameter:monitor-base-url}
 
 [promise-logrotate-setup]

software/caddy-frontend/instance-output-schema.json

@@ -46,24 +46,28 @@
       "description": "Total amount of Slaves allocated to the Instance (include blocked ones)",
       "type": "integer"
     },
-    "kedifa-csr_id-url": {
-      "description": "URL on which KeDiFa publishes its csr_id sent to caucase.",
+    "kedifa-csr-url": {
+      "description": "URL on which KeDiFa publishes its CSR sent to caucase.",
       "type": "string"
     },
-    "kedifa-csr_id-certificate": {
-      "description": "Certificate used to serve data on kedifa-csr_id-url.",
+    "kedifa-csr-certificate": {
+      "description": "Certificate used to serve data on kedifa-csr-url.",
       "type": "string"
     },
     "kedifa-caucase-url": {
       "description": "Url to caucase used by KeDiFa.",
       "type": "string"
     },
-    "caddy-frontend-N-csr_id-url": {
-      "description": "URL on which frontend node number N publishes its csr_id sent to caucase.",
+    "caddy-frontend-N-kedifa-csr-url": {
+      "description": "URL on which frontend node number N publishes its Kedifa CSR sent to caucase.",
       "type": "string"
     },
-    "caddy-frontend-N-csr_id-certificate": {
-      "description": "Certificate used to serve data on caddy-frontend-N-csr_id-url.",
+    "caddy-frontend-N-backend-client-csr-url": {
+      "description": "URL on which frontend node number N publishes its Backend Client CSR sent to caucase.",
+      "type": "string"
+    },
+    "caddy-frontend-N-csr-certificate": {
+      "description": "Certificate used to serve data on CSRs.",
       "type": "string"
     },
     "warning-slave-dict": {

software/caddy-frontend/setup.py

@@ -9,10 +9,14 @@ setup(
     'validators',
     'furl',
     'orderedmultidict',
+    'caucase',
   ],
   entry_points={
     'zc.buildout': [
       'default = caddyprofiledummy:Recipe',
+    ],
+    'console_scripts': [
+      'smart-caucase-signer = caddyprofiledummy:smart_sign'
     ]
   }
 )

software/caddy-frontend/software.cfg

@@ -123,6 +123,7 @@ kedifa-updater = ${:bin_directory}/kedifa-updater
 kedifa-csr = ${:bin_directory}/kedifa-csr
 xz_location = ${xz-utils:location}
 htpasswd = ${:bin_directory}/htpasswd
+smart_caucase_signer = ${:bin_directory}/smart-caucase-signer
 
 [template]
 recipe = slapos.recipe.template:jinja2

software/caddy-frontend/templates/apache-custom-slave-list.cfg.in

@@ -453,9 +453,9 @@ recipe = slapos.cookbook:publish.serialised
 slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
 {%- endif %}
 monitor-base-url = {{ monitor_base_url }}
-csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt
-backend-client-csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/backend-haproxy-csr_id.txt
-csr_id-certificate = ${get-csr_id-certificate:certificate}
+kedifa-csr-url = ${expose-csr:url}/${store-kedifa-csr:filename}
+backend-client-csr-url = ${expose-csr:url}/${store-backend-haproxy-csr:filename}
+csr-certificate = ${get-csr-certificate:certificate}
 {%-   set furled = furl_module.furl(backend_haproxy_configuration['statistic-frontend-secure_access']) %}
 {%-   do furled.set(username = backend_haproxy_configuration['statistic-username']) %}
 {%-   do furled.set(password = backend_haproxy_configuration['statistic-password']) %}
@@ -514,23 +514,23 @@ request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
 backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
 backend-connect-retries =  {{ dumps('' ~ configuration['backend-connect-retries']) }}
 
-[store-backend-haproxy-csr_id]
+[store-csr]
 recipe = plone.recipe.command
-
-csr_id_path = {{ directory['csr_id'] }}/backend-haproxy-csr_id.txt
-csr_work_path = {{ directory['tmp'] }}/${:_buildout_section_name_}
-
 stop-on-error = False
 update-command = ${:command}
+csr_path = {{ directory['csr'] }}/${:filename}
 command =
-  [ -f ${:csr_id_path} ] && exit 0
-  {{ software_parameter_dict['bin_directory'] }}/caucase \
-    --ca-url {{ backend_haproxy_configuration['caucase-url'] }} \
-    --ca-crt {{ backend_haproxy_configuration['cas-ca-certificate'] }} \
-    --crl {{ backend_haproxy_configuration['crl'] }} \
-    --mode service \
-    --send-csr {{ backend_haproxy_configuration['csr'] }} > ${:csr_work_path} && \
-  cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path}
+  ln -sf ${:csr} ${:csr_path}
+
+[store-backend-haproxy-csr]
+<= store-csr
+filename = backend-haproxy-csr.pem
+csr = {{ backend_haproxy_configuration['csr'] }}
+
+[store-kedifa-csr]
+<= store-csr
+filename = kedifa-csr.pem
+csr = {{ kedifa_configuration['csr'] }}
 
 ##<Backend haproxy>
 
@@ -551,33 +551,14 @@ parts +=
     publish-caddy-information
     tunnel-6to4-base-http_port
     tunnel-6to4-base-https_port
-    expose-csr_id
-    promise-expose-csr_id-ip-port
+    promise-expose-csr-ip-port
 
 cache-access = {{ cache_access }}
 
-[store-csr_id]
+[certificate-csr]
 recipe = plone.recipe.command
-
-csr_id_path = {{ directory['csr_id'] }}/csr_id.txt
-csr_work_path = {{ directory['tmp'] }}/${:_buildout_section_name_}
-
-stop-on-error = False
-update-command = ${:command}
-command =
-  [ -f ${:csr_id_path} ] && exit 0
-  {{ software_parameter_dict['bin_directory'] }}/caucase \
-    --ca-url {{ kedifa_configuration['caucase-url'] }} \
-    --ca-crt {{ kedifa_configuration['cas-ca-certificate'] }} \
-    --crl {{ kedifa_configuration['crl'] }} \
-    --mode service \
-    --send-csr {{ kedifa_configuration['csr'] }} > ${:csr_work_path} && \
-  cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path}
-
-[certificate-csr_id]
-recipe = plone.recipe.command
-certificate = {{ directory['certificate-csr_id'] }}/certificate.pem
-key = {{ directory['certificate-csr_id'] }}/key.pem
+certificate = {{ directory['certificate-csr'] }}/certificate.pem
+key = {{ directory['certificate-csr'] }}/key.pem
 
 {#- Can be stopped on error, as does not rely on self provided service #}
 stop-on-error = True
@@ -585,26 +566,26 @@ update-command = ${:command}
 command =
   if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then
     openssl req -new -newkey rsa:2048 -sha256 -subj \
-      "/O={{ expose_csr_id_organization }}/OU={{ expose_csr_id_organizational_unit }}/CN=${slap-configuration:ipv6-random}" \
+      "/O={{ expose_csr_organization }}/OU={{ expose_csr_organizational_unit }}/CN=${slap-configuration:ipv6-random}" \
       -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
   fi
 
-[expose-csr_id-configuration]
+[expose-csr-configuration]
 ip = ${slap-configuration:ipv6-random}
 port = 17001
-key = ${certificate-csr_id:key}
-certificate = ${certificate-csr_id:certificate}
-error-log = {{ directory['log'] }}/expose-csr_id.log
+key = ${certificate-csr:key}
+certificate = ${certificate-csr:certificate}
+error-log = {{ directory['log'] }}/expose-csr.log
 
-[expose-csr_id-template]
+[expose-csr-template]
 recipe = slapos.recipe.template:jinja2
-var = {{ directory['expose-csr_id-var'] }}
-pid = {{ directory['var'] }}/nginx-expose-csr_id.pid
-rendered = {{ directory['etc'] }}/nginx-expose-csr_id.conf
+var = {{ directory['expose-csr-var'] }}
+pid = {{ directory['var'] }}/nginx-expose-csr.pid
+rendered = {{ directory['etc'] }}/nginx-expose-csr.conf
 template = inline:
   daemon off;
   pid ${:pid};
-  error_log ${expose-csr_id-configuration:error-log};
+  error_log ${expose-csr-configuration:error-log};
   events {
   }
   http {
@@ -612,11 +593,11 @@ template = inline:
     server {
       server_name_in_redirect off;
       port_in_redirect off;
-      error_log ${expose-csr_id-configuration:error-log};
+      error_log ${expose-csr-configuration:error-log};
       access_log /dev/null;
-      listen [${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port} ssl;                                                          
-      ssl_certificate ${expose-csr_id-configuration:certificate};
-      ssl_certificate_key ${expose-csr_id-configuration:key};
+      listen [${expose-csr-configuration:ip}]:${expose-csr-configuration:port} ssl;                                                          
+      ssl_certificate ${expose-csr-configuration:certificate};
+      ssl_certificate_key ${expose-csr-configuration:key};
       default_type application/octet-stream;
       client_body_temp_path ${:var} 1 2;
       proxy_temp_path ${:var} 1 2;
@@ -625,7 +606,7 @@ template = inline:
       scgi_temp_path ${:var} 1 2;
 
       location / {
-        alias {{ directory['csr_id'] }}/;
+        alias {{ directory['csr'] }}/;
         autoindex off;
         sendfile on;
         sendfile_max_chunk 1m;
@@ -633,28 +614,26 @@ template = inline:
     }
   }
 
-[promise-expose-csr_id-ip-port]
+[promise-expose-csr-ip-port]
 <= monitor-promise-base
 promise = check_socket_listening
-name = expose-csr_id-ip-port-listening.py
-config-host = ${expose-csr_id-configuration:ip}
-config-port = ${expose-csr_id-configuration:port}
-
-[expose-csr_id]
-depends =
-  ${store-csr_id:command}
-  ${store-backend-haproxy-csr_id:command}
+name = expose-csr-ip-port-listening.py
+config-host = ${expose-csr-configuration:ip}
+config-port = ${expose-csr-configuration:port}
+
+[expose-csr]
 recipe = slapos.cookbook:wrapper
 command-line = {{ software_parameter_dict['nginx'] }}
-  -c ${expose-csr_id-template:rendered}
+  -c ${expose-csr-template:rendered}
+url = https://[${expose-csr-configuration:ip}]:${expose-csr-configuration:port}
 
-wrapper-path = {{ directory['service'] }}/expose-csr_id
+wrapper-path = {{ directory['service'] }}/expose-csr
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 
-[get-csr_id-certificate]
+[get-csr-certificate]
 recipe = collective.recipe.shelloutput
 commands =
-  certificate = cat ${certificate-csr_id:certificate}
+  certificate = cat ${certificate-csr:certificate}
 
 [promise-logrotate-setup]
 <= monitor-promise-base

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_dummy-cached_access_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_dummy-cached_access_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_dummy-cached_access_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_dummy-cached_access_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/monitor-httpd-access.log

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/monitor-httpd-access.log

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_default_access_log

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_default_access_log

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_replicate_access_log
@@ -18,7 +18,7 @@ T-2/var/log/slave-introspection-access.log
 T-2/var/log/slave-introspection-error.log
 T-2/var/log/trafficserver/manager.log
 T-3/var/log/backend-haproxy.log
-T-3/var/log/expose-csr_id.log
+T-3/var/log/expose-csr.log
 T-3/var/log/frontend-access.log
 T-3/var/log/frontend-error.log
 T-3/var/log/httpd/_replicate_access_log

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_plugin-CADDY.txt

@@ -15,7 +15,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -34,7 +34,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
@@ -58,7 +58,7 @@ T-3/etc/plugin/caddy_frontend_ipv6_http.py
 T-3/etc/plugin/caddy_frontend_ipv6_https.py
 T-3/etc/plugin/caucase-updater.py
 T-3/etc/plugin/check-free-disk-space.py
-T-3/etc/plugin/expose-csr_id-ip-port-listening.py
+T-3/etc/plugin/expose-csr-ip-port-listening.py
 T-3/etc/plugin/frontend-caddy-configuration-promise.py
 T-3/etc/plugin/monitor-bootstrap-status.py
 T-3/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
@@ -46,7 +46,7 @@ T-3:backend-haproxy-safe-graceful EXITED
 T-3:bootstrap-monitor EXITED
 T-3:certificate_authority-{hash-generic}-on-watch STOPPED
 T-3:crond-{hash-generic}-on-watch STOPPED
-T-3:expose-csr_id-{hash-generic}-on-watch STOPPED
+T-3:expose-csr-{hash-generic}-on-watch STOPPED
 T-3:frontend-caddy-safe-graceful EXITED
 T-3:frontend_caddy-{hash-caddy-T-3}-on-watch STOPPED
 T-3:kedifa-login-certificate-caucase-updater-on-watch STOPPED

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_Url_access_log

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -35,7 +35,7 @@ T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
 T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_default_ciphers_access_log

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_Url_access_log

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -35,7 +35,7 @@ T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
 T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_health-check-connect_access_log

software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_wildcard_access_log

software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_ssl_from_master_access_log

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin-CADDY.txt

@@ -14,7 +14,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +33,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING