Commit c6efd62e authored by Ekaterina's avatar Ekaterina

merge with upstream-master

parents 31c66e2b 482f5673
...@@ -3,6 +3,7 @@ extends = ...@@ -3,6 +3,7 @@ extends =
../m4/buildout.cfg ../m4/buildout.cfg
../patch/buildout.cfg ../patch/buildout.cfg
../perl/buildout.cfg ../perl/buildout.cfg
../gnu-config/buildout.cfg
parts = parts =
autoconf autoconf
...@@ -11,6 +12,7 @@ recipe = slapos.recipe.cmmi ...@@ -11,6 +12,7 @@ recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz url = http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
md5sum = 82d05e03b93e45f5a39b828dc9c6c29b md5sum = 82d05e03b93e45f5a39b828dc9c6c29b
pre-configure = cp -f ${gnu-config:location}/config.sub ${gnu-config:location}/config.guess build-aux/
patch-options = -p1 patch-options = -p1
patches = patches =
${:_profile_base_location_}/autoconf-2.69-shebang_workaround.patch#9d286e6f9c271dff361891e381be706d ${:_profile_base_location_}/autoconf-2.69-shebang_workaround.patch#9d286e6f9c271dff361891e381be706d
......
...@@ -71,6 +71,12 @@ patches = ...@@ -71,6 +71,12 @@ patches =
<= gcc-common <= gcc-common
version = 8.2.0 version = 8.2.0
md5sum = 4ab282f414676496483b3e1793d07862 md5sum = 4ab282f414676496483b3e1793d07862
patch-binary = ${patch:location}/bin/patch
patch-options = -p1
# glibc-2.31-libsanitizer comes from https://github.com/spack/spack/pull/15403
patches =
${:_profile_base_location_}/glibc-2.31-libsanitizer-1.patch
${:_profile_base_location_}/glibc-2.31-libsanitizer-2.patch
[gcc-minimal] [gcc-minimal]
<= gcc-5.5 <= gcc-5.5
......
From ce9568e9e9cf6094be30e748821421e703754ffc Mon Sep 17 00:00:00 2001
From: Jakub Jelinek <jakub@redhat.com>
Date: Fri, 8 Nov 2019 19:53:18 +0100
Subject: [PATCH] backport: re PR sanitizer/92154 (new glibc breaks arm
bootstrap due to libsanitizer)
Backported from mainline
2019-10-22 Tamar Christina <tamar.christina@arm.com>
PR sanitizer/92154
* sanitizer_common/sanitizer_platform_limits_posix.cc:
Cherry-pick compiler-rt revision r375220.
From-SVN: r277981
---
libsanitizer/ChangeLog | 9 +++++++++
.../sanitizer_common/sanitizer_platform_limits_posix.cc | 6 +++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
index 6cd4a5bac8b0..06a605ff4670 100644
--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
+++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
@@ -1156,8 +1156,12 @@ CHECK_SIZE_AND_OFFSET(ipc_perm, uid);
CHECK_SIZE_AND_OFFSET(ipc_perm, gid);
CHECK_SIZE_AND_OFFSET(ipc_perm, cuid);
CHECK_SIZE_AND_OFFSET(ipc_perm, cgid);
-#if !defined(__aarch64__) || !SANITIZER_LINUX || __GLIBC_PREREQ (2, 21)
+#if (!defined(__aarch64__) || !SANITIZER_LINUX || __GLIBC_PREREQ (2, 21)) && \
+ !defined(__arm__)
/* On aarch64 glibc 2.20 and earlier provided incorrect mode field. */
+/* On Arm glibc 2.31 and later provide a different mode field, this field is
+ never used by libsanitizer so we can simply ignore this assert for all glibc
+ versions. */
CHECK_SIZE_AND_OFFSET(ipc_perm, mode);
#endif
From 75003cdd23c310ec385344e8040d490e8dd6d2be Mon Sep 17 00:00:00 2001
From: Jakub Jelinek <jakub@redhat.com>
Date: Fri, 20 Dec 2019 17:58:35 +0100
Subject: [PATCH] backport: re PR sanitizer/92154 (new glibc breaks arm
bootstrap due to libsanitizer)
Backported from mainline
2019-11-26 Jakub Jelinek <jakub@redhat.com>
PR sanitizer/92154
* sanitizer_common/sanitizer_platform_limits_posix.h: Cherry-pick
llvm-project revision 947f9692440836dcb8d88b74b69dd379d85974ce.
* sanitizer_common/sanitizer_platform_limits_posix.cc: Likewise.
From-SVN: r279653
---
libsanitizer/ChangeLog | 10 ++++++++++
.../sanitizer_platform_limits_posix.cc | 9 +++------
.../sanitizer_platform_limits_posix.h | 15 +--------------
3 files changed, 14 insertions(+), 20 deletions(-)
diff --git a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
index 06a605ff4670..d823a12190c0 100644
--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
+++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
@@ -1156,12 +1156,9 @@ CHECK_SIZE_AND_OFFSET(ipc_perm, uid);
CHECK_SIZE_AND_OFFSET(ipc_perm, gid);
CHECK_SIZE_AND_OFFSET(ipc_perm, cuid);
CHECK_SIZE_AND_OFFSET(ipc_perm, cgid);
-#if (!defined(__aarch64__) || !SANITIZER_LINUX || __GLIBC_PREREQ (2, 21)) && \
- !defined(__arm__)
-/* On aarch64 glibc 2.20 and earlier provided incorrect mode field. */
-/* On Arm glibc 2.31 and later provide a different mode field, this field is
- never used by libsanitizer so we can simply ignore this assert for all glibc
- versions. */
+#if !SANITIZER_LINUX || __GLIBC_PREREQ (2, 31)
+/* glibc 2.30 and earlier provided 16-bit mode field instead of 32-bit
+ on many architectures. */
CHECK_SIZE_AND_OFFSET(ipc_perm, mode);
#endif
diff --git a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h
index 73af92af1e8f..6a673a7c9959 100644
--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h
+++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h
@@ -211,26 +211,13 @@ namespace __sanitizer {
u64 __unused1;
u64 __unused2;
#elif defined(__sparc__)
-#if defined(__arch64__)
unsigned mode;
- unsigned short __pad1;
-#else
- unsigned short __pad1;
- unsigned short mode;
unsigned short __pad2;
-#endif
unsigned short __seq;
unsigned long long __unused1;
unsigned long long __unused2;
-#elif defined(__mips__) || defined(__aarch64__) || defined(__s390x__)
- unsigned int mode;
- unsigned short __seq;
- unsigned short __pad1;
- unsigned long __unused1;
- unsigned long __unused2;
#else
- unsigned short mode;
- unsigned short __pad1;
+ unsigned int mode;
unsigned short __seq;
unsigned short __pad2;
#if defined(__x86_64__) && !defined(_LP64)
[buildout] [buildout]
extends =
../patch/buildout.cfg
parts = parts =
gdbm gdbm
[gdbm] [gdbm]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
version = 1.11 version = 1.18
url = ftp://ftp.gnu.org/gnu/gdbm/gdbm-${:version}.tar.gz url = ftp://ftp.gnu.org/gnu/gdbm/gdbm-${:version}.tar.gz
md5sum = 72c832680cf0999caedbe5b265c8c1bd md5sum = e316f8e4a3e7e4f23955be65d54fec48
patch-options = -p1
patches =
${:_profile_base_location_}/extern_parseopt.patch#30baeaaa0c6a6e6be8cf56a875726619
configure-options = configure-options =
--disable-static --disable-static
--enable-libgdbm-compat --enable-libgdbm-compat
environment =
PATH=${patch:location}/bin:%(PATH)s
# install as parts/gdbm/include/gdbm/*.h etc. because some softwares # install as parts/gdbm/include/gdbm/*.h etc. because some softwares
# (eg. python's dbmmodule.c extension) assume the location like this. # (eg. python's dbmmodule.c extension) assume the location like this.
includedir = @@LOCATION@@/include includedir = @@LOCATION@@/include
make-targets = make-targets =
install includedir=${:includedir}/gdbm && rm -f ${:includedir}/*.h && ln -sf gdbm/gdbm.h ${:includedir}/gdbm.h install includedir=${:includedir}/gdbm && rm -f ${:includedir}/*.h && ln -sf gdbm/gdbm.h ${:includedir}/gdbm.h
# it seems that parallel build sometimes fails for gdbm.
make-options =
-j1
--- a/src/parseopt.c
+++ b/src/parseopt.c
@@ -255,8 +255,8 @@
}
char *parseopt_program_name;
-char *parseopt_program_doc;
-char *parseopt_program_args;
+extern char *parseopt_program_doc;
+extern char *parseopt_program_args;
const char *program_bug_address = "<" PACKAGE_BUGREPORT ">";
void (*parseopt_help_hook) (FILE *stream);
[gnu-config]
recipe = slapos.recipe.cmmi
shared = true
url = https://git.savannah.gnu.org/gitweb/?p=config.git;a=snapshot;h=5e531d391852a54e7fab2d8ff55625fca514b305;sf=tgz
md5sum = ffe323c69b6f21aa28e900f76febd3d6
configure-command = :
make-targets =
make-binary = cp -r . @@LOCATION@@
\ No newline at end of file
...@@ -64,7 +64,7 @@ environment-extra = ...@@ -64,7 +64,7 @@ environment-extra =
url = https://dl.google.com/go/go1.12.9.src.tar.gz url = https://dl.google.com/go/go1.12.9.src.tar.gz
md5sum = 6132109d4050da349eadc9f7b0304ef4 md5sum = 6132109d4050da349eadc9f7b0304ef4
# go1.11 needs go1.4 to bootstrap # go1.12 needs go1.4 to bootstrap
environment-extra = environment-extra =
GOROOT_BOOTSTRAP=${golang14:location} GOROOT_BOOTSTRAP=${golang14:location}
...@@ -77,6 +77,15 @@ md5sum = 4ad8b04f962be93a32f3021e6f35b3b9 ...@@ -77,6 +77,15 @@ md5sum = 4ad8b04f962be93a32f3021e6f35b3b9
environment-extra = environment-extra =
GOROOT_BOOTSTRAP=${golang14:location} GOROOT_BOOTSTRAP=${golang14:location}
[golang1.14]
<= golang-common
url = https://dl.google.com/go/go1.14.3.src.tar.gz
md5sum = 6b1fb42d219e2ea8925002013c76d4c7
# go1.14 needs go1.4 to bootstrap
environment-extra =
GOROOT_BOOTSTRAP=${golang14:location}
# ---- infrastructure to build Go workspaces / projects ---- # ---- infrastructure to build Go workspaces / projects ----
# gowork is a top-level section representing workspace # gowork is a top-level section representing workspace
......
...@@ -19,9 +19,12 @@ configure-command = true ...@@ -19,9 +19,12 @@ configure-command = true
# for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET, # for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET,
# otherwise use "generic". # otherwise use "generic".
# For ARCH value, x86_64 and i[3456]86 are supported. # For ARCH value, x86_64 and i[3456]86 are supported.
# CPU is generic, and not native, as in SlapOS software released are
# distributed in binary form, which may lead to incompatibility of such
# compilation optimisation across various CPUs
make-options = make-options =
TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)" TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
CPU=native CPU=generic
ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')" ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
PREFIX=@@LOCATION@@ PREFIX=@@LOCATION@@
USE_DL=1 USE_DL=1
......
[buildout]
extends =
../patchelf/buildout.cfg
../zlib/buildout.cfg
parts =
java-jdk
[java-jdk]
recipe = plone.recipe.command
command = echo "Error: unsupported platform" && false
stop-on-error = true
location =
[java-jdk:linux and bits64]
recipe = slapos.recipe.cmmi
shared = true
url = https://download.java.net/java/GA/jdk12.0.2/e482c34c86bd4bf8b56c0b35558996b9/10/GPL/openjdk-12.0.2_linux-x64_bin.tar.gz
md5sum = f5da6f4dec81bdd2a096184ec1d69216
configure-command = :
make-binary = :
pre-install =
mkdir -p @@LOCATION@@
cp -r * @@LOCATION@@
post-install =
for file in @@LOCATION@@/bin/* ; do
echo appending rpath to $file
${patchelf:location}/bin/patchelf --set-rpath ${:rpath} $file
done
rpath = ${zlib:location}/lib:@@LOCATION@@/lib
location = @@LOCATION@@
# Jpegoptim - utility to optimize jpeg files.
# https://www.kokkonen.net/tjko/projects.html
[buildout]
extends =
../libjpeg/buildout.cfg
[jpegoptim]
recipe = slapos.recipe.cmmi
url = https://www.kokkonen.net/tjko/src/jpegoptim-1.4.6.tar.gz
md5sum = 844c572d69fd5af75f0616b86e63962d
configure-options =
--with-libjpeg=${libjpeg:location}
environment =
LDFLAGS=-Wl,-rpath=${libjpeg:location}/lib
...@@ -4,5 +4,6 @@ parts = ...@@ -4,5 +4,6 @@ parts =
[libestr] [libestr]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://libestr.adiscon.com/files/download/libestr-0.1.10.tar.gz url = http://libestr.adiscon.com/files/download/libestr-0.1.11.tar.gz
md5sum = f4c9165a23587e77f7efe65d676d5e8e md5sum = 1f25a2332750d4bfacfb314235fedff0
shared = true
[buildout]
extends =
../autoconf/buildout.cfg
../automake/buildout.cfg
../pkgconfig/buildout.cfg
../m4/buildout.cfg
parts =
libfastjson
[libfastjson]
recipe = slapos.recipe.cmmi
url = https://github.com/rsyslog/libfastjson/archive/v0.99.8.tar.gz
md5sum = 730713ad1d851def7ac8898f751bbfdd
shared = true
pre-configure =
autoreconf -fvi -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal -I ${automake:location}/share/aclocal
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:%(PATH)s
M4=${m4:location}/bin/m4
[buildout] [buildout]
extends = ../gnu-config/buildout.cfg
parts = parts =
libyaml libyaml
...@@ -8,3 +9,4 @@ recipe = slapos.recipe.cmmi ...@@ -8,3 +9,4 @@ recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://pyyaml.org/download/libyaml/yaml-0.1.6.tar.gz url = http://pyyaml.org/download/libyaml/yaml-0.1.6.tar.gz
md5sum = 5fe00cda18ca5daeb43762b80c38e06e md5sum = 5fe00cda18ca5daeb43762b80c38e06e
pre-configure = cp -f ${gnu-config:location}/config.sub ${gnu-config:location}/config.guess config/
\ No newline at end of file
...@@ -16,6 +16,7 @@ parts = ...@@ -16,6 +16,7 @@ parts =
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://ftp.de.debian.org/debian/pool/main/m/make-dfsg/make-dfsg_3.81.orig.tar.gz url = http://ftp.de.debian.org/debian/pool/main/m/make-dfsg/make-dfsg_3.81.orig.tar.gz
md5sum = 7c93b1ab4680eb21c2c13f4f47741e2d md5sum = 7c93b1ab4680eb21c2c13f4f47741e2d
shared = true
patches = patches =
${:_profile_base_location_}/make-dfsg_3.81-8.2.diff#320ce09344a8618b6c47ddb88c09cea9 ${:_profile_base_location_}/make-dfsg_3.81-8.2.diff#320ce09344a8618b6c47ddb88c09cea9
patch-options = -p1 patch-options = -p1
......
# OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information.
# http://optipng.sourceforge.net/
[buildout]
extends =
../libpng/buildout.cfg
../zlib/buildout.cfg
[optipng]
recipe = slapos.recipe.cmmi
url = http://prdownloads.sourceforge.net/optipng/optipng-0.7.7.tar.gz
md5sum = 211101965baf42fd24a2aa990b7e842e
configure-options =
--with-system-libpng
--with-system-zlib
environment =
CPPFLAGS=-I${libpng:location}/include -I${zlib:location}/include
LDFLAGS=-L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
[buildout]
extends =
../autoconf/buildout.cfg
../automake/buildout.cfg
../pkgconfig/buildout.cfg
parts =
patchelf
[patchelf]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/NixOS/patchelf/archive/0.11.tar.gz
md5sum = 6cffb77ee7a95bd314d954a6aeb53a02
pre-configure =
autoreconf -vif
environment =
PATH=${pkgconfig:location}/bin:${autoconf:location}/bin:${automake:location}/bin:%(PATH)s
...@@ -2,33 +2,42 @@ ...@@ -2,33 +2,42 @@
extends = extends =
../autoconf/buildout.cfg ../autoconf/buildout.cfg
../automake/buildout.cfg ../automake/buildout.cfg
../bison/buildout.cfg
../flex/buildout.cfg
../git/buildout.cfg
../boost-lib/buildout.cfg ../boost-lib/buildout.cfg
../libtool/buildout.cfg ../libtool/buildout.cfg
../make/buildout.cfg ../make/buildout.cfg
../mariadb/buildout.cfg ../openssl/buildout.cfg
../pkgconfig/buildout.cfg ../pkgconfig/buildout.cfg
../ragel/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
# For geoip backend
# https://doc.powerdns.com/authoritative/backends/geoip.html
../geoip2/buildout.cfg
../yaml-cpp/buildout.cfg
parts = parts =
powerdns powerdns
[powerdns] [powerdns]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://downloads.powerdns.com/releases/pdns-3.3.1.tar.gz url = http://downloads.powerdns.com/releases/pdns-4.2.1.tar.bz2
md5sum = 074e2ff211fd12ecad25b5c1cc190dd4 md5sum = b5f3998a3bc438b905c72c0473408839
configure-options = configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_} --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-boost=${boost-lib:location} --with-boost=${boost-lib:location}
--with-modules="geo" --with-libcrypto=${openssl:location}
--with-modules="geoip"
--with-dynmodules="" --with-dynmodules=""
--without-lua --without-lua
--disable-lua-records
pkg_config_depends = ${yaml-cpp:location}/lib/pkgconfig
environment = environment =
PATH=${make:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:${bison:location}/bin:${flex:location}/bin:${git:location}/bin:${ragel:location}/bin:%(PATH)s PATH=${autoconf:location}/bin:${automake:location}/bin:${libmaxminddb:location}/bin:${libtool:location}/bin:${make:location}/bin:${pkgconfig:location}/bin:%(PATH)s
LDFLAGS=-L${boost-lib:location}/lib -Wl,-rpath=${boost-lib:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lz LDFLAGS=-L${boost-lib:location}/lib -Wl,-rpath=${boost-lib:location}/lib -L${libmaxminddb:location}/lib -Wl,-rpath=${libmaxminddb:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${yaml-cpp:location}/lib -Wl,-rpath=${yaml-cpp:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
CPPFLAGS=-I${boost-lib:location}/include CPPFLAGS=-I${boost-lib:location}/include -I${libmaxminddb:location}/include -I${yaml-cpp:location}/include
PKG_CONFIG_PATH=${:pkg_config_depends}
# XXX: Override the default value "-Llib -lyaml-cpp"; "-Llib" is a problem
YAML_LIBS = -lyaml-cpp
make-options =
LIBTOOL=libtool
make-target = make-target =
install install
...@@ -63,16 +63,16 @@ md5sum = df0ce86d0b1d81e232ad08eef58754ed ...@@ -63,16 +63,16 @@ md5sum = df0ce86d0b1d81e232ad08eef58754ed
[debian-amd64-stretch-netinst.iso] [debian-amd64-stretch-netinst.iso]
<= debian-amd64-netinst-base <= debian-amd64-netinst-base
version = 9.12.0 version = 9.13.0
md5sum = 50e7919f4276787f3a4631544edceae3 md5sum = 6097fdb9cbab47c96471274b9044e983
[debian-amd64-netinst.iso] [debian-amd64-netinst.iso]
# Download the installer of Debian 10 (Buster) # Download the installer of Debian 10 (Buster)
# XXX: This is not the latest version because # XXX: This is not the latest version because
# Debian does not provide a stable URL for it. # Debian does not provide a stable URL for it.
<= debian-amd64-netinst-base <= debian-amd64-netinst-base
version = 10.3.0 version = 10.4.0
md5sum = 5956434be4b81e6376151b64ef9b1596 md5sum = e2ddc8268e4c164c32b4ba25be52c9af
[debian-amd64-testing-netinst.iso] [debian-amd64-testing-netinst.iso]
<= debian-amd64-netinst-base <= debian-amd64-netinst-base
......
...@@ -2,21 +2,25 @@ ...@@ -2,21 +2,25 @@
parts = parts =
rsyslogd rsyslogd
extends = extends =
../curl/buildout.cfg
../libestr/buildout.cfg ../libestr/buildout.cfg
../json-c/buildout.cfg ../libfastjson/buildout.cfg
../libuuid/buildout.cfg ../libuuid/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
[rsyslogd] [rsyslogd]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.12.0.tar.gz url = https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2006.0.tar.gz
md5sum = c31c2d545c8a3b8695bdf076851d1517 md5sum = 33de768941953ceeca9d1a437b47891b
shared = true
configure-options = configure-options =
--disable-klog --disable-klog
--disable-libgcrypt --disable-libgcrypt
--disable-liblogging-stdlog --disable-liblogging-stdlog
--disable-libsystemd
environment = environment =
PKG_CONFIG_PATH=${libestr:location}/lib/pkgconfig:${json-c:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig PATH=${pkgconfig:location}/bin:%(PATH)s
CPPFLAGS=-I${libestr:location}/include -I${json-c:location}/include -I${libuuid:location}/include -I${zlib:location}/include PKG_CONFIG_PATH=${libestr:location}/lib/pkgconfig:${curl:location}/lib/pkgconfig:${libfastjson:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig
LDFLAGS=-Wl,-rpath=${libestr:location}/lib -Wl,-rpath=${json-c:location}/lib -Wl,-rpath=${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib CPPFLAGS=-I${libestr:location}/include -I${curl:location}/include -I${libfastjson:location}/include -I${libuuid:location}/include -I${zlib:location}/include
LDFLAGS=-Wl,-rpath=${libestr:location}/lib -Wl,-rpath=${curl:location}/lib -Wl,-rpath=${libfastjson:location}/lib -Wl,-rpath=${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
ZLIB_CFLAGS=-I${zlib:location}/include ZLIB_CFLAGS=-I${zlib:location}/include
...@@ -13,6 +13,10 @@ extensions = ...@@ -13,6 +13,10 @@ extensions =
extends-cache = extends-cache extends-cache = extends-cache
download-cache = download-cache download-cache = download-cache
[gcc]
# force usage of gcc from slapos
max_version = 0
# Uguu, upstream buildout.cfg must be patched as it works the other way # Uguu, upstream buildout.cfg must be patched as it works the other way
# around from a packager point of view at least, thus at the end static # around from a packager point of view at least, thus at the end static
# path, such as Python HOME directory, are wrong... # path, such as Python HOME directory, are wrong...
...@@ -86,8 +90,12 @@ environment += ...@@ -86,8 +90,12 @@ environment +=
pre-configure = pre-configure =
sed -i 's#/opt/slapos/parts/dbus/lib/libdbus-1.la#${dbus:location}/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la sed -i 's#/opt/slapos/parts/dbus/lib/libdbus-1.la#${dbus:location}/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la
environment += environment +=
PATH=${pkgconfig:location}/bin:${python:location}/bin:%(PATH)s
LD_LIBRARY_PATH=${dbus:location}/lib LD_LIBRARY_PATH=${dbus:location}/lib
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${dbus:location}/lib -Wl,-rpath=${dbus:location}/lib LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${dbus:location}/lib -Wl,-rpath=${dbus:location}/lib
PYTHON=${python:location}/bin/python${python:version}
PYTHON_INCLUDES=-I${python:location}/include/python${python:version}
PYTHON_LIBS=-L${python:location}/lib -lpython${python:version} -lpthread -ldl -lutil -lm
post-install = post-install =
sed -i 's#${dbus:location}/lib/libdbus-1.la#/opt/slapos/parts/dbus/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la sed -i 's#${dbus:location}/lib/libdbus-1.la#/opt/slapos/parts/dbus/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la
...@@ -110,7 +118,7 @@ make-options = ...@@ -110,7 +118,7 @@ make-options =
[gobject-introspection] [gobject-introspection]
pre-configure = pre-configure =
ln -s ${python2.7:location}/bin/python2.7 ${python2.7:location}/bin/python2. ln -s ${python:location}/bin/python${python:version} ${python:location}/bin/python2.
sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config
libtoolize -c -f libtoolize -c -f
aclocal -I${pkgconfig:location}/share/aclocal -I${gettext:location}/share/aclocal -I${libtool:location}/share/aclocal -I${glib:location}/share/aclocal aclocal -I${pkgconfig:location}/share/aclocal -I${gettext:location}/share/aclocal -I${libtool:location}/share/aclocal -I${glib:location}/share/aclocal
...@@ -120,24 +128,24 @@ configure-options += ...@@ -120,24 +128,24 @@ configure-options +=
environment += environment +=
PATH=${autoconf:location}/bin:${automake:location}/bin:${pkgconfig:location}/bin:${libtool:location}/bin:${intltool:location}/bin:${gettext:location}/bin:${glib:location}/bin:${flex:location}/bin:${bison-go:location}/bin:%(PATH)s PATH=${autoconf:location}/bin:${automake:location}/bin:${pkgconfig:location}/bin:${libtool:location}/bin:${intltool:location}/bin:${gettext:location}/bin:${glib:location}/bin:${flex:location}/bin:${bison-go:location}/bin:%(PATH)s
GIR_DIR=${buildout:parts-directory}/${:_buildout_section_name_}/share/gir-1.0 GIR_DIR=${buildout:parts-directory}/${:_buildout_section_name_}/share/gir-1.0
CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${python2.7:location}/include/python2.7 CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${python:location}/include/python${python:version}
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi -L${python2.7:location}/lib LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi -L${python:location}/lib
ACLOCAL_PATH=${pkgconfig:location}/share/aclocal:${gettext:location}/share/aclocal:${libtool:location}/share/aclocal:${glib:location}/share/aclocal:${intltool:location}/share/aclocal ACLOCAL_PATH=${pkgconfig:location}/share/aclocal:${gettext:location}/share/aclocal:${libtool:location}/share/aclocal:${glib:location}/share/aclocal:${intltool:location}/share/aclocal
M4=${m4:location}/bin/m4 M4=${m4:location}/bin/m4
PERL5LIB=${perl:location}/lib/5.28.1/ PERL5LIB=${perl:location}/lib/5.28.1/
post-install = post-install =
sed -i 's#!${python2.7:location}/bin/python2.7#!/opt/slapos/parts/python2.7/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!${python:location}/bin/python${python:version}#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#' ${python:location}/bin/python-config
rm -rf ${bison-go:location} rm -rf ${bison-go:location}
[pygobject3] [pygobject3]
pre-configure += pre-configure +=
sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#!${python:location}/bin/python${python:version}#' ${python:location}/bin/python-config
environment += environment +=
CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${gettext:location}/include -I${libffi:location}/include -I${python2.7:location}/include/python2.7 CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${gettext:location}/include -I${libffi:location}/include -I${python:location}/include/python${python:version}
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${python2.7:location}/lib LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${python:location}/lib
post-install = post-install =
sed -i 's#!${python2.7:location}/bin/python2.7#!/opt/slapos/parts/python2.7/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!${python:location}/bin/python${python:version}#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#' ${python:location}/bin/python-config
[ncurses] [ncurses]
configure-options = configure-options =
......
...@@ -5,8 +5,8 @@ parts = tcl ...@@ -5,8 +5,8 @@ parts = tcl
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://prdownloads.sourceforge.net/tcl/tcl8.5.15-src.tar.gz url = http://prdownloads.sourceforge.net/tcl/tcl8.5.15-src.tar.gz
md5sum = f3df162f92c69b254079c4d0af7a690f md5sum = f3df162f92c69b254079c4d0af7a690f
location = ${buildout:parts-directory}/${:_buildout_section_name_} shared = true
configure-command = ./unix/configure configure-command = ./unix/configure
configure-options = configure-options =
--prefix=${:location} --prefix=@@LOCATION@@
--with-encoding=utf-8 --with-encoding=utf-8
...@@ -16,8 +16,9 @@ parts = ...@@ -16,8 +16,9 @@ parts =
[trafficserver] [trafficserver]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://apache.claz.org/trafficserver/trafficserver-7.1.6.tar.bz2 url = http://apache.claz.org/trafficserver/trafficserver-7.1.11.tar.bz2
md5sum = 45f67cd652fa3481f76ff92213325c84 md5sum = 74e8c1e2d7cdc0b97420d8b813321258
shared = true
configure-options = configure-options =
--with-openssl=${openssl:location} --with-openssl=${openssl:location}
--with-pcre=${pcre:location} --with-pcre=${pcre:location}
......
[buildout]
extends =
../cmake/buildout.cfg
parts =
yaml-cpp
[yaml-cpp]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-0.6.3.tar.gz
md5sum = b45bf1089a382e81f6b661062c10d0c2
location = @@LOCATION@@
configure-command =
mkdir build && cd build && \
${cmake:location}/bin/cmake \
-DYAML_BUILD_SHARED_LIBS=ON \
-DCMAKE_INSTALL_PREFIX=${:location} \
..
make-options = -C build
...@@ -21,7 +21,7 @@ echo "###################################################################" ...@@ -21,7 +21,7 @@ echo "###################################################################"
git tag 1.0.$NEXT_MINOR_VERSION -m "Release 1.0.$NEXT_MINOR_VERSION" git tag 1.0.$NEXT_MINOR_VERSION -m "Release 1.0.$NEXT_MINOR_VERSION"
echo " Please review current tag and them push it:" echo " Please review current tag and then push it:"
echo " To review use git log 1.0.$NEXT_MINOR_VERSION" echo " To review use git log 1.0.$NEXT_MINOR_VERSION"
echo "" echo ""
......
...@@ -43,7 +43,7 @@ def updateMysql(mysql_upgrade_binary, mysql_binary, mysql_script_file): ...@@ -43,7 +43,7 @@ def updateMysql(mysql_upgrade_binary, mysql_binary, mysql_script_file):
break break
print 'SlapOS initialisation script succesfully applied on database.' print 'SlapOS initialisation script succesfully applied on database.'
return return
sleep = max(sleep+1, 30) sleep = min(sleep+1, 30)
print 'Sleeping for %ss and retrying' % sleep print 'Sleeping for %ss and retrying' % sleep
sys.stdout.flush() sys.stdout.flush()
sys.stderr.flush() sys.stderr.flush()
......
Changes
=======
Here are listed the most important changes, which might affect upgrades.
1.0.159 (2020-07-30)
--------------------
* logs are ensured to be available in slave's ``log-access-url``
* logs from backend Haproxy are also available to slaves
1.0.158 (2020-07-24)
--------------------
* manual customisation of profiles has been dropped, as not used, dropped keys are ``apache_custom_http``, ``apache_custom_https``, ``caddy_custom_http``, ``caddy_custom_https`` from slaves and ``-frontend-authorized-slave-string`` from master
* ``re6st-optimal-test`` has been dropped from slave
* QUIC is dropped, as was not used and has been superseded by HTTP/3, dropped key is ``enable-quic`` from master
* haproxy is used as a gateway to backends:
* ``automatic-internal-backend-client-caucase-csr`` switch for master is introduced to control it CSR signing
* ``proxy-try-duration`` and ``proxy-try-interval`` has been dropped, as Caddy is not used anymore to connect to the backend, and instead ``backend-connect-timeout`` and ``backend-connect-retries`` is used, as it comes from Haproxy
* ``backend-client-caucase-url`` is returned in master and slave, so that backends can use caucase to fetch CA from frontend cluster
* ``request-timeout`` is supported per slave, as now it became possible
* ``authenticate-to-backend`` is added for master and slave, defaulting to False, to have control over cluster default authentication, and make it possible to do it per slave
1.0.149 (2020-05-05)
--------------------
* no changes noted
...@@ -21,7 +21,7 @@ About frontend replication ...@@ -21,7 +21,7 @@ About frontend replication
Slaves of the root instance are sent as a parameter to requested frontends which will process them. The only difference is that they will then return the would-be published information to the root instance instead of publishing it. The root instance will then do a synthesis and publish the information to its slaves. The replicate instance only use 5 type of parameters for itself and will transmit the rest to requested frontends. Slaves of the root instance are sent as a parameter to requested frontends which will process them. The only difference is that they will then return the would-be published information to the root instance instead of publishing it. The root instance will then do a synthesis and publish the information to its slaves. The replicate instance only use 5 type of parameters for itself and will transmit the rest to requested frontends.
These parameters are : These parameters are:
* ``-frontend-type`` : the type to deploy frontends with. (default to 2) * ``-frontend-type`` : the type to deploy frontends with. (default to 2)
* ``-frontend-quantity`` : The quantity of frontends to request (default to "default") * ``-frontend-quantity`` : The quantity of frontends to request (default to "default")
...@@ -30,7 +30,7 @@ These parameters are : ...@@ -30,7 +30,7 @@ These parameters are :
* ``-frontend-software-release-url``: Software release to be used for frontends, default to the current software release * ``-frontend-software-release-url``: Software release to be used for frontends, default to the current software release
* ``-sla-i-foo`` : where "i" is the number of the concerned frontend (between 1 and "-frontend-quantity") and "foo" a sla parameter. * ``-sla-i-foo`` : where "i" is the number of the concerned frontend (between 1 and "-frontend-quantity") and "foo" a sla parameter.
for example:: For example::
<parameter id="-frontend-quantity">3</parameter> <parameter id="-frontend-quantity">3</parameter>
<parameter id="-frontend-type">custom-personal</parameter> <parameter id="-frontend-type">custom-personal</parameter>
...@@ -170,24 +170,6 @@ This replaces old request parameters: ...@@ -170,24 +170,6 @@ This replaces old request parameters:
(*Note*: They are still supported for backward compatibility, but any value send to the ``key-upload-url`` will supersede information from SlapOS Master.) (*Note*: They are still supported for backward compatibility, but any value send to the ``key-upload-url`` will supersede information from SlapOS Master.)
How to have custom configuration in frontend server - XXX - to be written
=========================================================================
In your instance directory, you, as sysadmin, can directly edit two
configuration files that won't be overwritten by SlapOS to customize your
instance:
* ``$PARTITION_PATH/srv/srv/apache-conf.d/apache_frontend.custom.conf``
* ``$PARTITION_PATH/srv/srv/apache-conf.d/apache_frontend.virtualhost.custom.conf``
The first one is included in the end of the main apache configuration file.
The second one is included in the virtualhost of the main apache configuration file.
SlapOS will just create those two files for you, then completely forget them.
*Note*: make sure that the UNIX user of the instance has read access to those
files if you edit them.
Instance Parameters Instance Parameters
=================== ===================
...@@ -263,17 +245,6 @@ Necessary to activate cache. ...@@ -263,17 +245,6 @@ Necessary to activate cache.
``enable_cache`` is an optional parameter. ``enable_cache`` is an optional parameter.
Functionalities for Caddy configuration
---------------------------------------
In the slave Caddy configuration you can use parameters that will be replaced during instantiation. They should be entered as python templates parameters ex: ``%(parameter)s``:
* ``cache_access`` : url of the cache. Should replace backend url in configuration to use the cache
* ``access_log`` : path of the slave error log in order to log in a file.
* ``error_log`` : path of the slave access log in order to log in a file.
* ``certificate`` : path to the certificate
Examples Examples
======== ========
...@@ -460,6 +431,18 @@ Then specify in the master instance parameters: ...@@ -460,6 +431,18 @@ Then specify in the master instance parameters:
* set ``port`` to ``443`` * set ``port`` to ``443``
* set ``plain_http_port`` to ``80`` * set ``plain_http_port`` to ``80``
Authentication to the backend
=============================
The cluster generates CA served by caucase, available with ``backend-client-caucase-url`` return parameter.
Then, each slave configured with ``authenticate-to-backend`` to true, will use a certificate signed by this CA while accessing https backend.
This allows backends to:
* restrict access only from some frontend clusters
* trust values (like ``X-Forwarded-For``) sent by the frontend
Technical notes Technical notes
=============== ===============
...@@ -472,11 +455,22 @@ Instantiating caddy-frontend results with a cluster in various partitions: ...@@ -472,11 +455,22 @@ Instantiating caddy-frontend results with a cluster in various partitions:
* kedifa (contains kedifa server) * kedifa (contains kedifa server)
* caddy-frontend-N which contains the running processes to serve sites - this partition can be replicated by ``-frontend-quantity`` parameter * caddy-frontend-N which contains the running processes to serve sites - this partition can be replicated by ``-frontend-quantity`` parameter
So it means sites are served in `caddy-frontend-N` partition, and this partition is structured as: It means sites are served in ``caddy-frontend-N`` partition, and this partition is structured as:
* Caddy serving the browser [client-facing-caddy]
* (optional) Apache Traffic Server for caching [ats]
* Haproxy as a way to communicate to the backend [backend-facing-haproxy]
* some other additional tools (6tunnel, monitor, etc)
In case of slaves without cache (``enable_cache = False``) the request will travel as follows::
* Caddy serving the browser client-facing-caddy --> backend-facing-haproxy --> backend
* (optional) Apache Traffic Server for caching
* Caddy connected to the backend In case of slaves using cache (``enable_cache = True``) the request will travel as follows::
client-facing-caddy --> ats --> backend-facing-haproxy --> backend
Usage of Haproxy as a relay to the backend allows much better control of the backend, removes the hassle of checking the backend from Caddy and allows future developments like client SSL certificates to the backend or even health checks.
Kedifa implementation Kedifa implementation
--------------------- ---------------------
...@@ -493,3 +487,32 @@ Support for X-Real-Ip and X-Forwarded-For ...@@ -493,3 +487,32 @@ Support for X-Real-Ip and X-Forwarded-For
----------------------------------------- -----------------------------------------
X-Forwarded-For and X-Real-Ip are transmitted to the backend, but only for IPv4 access to the frontend. In case of IPv6 access, the provided IP will be wrong, because of using 6tunnel. X-Forwarded-For and X-Real-Ip are transmitted to the backend, but only for IPv4 access to the frontend. In case of IPv6 access, the provided IP will be wrong, because of using 6tunnel.
Automatic Internal Caucase CSR
------------------------------
Cluster is composed on many instances, which are landing on separate partitions, so some way is needed to bootstrap trust between the partitions.
There are two ways to achieve it:
* use default, Automatic Internal Caucase CSR used to replace human to sign CSRs against internal CAUCASEs automatic bootstrap, which leads to some issues, described later
* switch to manual bootstrap, which requires human to create and manage user certificate (with caucase-updater) and then sign new frontend nodes appearing in the system
The issues during automatic bootstrap are:
* rouge or hacked SlapOS Master can result with adding rouge frontend nodes to the cluster, which will be trusted, so it will be possible to fetch all certificates and keys from Kedifa or to login to backends
* when new node is added there is short window, when rouge person is able to trick automatic signing, and have it's own node added
In both cases promises will fail on node which is not able to get signed, but in case of Kedifa the damage already happened (certificates and keys are compromised). So in case if cluster administrator wants to stay on the safe side, both automatic bootstraps shall be turned off.
How the automatic signing works
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Having in mind such structure:
* instance with caucase: ``caucase-instance``
* N instances which want to get their CSR signed: ``csr-instance``
In ``caucase-instance`` CAUCASE user is created by automatically signing one user certificate, which allows to sign service certificates.
The ``csr-instance`` creates CSR, extracts the ID of the CSR, exposes it via HTTP and ask caucase on ``caucase-instance`` to sign it. The ``caucase-instance`` checks that exposed CSR id matches the one send to caucase and by using created user to signs it.
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 20f7a925e686949092823595c79a0523 md5sum = dae3bf6daf851b5610a1a6bd83057b29
[template-common] [template-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,15 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b ...@@ -22,15 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 0851faa528eb4f21330a6f23f77dea7f md5sum = 43b3763d4086283e9c7c886e3b89e54b
[template-caddy-replicate] [template-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = a544bf7586f5945bbf108abe9818c7dd md5sum = 19debfbc27c464f451b1eb5bb5ce3c84
[template-slave-list] [template-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = 9da1616d203e4909af37e658aa923d95 md5sum = 8f518a7b543126ce91fe218255fb201c
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
...@@ -38,7 +38,7 @@ md5sum = 7e3ee70c447f8203273d78f66ab519c3 ...@@ -38,7 +38,7 @@ md5sum = 7e3ee70c447f8203273d78f66ab519c3
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
_update_hash_filename_ = templates/Caddyfile.in _update_hash_filename_ = templates/Caddyfile.in
md5sum = f0faf6d2e6c187df7e25bf717676f9df md5sum = 2503056e35463e045db3329bb8b6fae8
[caddy-backend-url-validator] [caddy-backend-url-validator]
filename = templates/caddy-backend-url-validator.in filename = templates/caddy-backend-url-validator.in
...@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
_update_hash_filename_ = templates/default-virtualhost.conf.in _update_hash_filename_ = templates/default-virtualhost.conf.in
md5sum = a72e9056eeda3c7c794f6f6560056380 md5sum = 266f175dbdfc588af7a86b0b1884fe73
[template-cached-slave-virtualhost] [template-backend-haproxy-configuration]
_update_hash_filename_ = templates/cached-virtualhost.conf.in _update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = e839ca3cb308f7fcdfa06c2f1b95e93f md5sum = 68a7758ca8f8b544ba9bc756824be3d3
[template-log-access] [template-log-access]
_update_hash_filename_ = templates/template-log-access.conf.in _update_hash_filename_ = templates/template-log-access.conf.in
...@@ -94,7 +94,7 @@ md5sum = 061cc244558fd3af2b6bacf17cae5555 ...@@ -94,7 +94,7 @@ md5sum = 061cc244558fd3af2b6bacf17cae5555
[template-validate-script] [template-validate-script]
_update_hash_filename_ = templates/validate-script.sh.in _update_hash_filename_ = templates/validate-script.sh.in
md5sum = f26e11574f266c7437c9c89e3c93825a md5sum = 53e5d7ba2827bff003051f74f24ffe4f
[template-configuration-state-script] [template-configuration-state-script]
_update_hash_filename_ = templates/configuration-state-script.sh.in _update_hash_filename_ = templates/configuration-state-script.sh.in
...@@ -114,4 +114,8 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8 ...@@ -114,4 +114,8 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8
[template-kedifa] [template-kedifa]
filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
md5sum = 9d6111a5d6bc07e708116ca331925241 md5sum = f77744e52f9d028c39f99cfbf31eadaf
[template-backend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
md5sum = be899b04e1aa652ed510f20d4ea523dd
...@@ -10,6 +10,8 @@ extends = ...@@ -10,6 +10,8 @@ extends =
../../component/trafficserver/buildout.cfg ../../component/trafficserver/buildout.cfg
../../component/6tunnel/buildout.cfg ../../component/6tunnel/buildout.cfg
../../component/xz-utils/buildout.cfg ../../component/xz-utils/buildout.cfg
../../component/rsyslogd/buildout.cfg
../../component/haproxy/buildout.cfg
../../stack/caucase/buildout.cfg ../../stack/caucase/buildout.cfg
# Monitoring stack (keep on bottom) # Monitoring stack (keep on bottom)
...@@ -94,6 +96,8 @@ bin_directory = ${buildout:bin-directory} ...@@ -94,6 +96,8 @@ bin_directory = ${buildout:bin-directory}
sixtunnel = ${6tunnel:location} sixtunnel = ${6tunnel:location}
caddy = ${caddy:output} caddy = ${caddy:output}
caddy_location = ${caddy:location} caddy_location = ${caddy:location}
haproxy_executable = ${haproxy:location}/sbin/haproxy
rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
curl = ${curl:location} curl = ${curl:location}
dash = ${dash:location} dash = ${dash:location}
gzip = ${gzip:location} gzip = ${gzip:location}
...@@ -108,7 +112,8 @@ kedifa-csr = ${:bin_directory}/kedifa-csr ...@@ -108,7 +112,8 @@ kedifa-csr = ${:bin_directory}/kedifa-csr
xz_location = ${xz-utils:location} xz_location = ${xz-utils:location}
monitor_template = ${monitor-template:output} monitor_template = ${monitor-template:output}
template_cached_slave_virtualhost = ${template-cached-slave-virtualhost:target} template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target}
template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target} template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target}
template_graceful_script = ${template-graceful-script:target} template_graceful_script = ${template-graceful-script:target}
template_validate_script = ${template-validate-script:target} template_validate_script = ${template-validate-script:target}
...@@ -184,7 +189,7 @@ mode = 640 ...@@ -184,7 +189,7 @@ mode = 640
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
<=download-template <=download-template
[template-cached-slave-virtualhost] [template-backend-haproxy-configuration]
<=download-template <=download-template
[template-log-access] [template-log-access]
...@@ -222,3 +227,6 @@ mode = 0644 ...@@ -222,3 +227,6 @@ mode = 0644
[template-configuration-state-script] [template-configuration-state-script]
<=download-template <=download-template
[template-backend-haproxy-rsyslogd-conf]
<=download-template
...@@ -66,16 +66,16 @@ ...@@ -66,16 +66,16 @@
"title": "Test Verification URL", "title": "Test Verification URL",
"type": "string" "type": "string"
}, },
"proxy-try-duration": { "backend-connect-timeout": {
"default": 5, "default": 5,
"description": "A time during which Caddy will try to establish connection with a backend. Setting it to 0 will result with immediate return of 502 EOF error to the browser, even if it would be possible to (re)connect to the backend during few moments. More info in https://caddyserver.com/docs/proxy try_durtion.", "description": "Time in seconds for establishing connection to the backend.",
"title": "Duration in seconds of trying a backend", "title": "Timeout for backend connection (seconds)",
"type": "integer" "type": "integer"
}, },
"proxy-try-interval": { "backend-connect-retries": {
"default": 250, "default": 3,
"description": "How often Caddy will try to establish connection with a backend during proxy-try-duration. More info in https://caddyserver.com/docs/proxy try_interval", "description": "Amount of retries to connect to the backend. The amount of backend-connect-timeout*backend-connect-retries seconds will be spent to connect to the backend.",
"title": "Interval in milliseconds of tries during proxy-try-duration", "title": "Amount of retries to connect to the backend.",
"type": "integer" "type": "integer"
}, },
"automatic-internal-kedifa-caucase-csr": { "automatic-internal-kedifa-caucase-csr": {
...@@ -88,6 +88,16 @@ ...@@ -88,6 +88,16 @@
"title": "Automatic Internal KeDiFa's Caucase CSR", "title": "Automatic Internal KeDiFa's Caucase CSR",
"type": "string" "type": "string"
}, },
"automatic-internal-backend-client-caucase-csr": {
"default": "true",
"description": "Automatically signs CSRs sent to Backend Client's caucase, based on csr_id and matching certificate.",
"enum": [
"true",
"false"
],
"title": "Automatic Internal Backend Client's Caucase CSR",
"type": "string"
},
"ciphers": { "ciphers": {
"description": "List of ciphers. Empty defaults to Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.", "description": "List of ciphers. Empty defaults to Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
"title": "Ordered space separated list of ciphers", "title": "Ordered space separated list of ciphers",
...@@ -98,6 +108,16 @@ ...@@ -98,6 +108,16 @@
"description": "Timeout for HTTP requests.", "description": "Timeout for HTTP requests.",
"title": "HTTP Request timeout in seconds", "title": "HTTP Request timeout in seconds",
"type": "integer" "type": "integer"
},
"authenticate-to-backend": {
"default": "false",
"description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
"enum": [
"false",
"true"
],
"title": "Authenticate to backend",
"type": "string"
} }
}, },
"title": "Input Parameters", "title": "Input Parameters",
......
...@@ -230,7 +230,7 @@ config-ca-cert-file = ${kedifa-config:ca-certificate} ...@@ -230,7 +230,7 @@ config-ca-cert-file = ${kedifa-config:ca-certificate}
<= logrotate-entry-base <= logrotate-entry-base
name = kedifa name = kedifa
log = ${kedifa-config:logfile} log = ${kedifa-config:logfile}
rotate-num = 30 rotate-num = {{ instance_parameter['configuration.rotate-num'] | int }}
[kedifa] [kedifa]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
......
...@@ -73,6 +73,10 @@ ...@@ -73,6 +73,10 @@
"warning-list": { "warning-list": {
"description": "List of warning found during the request.", "description": "List of warning found during the request.",
"type": "array" "type": "array"
},
"backend-client-caucase-url": {
"description": "URL to caucase used by authentication to the backend.",
"type": "string"
} }
}, },
"type": "object" "type": "object"
......
...@@ -195,10 +195,34 @@ ...@@ -195,10 +195,34 @@
"title": "type:zope virtualhostroot-https-port", "title": "type:zope virtualhostroot-https-port",
"type": "integer" "type": "integer"
}, },
"backend-connect-timeout": {
"description": "Time in seconds for establishing connection to the backend.",
"title": "Timeout for backend connection (seconds)",
"type": "integer"
},
"backend-connect-retries": {
"description": "Amount of retries to connect to the backend. The amount of backend-connect-timeout*backend-connect-retries seconds will be spent to connect to the backend.",
"title": "Amount of retries to connect to the backend.",
"type": "integer"
},
"request-timeout": {
"description": "Timeout for HTTP requests.",
"title": "HTTP Request timeout in seconds",
"type": "integer"
},
"ciphers": { "ciphers": {
"description": "List of ciphers. Empty defaults to cluster list of ciphers, which by default are Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.", "description": "List of ciphers. Empty defaults to cluster list of ciphers, which by default are Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
"title": "Ordered space separated list of ciphers", "title": "Ordered space separated list of ciphers",
"type": "string" "type": "string"
},
"authenticate-to-backend": {
"description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
"enum": [
"false",
"true"
],
"title": "Authenticate to backend",
"type": "string"
} }
}, },
"title": "Input Parameters", "title": "Input Parameters",
......
...@@ -49,6 +49,10 @@ ...@@ -49,6 +49,10 @@
"kedifa-caucase-url": { "kedifa-caucase-url": {
"description": "URL to caucase used by KeDiFa", "description": "URL to caucase used by KeDiFa",
"type": "string" "type": "string"
},
"backend-client-caucase-url": {
"description": "URL to caucase used by authentication to the backend.",
"type": "string"
} }
}, },
"type": "object" "type": "object"
......
...@@ -103,6 +103,7 @@ configuration.nginx_port = 9443 ...@@ -103,6 +103,7 @@ configuration.nginx_port = 9443
configuration.kedifa_port = 7879 configuration.kedifa_port = 7879
# Warning: Caucase takes also cacuase_port+1 # Warning: Caucase takes also cacuase_port+1
configuration.caucase_port = 8890 configuration.caucase_port = 8890
configuration.caucase_backend_client_port = 8990
configuration.apache-key = configuration.apache-key =
configuration.apache-certificate = configuration.apache-certificate =
configuration.open-port = 80 443 configuration.open-port = 80 443
...@@ -117,5 +118,9 @@ configuration.ciphers = ...@@ -117,5 +118,9 @@ configuration.ciphers =
configuration.request-timeout = 600 configuration.request-timeout = 600
configuration.mpm-graceful-shutdown-timeout = 5 configuration.mpm-graceful-shutdown-timeout = 5
configuration.frontend-name = configuration.frontend-name =
configuration.proxy-try-duration = 5 configuration.backend-connect-timeout = 5
configuration.proxy-try-interval = 250 configuration.backend-connect-retries = 3
configuration.backend-haproxy-http-port = 21080
configuration.backend-haproxy-https-port = 21443
configuration.authenticate-to-backend = False
configuration.rotate-num = 4000
...@@ -2,10 +2,8 @@ ...@@ -2,10 +2,8 @@
import {{frontend_configuration.get('log-access-configuration')}} import {{frontend_configuration.get('log-access-configuration')}}
import {{ slave_configuration_directory }}/*.conf import {{ slave_configuration_directory }}/*.conf
import {{ slave_with_cache_configuration_directory }}/*.conf
{% for port in [https_port] %} :{{ https_port }} {
:{{ port }} {
tls {{ master_certificate }} {{ master_certificate }} tls {{ master_certificate }} {{ master_certificate }}
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
status 404 / status 404 /
...@@ -17,10 +15,8 @@ import {{ slave_with_cache_configuration_directory }}/*.conf ...@@ -17,10 +15,8 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
* {{ not_found_file }} * {{ not_found_file }}
} }
} }
{%- endfor %}
{% for port in [http_port, cached_port, ssl_cached_port] %} :{{ http_port }} {
:{{ port }} {
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
status 404 / status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" { log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
...@@ -31,7 +27,6 @@ import {{ slave_with_cache_configuration_directory }}/*.conf ...@@ -31,7 +27,6 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
* {{ not_found_file }} * {{ not_found_file }}
} }
} }
{%- endfor %}
# Access to server-status Caddy-style # Access to server-status Caddy-style
https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status { https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
......
module(
load="imuxsock"
SysSock.Name="{{ configuration['log-socket'] }}")
# Just simply output the raw line without any additional information, as
# haproxy emits enough information by itself
# Also cut out first empty space in msg, which is related to rsyslogd
# internal and end up cutting on 8k, as it's default of $MaxMessageSize
template(name="rawoutput" type="string" string="%msg:2:8192%\n")
$ActionFileDefaultTemplate rawoutput
$FileCreateMode 0600
$DirCreateMode 0700
$Umask 0022
$WorkDirectory {{ configuration['spool-directory'] }}
# Setup logging per slave, by extracting the slave name from the log stream
{%- set regex = ".*-backend (.*)-http.*" %}
template(name="extract_slave_name" type="string" string="%msg:R,ERE,1,FIELD:{{ regex }}--end%")
set $!slave_name = exec_template("extract_slave_name");
template(name="slave_output" type="string" string="{{ configuration['caddy-log-directory'] }}/%$!slave_name%_backend_log")
if (re_match($msg, "{{ regex }}")) then {
action(type="omfile" dynaFile="slave_output")
stop
}
{#- emit all not catched messages to full log file #}
*.* {{ configuration['log-file'] }}
global
pidfile {{ configuration['pid-file'] }}
# master-worker is compatible with foreground with process management
master-worker
log {{ configuration['log-socket'] }} local0
defaults
log global
mode http
option httplog
timeout queue 60s
timeout server {{ configuration['request-timeout'] }}s
timeout client {{ configuration['request-timeout'] }}s
timeout connect {{ configuration['backend-connect-timeout'] }}s
retries {{ configuration['backend-connect-retries'] }}
{%- macro frontend_entry(slave_instance, scheme) %}
{%- set host_list = (slave_instance.get('server-alias') or '').split() %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
{%- for host in host_list %}
{%- if host.startswith('*.') %}
{#- hdr_sub has to be used, as anyway something.example.com shall match *.example.com[:port], with optional port #}
acl is_{{ slave_instance['slave_reference'] }} hdr_sub(host) -i {{ host[2:] }}
{%- else %}
acl is_{{ slave_instance['slave_reference'] }} hdr_dom(host) -i {{ host }}
{%- endif %}
{%- endfor %}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
{%- endmacro %}
frontend http-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
{%- for slave_instance in backend_slave_list %}
{{ frontend_entry(slave_instance, 'http') }}
{%- endfor %}
frontend https-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
{%- for slave_instance in backend_slave_list %}
{{ frontend_entry(slave_instance, 'https') }}
{%- endfor %}
{%- for slave_instance in backend_slave_list %}
{%- for (scheme, prefix) in [('http', 'http_backend'), ('https', 'https_backend')] %}
{%- set info_dict = slave_instance[prefix] %}
{%- if info_dict['scheme'] == 'https' %}
{%- set ssl = [] %}
{%- if slave_instance['authenticate-to-backend'] %}
{%- set ssl = ['crt %s' % (configuration['certificate'],)] %}
{%- endif %}
{%- do ssl.append('ssl verify') %}
{%- set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
{%- if slave_instance['ssl_proxy_verify'] %}
{%- if path_to_ssl_proxy_ca_crt %}
{%- do ssl.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
{%- else %}
{#- Backend SSL shall be verified, but not CA provided, disallow connection #}
{#- Simply dropping hostname from the dict will result with ignoring it... #}
{%- do info_dict.__setitem__('hostname', '') %}
{%- endif %}
{%- else %}
{%- do ssl.append('none') %}
{%- endif %}
{%- set ssl = ' '.join(ssl) %}
{%- else %}
{%- set ssl = '' %}
{%- endif %}
backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- set hostname = info_dict['hostname'] %}
{%- set port = info_dict['port'] %}
{%- set path = info_dict['path'].rstrip('/') %}
{%- if hostname and port %}
timeout server {{ slave_instance['request-timeout'] }}s
timeout connect {{ slave_instance['backend-connect-timeout'] }}s
retries {{ slave_instance['backend-connect-retries'] }}
server backend {{ hostname }}:{{ port }} {{ ssl }}
{%- if path %}
http-request set-path {{ path }}%[path]
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES %}
{%- set host_list = [] %}
{%- for host in [slave_parameter.get('custom_domain')] + server_alias_list %}
{%- if host not in host_list %}
{%- do host_list.append(host) %}
{%- endif %}
{%- endfor %}
{%- set http_backend_host_list = [] %}
{%- set https_backend_host_list = [] %}
{%- for host in host_list %}
{%- do http_backend_host_list.append('http://%s:%s' % (host, slave_parameter['cached_port'])) %}
{%- do https_backend_host_list.append('http://%s:%s' % (host, slave_parameter['ssl_cached_port'])) %}
{%- endfor %}
# SSL-disabled backends
{{ http_backend_host_list|join(', ') }} {
bind {{ slave_parameter['local_ipv4'] }}
# Rewrite part
proxy / {{ slave_parameter.get('backend_url', '') }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
header_upstream Host {host}
{# header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
header_upstream -X-Forwarded-For-Real
timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %}
{%- else %}
insecure_skip_verify
{%- endif %}
}
log / {{ slave_parameter.get('access_log_cache_direct') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ slave_parameter.get('error_log_cache_direct') }} {
rotate_size 0
}
}
# SSL-enabled backends
{{ https_backend_host_list|join(', ') }} {
bind {{ slave_parameter['local_ipv4'] }}
proxy / {{ slave_parameter.get('https_backend_url', '') }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
header_upstream Host {host}
{# header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
header_upstream -X-Forwarded-For-Real
timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %}
{%- else %}
insecure_skip_verify
{%- endif %}
}
log / {{ slave_parameter.get('access_log_cache_direct') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ slave_parameter.get('error_log_cache_direct') }} {
rotate_size 0
}
}
...@@ -9,7 +9,6 @@ ...@@ -9,7 +9,6 @@
{%- endif %} {#- if prefer_gzip #} {%- endif %} {#- if prefer_gzip #}
{%- set server_alias_list = slave_parameter.get('server-alias', '').split() %} {%- set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{%- set enable_h2 = slave_parameter['global_disable_http2'].lower() not in TRUE_VALUES and slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default']).lower() in TRUE_VALUES %} {%- set enable_h2 = slave_parameter['global_disable_http2'].lower() not in TRUE_VALUES and slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default']).lower() in TRUE_VALUES %}
{%- set ssl_proxy_verify = slave_parameter.get('ssl-proxy-verify', '').lower() in TRUE_VALUES %}
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %} {%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- set https_only = slave_parameter.get('https-only', 'true').lower() in TRUE_VALUES %} {%- set https_only = slave_parameter.get('https-only', 'true').lower() in TRUE_VALUES %}
{%- set slave_type = slave_parameter.get('type', '') %} {%- set slave_type = slave_parameter.get('type', '') %}
...@@ -41,31 +40,18 @@ ...@@ -41,31 +40,18 @@
{%- endif %} {%- endif %}
{%- macro proxy_header() %} {%- macro proxy_header() %}
try_duration {{ slave_parameter['proxy_try_duration'] }}s timeout {{ slave_parameter['request-timeout'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
# force reset of X-Forwarded-For # force reset of X-Forwarded-For
header_upstream X-Forwarded-For {remote} header_upstream X-Forwarded-For {remote}
{%- if enable_cache %}
# provide a header for other components
header_upstream X-Forwarded-For-Real {remote}
{%- endif %}
{%- endmacro %} {# proxy_header #} {%- endmacro %} {# proxy_header #}
{%- for tls in [True, False] %} {%- for tls in [True, False] %}
{%- if tls %} {%- if tls %}
{%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')).rstrip('/') %} {%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter.get('backend-http-url')) %}
# SSL enabled hosts # SSL enabled hosts
{{ https_host_list|join(', ') }} { {{ https_host_list|join(', ') }} {
{%- else %} {%- else %}
{%- set backend_url = slave_parameter.get('url', '').rstrip('/') %} {%- set backend_url = slave_parameter['backend-http-url'] %}
# SSL-disabled hosts # SSL-disabled hosts
{{ http_host_list|join(', ') }} { {{ http_host_list|join(', ') }} {
{%- endif %} {%- endif %}
...@@ -121,7 +107,7 @@ ...@@ -121,7 +107,7 @@
# Zope configuration # Zope configuration
{%- for (proxy_name, proxy_comment) in proxy_append_list %} {%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }} # {{ proxy_comment }}
proxy /{{ proxy_name }} {{ backend_url }} { proxy "/{{ proxy_name }}" {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
{%- if proxy_name == 'prefer-gzip' %} {%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip without /prefer-gzip
...@@ -178,11 +164,13 @@ ...@@ -178,11 +164,13 @@
{%- endif %} {%- endif %}
} {# rewrite #} } {# rewrite #}
{%- endif %} {#- if prefer_gzip #} {%- endif %} {#- if prefer_gzip #}
{%- elif slave_type == 'redirect' and backend_url %} {#- if slave_type == 'zope' and backend_url #} {%- elif slave_type == 'redirect' %}
{%- if backend_url %}
# Redirect configuration # Redirect configuration
redir 302 { redir 302 {
/ {{ backend_url }}{rewrite_uri} / {{ backend_url }}{rewrite_uri}
} {# redir #} }
{%- endif %}
{%- elif slave_type == 'notebook' %} {%- elif slave_type == 'notebook' %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
...@@ -204,14 +192,18 @@ ...@@ -204,14 +192,18 @@
{{ proxy_header() }} {{ proxy_header() }}
{%- if websocket_transparent %} {%- if websocket_transparent %}
transparent transparent
{%- else %}
header_upstream Host {host}
{%- endif %} {%- endif %}
} }
{%- for websocket_path in websocket_path_list %} {%- for websocket_path in websocket_path_list %}
proxy /{{ websocket_path }} {{ backend_url }} { proxy "/{{ websocket_path }}" {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
websocket websocket
{%- if websocket_transparent %} {%- if websocket_transparent %}
transparent transparent
{%- else %}
header_upstream Host {host}
{%- endif %} {%- endif %}
} }
{%- endfor %} {%- endfor %}
...@@ -221,6 +213,8 @@ ...@@ -221,6 +213,8 @@
websocket websocket
{%- if websocket_transparent %} {%- if websocket_transparent %}
transparent transparent
{%- else %}
header_upstream Host {host}
{%- endif %} {%- endif %}
} }
{%- endif %} {%- endif %}
...@@ -236,7 +230,7 @@ ...@@ -236,7 +230,7 @@
{%- for (proxy_name, proxy_comment) in proxy_append_list %} {%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }} # {{ proxy_comment }}
proxy /{{ proxy_name }} {{ backend_url }} { proxy "/{{ proxy_name }}" {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
{%- if proxy_name == 'prefer-gzip' %} {%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip without /prefer-gzip
......
...@@ -10,10 +10,10 @@ if [ -f $LAST_STATE_FILE ] ; then ...@@ -10,10 +10,10 @@ if [ -f $LAST_STATE_FILE ] ; then
old_found=$(find $LAST_STATE_FILE -mmin +120 | wc -l) old_found=$(find $LAST_STATE_FILE -mmin +120 | wc -l)
fi fi
if [ "$old_found" -eq 1 ] || {{ caddy_configuration_state }} ; then if [ "$old_found" -eq 1 ] || {{ configuration_state_command }} ; then
# do not catch errors during validation # do not catch errors during validation
set +e set +e
{{ wrapper }} -validate {{ validate_command }}
echo $? > $LAST_STATE_FILE echo $? > $LAST_STATE_FILE
set -e set -e
fi fi
......
This diff is collapsed.
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch EXITED
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch EXITED
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch STOPPED
T-2:6tunnel-11443-{hash-generic}-on-watch STOPPED
T-2:6tunnel-26011-{hash-generic}-on-watch STOPPED
T-2:6tunnel-26012-{hash-generic}-on-watch STOPPED
T-2:bootstrap-monitor STOPPED
T-2:certificate_authority-{hash-generic}-on-watch STOPPED
T-2:crond-{hash-generic}-on-watch STOPPED
T-2:expose-csr_id-{hash-generic}-on-watch STOPPED
T-2:frontend-caddy-safe-graceful STOPPED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch STOPPED
T-2:kedifa-login-certificate-caucase-updater-on-watch STOPPED
T-2:kedifa-updater-{hash-generic}-on-watch STOPPED
T-2:monitor-httpd-{hash-generic}-on-watch STOPPED
T-2:monitor-httpd-graceful STOPPED
T-2:trafficserver-{hash-generic}-on-watch STOPPED
T-2:trafficserver-reload STOPPED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_site_1_access_log
T-2/var/log/httpd/_site_1_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch EXITED
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
...@@ -5,18 +5,21 @@ T-1/var/log/expose-csr_id.log ...@@ -5,18 +5,21 @@ T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log
T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_backend_log
T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_backend_log
T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
......
T-0/etc/plugin/__init__.py T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py ...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
......
T-0/var/run/monitor-httpd.pid T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING ...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
......
...@@ -5,18 +5,21 @@ T-1/var/log/expose-csr_id.log ...@@ -5,18 +5,21 @@ T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log
T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_backend_log
T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_backend_log
T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
......
T-0/etc/plugin/__init__.py T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py ...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
......
T-0/var/run/monitor-httpd.pid T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING ...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
......
...@@ -5,18 +5,21 @@ T-1/var/log/expose-csr_id.log ...@@ -5,18 +5,21 @@ T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log
T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_backend_log
T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_backend_log
T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
......
T-0/etc/plugin/__init__.py T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py ...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
......
T-0/var/run/monitor-httpd.pid T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING ...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
......
...@@ -5,18 +5,21 @@ T-1/var/log/expose-csr_id.log ...@@ -5,18 +5,21 @@ T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log
T-2/var/log/httpd/_enable-http2-default_error_log T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_backend_log
T-2/var/log/httpd/_enable-http2-false_error_log T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_backend_log
T-2/var/log/httpd/_enable-http2-true_error_log T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
......
T-0/etc/plugin/__init__.py T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py ...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
......
T-0/var/run/monitor-httpd.pid T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING ...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
......
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_empty_access_log
T-2/var/log/httpd/_empty_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch EXITED
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
...@@ -5,6 +5,7 @@ T-1/var/log/expose-csr_id.log ...@@ -5,6 +5,7 @@ T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
......
T-0/etc/plugin/__init__.py T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py ...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
......
T-0/var/run/monitor-httpd.pid T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING ...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
......
...@@ -5,6 +5,7 @@ T-1/var/log/expose-csr_id.log ...@@ -5,6 +5,7 @@ T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
......
T-0/etc/plugin/__init__.py T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py ...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
......
T-0/var/run/monitor-httpd.pid T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING ...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
......
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_url_access_log
T-2/var/log/httpd-cache-direct/_url_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_url_access_log
T-2/var/log/httpd/_url_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
...@@ -5,10 +5,9 @@ T-1/var/log/expose-csr_id.log ...@@ -5,10 +5,9 @@ T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_default_access_log
T-2/var/log/httpd-cache-direct/_default_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_default_access_log T-2/var/log/httpd/_default_access_log
T-2/var/log/httpd/_default_error_log T-2/var/log/httpd/_default_error_log
......
T-0/etc/plugin/__init__.py T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py ...@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
......
T-0/var/run/monitor-httpd.pid T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING ...@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment