- 13 Mar, 2019 3 commits
-
-
Łukasz Nowak authored
Use KeDiFa to store keys, and transmit the url to the requester for master and slave partitions. Download keys on the slave partitions level. Use caucase to fetch main caucase CA. kedifa-caucase-url is published in order to have access to it. Note: caucase is prepended with kedifa, as this is that one. Use kedifa-csr tool to generate CSR and use caucase-updater macro. Switch to KeDiFa with SSL Auth and updated goodies. KeDiFa endpoint URLs are randomised. Only one (first) user certificate is going to be automatically accepted. This one shall be operated by the cluster owner, the requester of frontend master partition. Then he will be able to sign certificates for other users and also for services - so each node in the cluster. Special trick from https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-command-line is used for one command generation of extensions in the certificate. Note: We could upgrade to openssl 1.1.1 in order to have it really simplified (see https://security.stackexchange.com/a/183973 ) Improve CSR readability by creating cluster-identification, which is master partition title, and use it as Organization of the CSR. Reserve slots for data exchange in KeDiFa.
-
Łukasz Nowak authored
-
Łukasz Nowak authored
Improvements: * support CSR as a file Allow to pass template_csr as a file, as it is useful for some cases. * use dumps where needed, as it is available * fix rerequest internal call
-
- 12 Mar, 2019 4 commits
-
-
Rafael Monnerat authored
-
Thomas Gambier authored
The certificates generated by caucase are not supported by Caddy (see https://www.erp5.com/project_section/vifib/forum/Problem-with-caddy-frontend-and-caucase-0.95-issued-certificate-UNinzubDv0) /cc @rafael @alain.takoudjou /reviewed-on nexedi/slapos!531
-
Rafael Monnerat authored
As the instance is already allocated, we add a dummy template to keep data there until user do something. And to prevent to buildout keep failing.
-
Thomas Gambier authored
/cc @rafael @jm @alain.takoudjou Here we go /reviewed-on !529
-
- 11 Mar, 2019 5 commits
-
-
Rafael Monnerat authored
This helps on updating the 1.0 branch (release candidate) with the result of the latest tests.
-
Thomas Gambier authored
share parts with instance-runner.cfg /cc @rafael @Nicolas @alain.takoudjou /reviewed-on !527
-
Łukasz Nowak authored
-
Łukasz Nowak authored
As the test runs in erp5.util.testnode, which has some ports reserved, and they collide with default ports of caddy-frontend services, select ports for those services, and leave out default for monitor, as test expects.
-
Thomas Gambier authored
use address 1 instead of address 0 and display a /etc/network/interfaces syntax. Also display the info for resilient KVM. Note that formatting is not perfect due to softwaretype recipe (which doesn't preserve spaces). /cc @jm @rafael @alain.takoudjou /reviewed-on nexedi/slapos!521
-
- 09 Mar, 2019 1 commit
-
-
Rafael Monnerat authored
-
- 08 Mar, 2019 4 commits
-
-
Rafael Monnerat authored
-
Łukasz Nowak authored
-
Łukasz Nowak authored
Unfortunately slave_title was put by mistake, it supposed to be slave_reference.
-
Rafael Monnerat authored
-
- 07 Mar, 2019 6 commits
-
-
Łukasz Nowak authored
Use safe JSON serialisation/deserialisation, as otherwise unusual slave_references can lead to issues and also character case is not kept. Also care about case of log access user, which was undetected since slave_reference in tests were always lowercase.
-
Łukasz Nowak authored
This reverts commit 1f91f19d. Unfortunately due to way how profiles are mangled by jinja2, in some cases the strings are becoming lowercased, so it just does not work. It was not caught by tests, as no test has uppercase slave.
-
Łukasz Nowak authored
slave_title is dangerous, as it can contain any characters; it supposed to be slave_reference.
-
Killian Lufau authored
Because there's no way anymore to pass the install prefix via an environment variable, a new `make-install-extra` option (empty by default) is added so that `make install` command line can be extended with `DESTDIR=...`. /reviewed-on nexedi/slapos!524
-
Łukasz Nowak authored
Hardcoded partition names has been fixed after the shortening.
-
Łukasz Nowak authored
More changes are required to paths, as partition reference base has changed. Also trafficserver starts in more cases, so move ERROR to OK state in some promises.
-
- 06 Mar, 2019 7 commits
-
-
Alain Takoudjou authored
-
Łukasz Nowak authored
-
Łukasz Nowak authored
At least trafficserver is known to not start on partitions on testnode like: /srv/slapgrid/slappartX/srv/testnode/XXX/inst/test0-0/tmp/inst/TestSlaveGlobalDisableHttp2-1 so shorten the TestSlaveGlobalDisableHttp2 and others to simple T, which will result with path: /srv/slapgrid/slappartX/srv/testnode/XXX/inst/test0-0/tmp/inst/T-1
-
Killian Lufau authored
-
Rafael Monnerat authored
-
Alain Takoudjou authored
-
Nicolas Wavrant authored
-
- 05 Mar, 2019 6 commits
-
-
Łukasz Nowak authored
-
Łukasz Nowak authored
Improved supervisord management is critical for maintenance of instances between tests.
-
Sebastien Robin authored
-
Jérome Perrin authored
Since nexedi/slapos!392 we must format the json as done by `format-json`. The tools for this are `format-json software/*/*.json` or `husky` ( nexedi/slapos!424 ). /reviewed-on nexedi/slapos!522
-
Jérome Perrin authored
fix json format
-
Jérome Perrin authored
fix json format
-
- 04 Mar, 2019 3 commits
-
-
Sebastien Robin authored
Since Caddy 0.11.1, certificates has to match sites (Thanks Luke)
-
Łukasz Nowak authored
-
Łukasz Nowak authored
trafficserver-cache-availability.py may pass randomly, as we do not have a way during the test to really fill it.
-
- 01 Mar, 2019 1 commit
-
-
Łukasz Nowak authored
As some of the nodes can lag behind, the system can be in state, that those nodes will send inactive (also destroyed) slave publish information. Before publishing it to master, check if each of slaves is really present on master. Tasks: - [x] prove it really works on simulated environment - [x] check impact on massive simulated environment - [x] cover with a test (optionally) - [ ] check test results with this change /reviewed-on nexedi/slapos!519
-