diff --git a/component/qemu-kvm/buildout.cfg b/component/qemu-kvm/buildout.cfg index 7a54ae79bad1e9bf040e9fab4cb4d55c59868c20..0ba1dac547e8961949589c65b54bad90394acf64 100644 --- a/component/qemu-kvm/buildout.cfg +++ b/component/qemu-kvm/buildout.cfg @@ -64,18 +64,18 @@ md5sum = 096c1c18b44c269808bd815d58c53c8f [debian-amd64-jessie-netinst.iso] <= debian-amd64-netinst-base -version = 8.10.0 -md5sum = 19dcfc381bd3e609c6056216d203f5bc +version = 8.11.1 +md5sum = df0ce86d0b1d81e232ad08eef58754ed [debian-amd64-netinst.iso] # Download the installer of Debian 9 (Stretch) <= debian-amd64-netinst-base -version = 9.4.0 -md5sum = 73bd8aaaeb843745ec939f6ae3906e48 +version = 9.8.0 +md5sum = e0a43cbb8b991735c1b38e7041019658 [debian-amd64-testing-netinst.iso] # Download the installer of Debian Buster <= debian-amd64-netinst-base -release = buster_di_alpha2 -version = buster-DI-alpha2 -md5sum = fbdc192f8857e2bd884e41481ed0fc09 +release = buster_di_rc1 +version = buster-DI-rc1 +md5sum = cf8f8e3afef91f3ce3a09e7cc5f530f0 diff --git a/component/vm-img/debian.cfg b/component/vm-img/debian.cfg index d769d8d4bdfcfa353207586844a588ff2be32fb6..03d4f97f97d3a5d20cc7259d6eee4e4637ec7cca 100644 --- a/component/vm-img/debian.cfg +++ b/component/vm-img/debian.cfg @@ -49,6 +49,12 @@ debconf.debconf = debian-squeeze/preseed.mirror/country = manual debian-squeeze/preseed.mirror/http/hostname = archive.debian.org debian-squeeze/preseed.mirror/http/directory = /debian +debian-wheezy/preseed.mirror/country = manual +debian-wheezy/preseed.mirror/http/hostname = archive.debian.org +debian-wheezy/preseed.mirror/http/directory = /debian +debian-jessie/preseed.mirror/country = manual +debian-jessie/preseed.mirror/http/hostname = archive.debian.org +debian-jessie/preseed.mirror/http/directory = /debian # minimal size preseed.apt-setup/enable-source-repositories = false preseed.recommends = false diff --git a/format-json b/format-json index fd8a06c92d5129e33d0300371b31f6b9c96858c0..a5f72f900c68958aa8a865933e74fa1dfe5a5b42 100755 --- a/format-json +++ b/format-json @@ -17,16 +17,20 @@ import collections def main(): + exit_code = 0 for f in sys.argv[1:]: + print 'Processing %s' % (f,) with open(f, 'rb') as infile: try: obj = json.load(infile, object_pairs_hook=collections.OrderedDict) except ValueError as e: - raise SystemExit(e) - - with open(f, 'wb') as outfile: - json.dump(obj, outfile, sort_keys=False, indent=2, separators=(',', ': ')) - outfile.write('\n') + exit_code = 1 + print e + else: + with open(f, 'wb') as outfile: + json.dump(obj, outfile, sort_keys=False, indent=2, separators=(',', ': ')) + outfile.write('\n') + sys.exit(exit_code) if __name__ == '__main__': main() diff --git a/software/caddy-frontend/README.caddy_frontend.rst b/software/caddy-frontend/README.caddy_frontend.rst index 07a5808302efacc6d77f5911c2448deb37e36fc4..32e01fdc4ee284b2fe4be2d817f3bd7862874612 100644 --- a/software/caddy-frontend/README.caddy_frontend.rst +++ b/software/caddy-frontend/README.caddy_frontend.rst @@ -92,6 +92,27 @@ SSL keys and certificates are directly send to the frontend cluster in order to *Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate. This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs. +Obtaining CA for KeDiFa +----------------------- + +KeDiFa uses caucase and so it is required to obtain caucase CA certificate used to sign KeDiFa SSL certificate, in order to be sure that certificates are sent to valid KeDiFa. + +The easiest way to do so is to use caucase. + +On some secure and trusted box which will be used to upload certificate to master or slave frontend partition install caucase https://pypi.org/project/caucase/ + +Master and slave partition will return key ``kedifa-caucase-url``, so then create and start a ``caucase-updater`` service:: + + caucase-updater \ + --ca-url "${kedifa-caucase-url}" \ + --cas-ca "${frontend_name}.caucased.ca.crt" \ + --ca "${frontend_name}.ca.crt" \ + --crl "${frontend_name}.crl" + +where ``frontend_name`` is a frontend cluster to which you will upload the certificate (it can be just one slave). + +Make sure it is automatically started when trusted machine reboots: you want to have it running so you can forget about it. It will keep KeDiFa's CA certificate up to date when it gets renewed so you know you are still talking to the same service as when you previously uploaded the certificate, up to the original upload. + Master partition ---------------- @@ -105,12 +126,12 @@ Example sessions is:: request(...) - curl -X GET master-key-generate-auth-url + curl -g -X GET --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" master-key-generate-auth-url > authtoken cat certificate.pem key.pem ca-bundle.pem > master.pem - curl -X PUT --data-binary @master.pem master-key-upload-url+authtoken + curl -g -X PUT --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" --data-binary @master.pem master-key-upload-url+authtoken This replaces old request parameters: @@ -133,12 +154,12 @@ Example sessions is:: request(...) - curl -X GET key-generate-auth-url + curl -g -X GET --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" key-generate-auth-url > authtoken cat certificate.pem key.pem ca-bundle.pem > master.pem - curl -X PUT --data-binary @master.pem key-upload-url+authtoken + curl -g -X PUT --cacert "${frontend_name}.ca.crt" --crlfile "${frontend_name}.crl" --data-binary @master.pem key-upload-url+authtoken This replaces old request parameters: diff --git a/software/caddy-frontend/buildout.hash.cfg b/software/caddy-frontend/buildout.hash.cfg index 7727ffc973c5faec84a3a10a72bb4cfc720bbaa4..049e54187a35a63183b877d1cf88d499e0b6e1db 100644 --- a/software/caddy-frontend/buildout.hash.cfg +++ b/software/caddy-frontend/buildout.hash.cfg @@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b [template-apache-frontend] filename = instance-apache-frontend.cfg.in -md5sum = bde0f62dfe2eeef8f10b4315535095cb +md5sum = 6abe3aae72a83ef90e484d00cc70490d [template-apache-replicate] filename = instance-apache-replicate.cfg.in @@ -30,7 +30,7 @@ md5sum = d62aefe002ec13875924e4c219914795 [template-slave-list] filename = templates/apache-custom-slave-list.cfg.in -md5sum = 75439cb035393e68c73672b224bead54 +md5sum = 57f562311bac6dbf85cd35891eaa6743 [template-slave-configuration] filename = templates/custom-virtualhost.conf.in @@ -38,7 +38,7 @@ md5sum = 54ae95597a126ae552c3a913ddf29e5e [template-replicate-publish-slave-information] filename = templates/replicate-publish-slave-information.cfg.in -md5sum = 38e9994be01ea1b8a379f8ff7aa05438 +md5sum = eb9ca67763d60843483d95dab2c301b1 [template-caddy-frontend-configuration] filename = templates/Caddyfile.in @@ -110,4 +110,4 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8 [template-kedifa] filename = instance-kedifa.cfg.in -md5sum = cc6f32656e76f4b79b5e47567b930f74 +md5sum = 2eecc01a16f6ae156c3a7889eef42c34 diff --git a/software/caddy-frontend/instance-apache-frontend.cfg.in b/software/caddy-frontend/instance-apache-frontend.cfg.in index 2aa617d5a07525dbb898d5fc2a32f9262a4dfc84..4de8bf2bfce776c55190d662e06780f91aad2be1 100644 --- a/software/caddy-frontend/instance-apache-frontend.cfg.in +++ b/software/caddy-frontend/instance-apache-frontend.cfg.in @@ -24,7 +24,6 @@ parts = promise-caddy-frontend-v6-http promise-caddy-frontend-cached promise-caddy-frontend-ssl-cached - promise-caddy-is-process-older-than-dependency-set trafficserver-launcher trafficserver-reload @@ -61,7 +60,6 @@ log = ${:var}/log run = ${:var}/run service = ${:etc}/service etc-run = ${:etc}/run -promise = ${:etc}/promise plugin = ${:etc}/plugin ca-dir = ${:srv}/ssl @@ -261,7 +259,6 @@ extra-context = section caddy_configuration caddy-configuration key monitor_base_url monitor-instance-parameter:monitor-base-url key plugin_directory directory:plugin - key promise_directory directory:promises key report_directory directory:bin key bin_directory :bin_directory key enable_http2_by_default configuration:enable-http2-by-default @@ -634,11 +631,6 @@ name = caddy_ssl_cached.py config-hostname = {{ instance_parameter['ipv4-random'] }} config-port = ${caddy-configuration:ssl-cache-through-port} -[promise-caddy-is-process-older-than-dependency-set] -recipe = slapos.cookbook:wrapper -command-line = {{ parameter_dict['bin_directory'] }}/is-process-older-than-dependency-set ${caddy-configuration:pid-file} -wrapper-path = ${directory:promise}/caddy-frontend-is-running-actual-software-release - ####### # Monitoring sections # diff --git a/software/caddy-frontend/instance-kedifa.cfg.in b/software/caddy-frontend/instance-kedifa.cfg.in index 04ab531f2b07606df871ec105f133d9179a199f7..9dd0e6ab723878726472b5a30a0d43f4728ef702 100644 --- a/software/caddy-frontend/instance-kedifa.cfg.in +++ b/software/caddy-frontend/instance-kedifa.cfg.in @@ -222,6 +222,7 @@ hash-files = ${buildout:directory}/software_release/buildout.cfg {%- do slave_dict.__setitem__('key-generate-auth-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}/generateauth' % (slave_reference,)) -%} {%- do slave_dict.__setitem__('key-upload-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}?auth=' % (slave_reference,)) -%} {%- do slave_dict.__setitem__('key-download-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}' % (slave_reference,)) -%} +{%- do slave_dict.__setitem__('kedifa-caucase-url', caucase_url ) -%} {%- do slave_kedifa_information.__setitem__(slave_reference, slave_dict) %} [{{ slave_reference }}-auth-random-generate] recipe = plone.recipe.command diff --git a/software/caddy-frontend/instance-output-schema.json b/software/caddy-frontend/instance-output-schema.json index 4426f581b549045bfae5920024672b610dbd84fb..e17ddd5d129af009c7f65c6aed36b3b69797718e 100644 --- a/software/caddy-frontend/instance-output-schema.json +++ b/software/caddy-frontend/instance-output-schema.json @@ -54,6 +54,10 @@ "description": "Certificate used to serve data on kedifa-csr_id-url.", "type": "string" }, + "kedifa-caucase-url": { + "description": "Url to caucase used by KeDiFa.", + "type": "string" + }, "caddy-frontend-N-csr_id-url": { "description": "URL on which frontend node number N publishes its csr_id sent to caucase.", "type": "string" @@ -61,6 +65,14 @@ "caddy-frontend-N-csr_id-certificate": { "description": "Certificate used to serve data on caddy-frontend-N-csr_id-url.", "type": "string" + }, + "warning-slave-dict": { + "description": "Dict of slaves which got warnings. Keys are slave references, values are lists of warnings on slaves.", + "type": "array" + }, + "warning-list": { + "description": "List of warning found during the request.", + "type": "array" } }, "type": "object" diff --git a/software/caddy-frontend/instance-slave-caddy-simplified-input-schema.json b/software/caddy-frontend/instance-slave-caddy-simplified-input-schema.json index 6dc10b1a5cfde7db79b1f447da29ef6683380900..0720aea3a909cff65a20c3c69860e67eca805c67 100644 --- a/software/caddy-frontend/instance-slave-caddy-simplified-input-schema.json +++ b/software/caddy-frontend/instance-slave-caddy-simplified-input-schema.json @@ -96,7 +96,7 @@ ], "title": "Prefer gzip Encoding for Backend", "type": "string" - }, + } }, "title": "Input Parameters", "type": "object" diff --git a/software/caddy-frontend/instance-slave-output-schema.json b/software/caddy-frontend/instance-slave-output-schema.json index ffa4be2f99f2e24db5a4e09c02a5125c7969eb33..a31aa46895e530d7bea73112d52e3b70aac32339 100644 --- a/software/caddy-frontend/instance-slave-output-schema.json +++ b/software/caddy-frontend/instance-slave-output-schema.json @@ -8,11 +8,11 @@ }, "key-generate-auth-url": { "description": "URL to GET once auth for key-upload-url", - "type": "array" + "type": "string" }, "key-upload-url": { "description": "URL to PUT PEM bundle of certificate and key", - "type": "array" + "type": "string" }, "log-access-url": { "description": "List of URLs to access logs", @@ -41,6 +41,14 @@ "request-error-list": { "description": "In case if slave has been rejected by master or has error in the request, the list contains information about each problem", "type": "array" + }, + "warning-list": { + "description": "List of warning found during the request.", + "type": "array" + }, + "kedifa-caucase-url": { + "description": "URL to caucase used by KeDiFa", + "type": "string" } }, "type": "object" diff --git a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in index 6247d70efb2d7bdd6f18fa11c1b5bce05a9746f6..95ed55cf2889f06a743d120d5e1a8073083d8e61 100644 --- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in +++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in @@ -442,6 +442,13 @@ command-line = {{ kedifa_updater }} wrapper-path = {{ service_directory }}/kedifa-updater hash-files = ${buildout:directory}/software_release/buildout.cfg +[kedifa-updater-run] +recipe = plone.recipe.command +# unfortunately slapos.cookbook:wrapper does not return generated wrapper path +# so it is needed to access it via service directory globbing +command = {{ service_directory }}/kedifa-updater* --once +update-command = ${:command} + [kedifa-updater-mapping] recipe = slapos.recipe.template:jinja2 file = {{ kedifa_updater_mapping_file }} @@ -466,6 +473,7 @@ extends = parts += kedifa-updater + kedifa-updater-run caddy-log-access-header {% for part in part_list %} {{ ' %s' % part }} diff --git a/software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in b/software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in index 7114a22c2e2a608cf3fa83b47b2db7a85206b83c..3e342bce5617f07e9e3a6f65d65410090e4704af 100644 --- a/software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in +++ b/software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in @@ -48,6 +48,7 @@ {% endif %} {% do slave_information_dict[slave_reference].__setitem__('key-generate-auth-url', kedifa_dict['key-generate-auth-url']) %} {% do slave_information_dict[slave_reference].__setitem__('key-upload-url', kedifa_dict['key-upload-url']) %} +{% do slave_information_dict[slave_reference].__setitem__('kedifa-caucase-url', kedifa_dict['kedifa-caucase-url']) %} {% endif %} {% endfor %} diff --git a/software/caddy-frontend/test/test.py b/software/caddy-frontend/test/test.py index fa6f4c417b28fe62cafc93449aa82b64ef89875c..d31e39d3580d66304f293a9075eea352bc0f16db 100644 --- a/software/caddy-frontend/test/test.py +++ b/software/caddy-frontend/test/test.py @@ -469,6 +469,12 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): base + r'\?auth=$' ) + kedifa_caucase_url = parameter_dict.pop('kedifa-caucase-url') + self.assertEqual( + kedifa_caucase_url, + 'http://[%s]:%s' % (SLAPOS_TEST_IPV6, CAUCASE_PORT), + ) + return generate_auth_url, upload_url def assertKeyWithPop(self, key, d): @@ -546,8 +552,6 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin): { 'monitor-base-url': None, 'domain': 'None', - 'kedifa-caucase-url': 'http://[%s]:%s' % ( - SLAPOS_TEST_IPV6, CAUCASE_PORT), 'accepted-slave-amount': '0', 'rejected-slave-amount': '0', 'slave-amount': '0', @@ -580,8 +584,6 @@ class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin): { 'monitor-base-url': None, 'domain': 'example.com', - 'kedifa-caucase-url': 'http://[%s]:%s' % ( - SLAPOS_TEST_IPV6, CAUCASE_PORT), 'accepted-slave-amount': '0', 'rejected-slave-amount': '0', 'slave-amount': '0', @@ -744,7 +746,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): # run partition for slaves to be setup cls.runComputerPartitionUntil( cls.untilSlavePartitionReady) - cls.runKedifaUpdater() # run once more slapos node instance, as kedifa-updater sets up # certificates needed for caddy-frontend, and on this moment it can be # not started yet @@ -1230,8 +1231,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { 'accepted-slave-amount': '48', 'rejected-slave-amount': '4', 'slave-amount': '52', - 'kedifa-caucase-url': 'http://[%s]:%s' % ( - SLAPOS_TEST_IPV6, CAUCASE_PORT), 'rejected-slave-dict': { "_apache_custom_http_s-rejected": ["slave not authorized"], "_caddy_custom_http_s": ["slave not authorized"], @@ -3715,8 +3714,6 @@ class TestMalformedBackenUrlSlave(SlaveHttpFrontendTestCase, 'domain': 'example.com', 'accepted-slave-amount': '1', 'rejected-slave-amount': '2', - 'kedifa-caucase-url': 'http://[%s]:%s' % ( - SLAPOS_TEST_IPV6, CAUCASE_PORT), 'slave-amount': '3', 'rejected-slave-dict': { '_https-url': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"' @@ -3984,8 +3981,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): expected_parameter_dict = { 'monitor-base-url': None, 'domain': 'example.com', - 'kedifa-caucase-url': 'http://[%s]:%s' % ( - SLAPOS_TEST_IPV6, CAUCASE_PORT), 'accepted-slave-amount': '8', 'rejected-slave-amount': '2', 'slave-amount': '10', @@ -4351,8 +4346,6 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin): expected_parameter_dict = { 'monitor-base-url': None, 'domain': 'example.com', - 'kedifa-caucase-url': 'http://[%s]:%s' % ( - SLAPOS_TEST_IPV6, CAUCASE_PORT), 'accepted-slave-amount': '1', 'rejected-slave-amount': '3', 'slave-amount': '4', @@ -4795,8 +4788,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( u"_ssl_key-ssl_crt-unsafe": [u"slave ssl_key and ssl_crt does not match"] }, - 'kedifa-caucase-url': 'http://[%s]:%s' % ( - SLAPOS_TEST_IPV6, CAUCASE_PORT), 'warning-list': [ u'apache-certificate is obsolete, please use master-key-upload-url', u'apache-key is obsolete, please use master-key-upload-url', @@ -5480,8 +5471,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate( 'rejected-slave-amount': '0', 'rejected-slave-dict': {}, 'slave-amount': '1', - 'kedifa-caucase-url': 'http://[%s]:%s' % ( - SLAPOS_TEST_IPV6, CAUCASE_PORT), 'warning-list': [ u'apache-certificate is obsolete, please use master-key-upload-url', u'apache-key is obsolete, please use master-key-upload-url', @@ -5532,7 +5521,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate( }) self.runComputerPartition(max_quantity=1) - self.runKedifaUpdater() result = self.fakeHTTPSResult( parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') diff --git a/software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_promise_run_promise-CADDY.txt index 4aceea6ee58b5116c712a8460d6cfb634be61ab2..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_promise_run_promise-CADDY.txt @@ -1,6 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK -T-3/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-3/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestSlave.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestSlave.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestSlave.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestSlave.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_promise_run_promise-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_promise_run_promise-CADDY.txt index 8d6f75e20bc98a9b854f167974d4bd26983ae43e..dba596eb4ab6ab4ed1d4c20952129f8a647d2783 100644 --- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_promise_run_promise-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_promise_run_promise-CADDY.txt @@ -1,4 +1 @@ -T-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK T-1/etc/promise/caucased: OK -T-2/etc/promise/caddy-frontend-is-running-actual-software-release: OK -T-2/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set: OK \ No newline at end of file diff --git a/software/monitor/software.cfg b/software/monitor/software.cfg index 3eba4d0493b59362a0779a568d165e4ce0824ca6..cf50b7f8dd92ea583c1665f28a19c0088e244b49 100644 --- a/software/monitor/software.cfg +++ b/software/monitor/software.cfg @@ -77,7 +77,6 @@ scripts = monitor.runpromise monitor.genstatus monitor.configwrite - is-process-older-than-dependency-set check-computer-memory [monitor-eggs] diff --git a/software/slapos-master/buildout.hash.cfg b/software/slapos-master/buildout.hash.cfg index deeafb6e0fc83e67de4198fe6c7a350cf1aa7c2a..d46efba15ca8a4dc1176e35c449cc10a9d994fa2 100644 --- a/software/slapos-master/buildout.hash.cfg +++ b/software/slapos-master/buildout.hash.cfg @@ -14,7 +14,7 @@ # not need these here). [template-erp5] filename = instance-erp5.cfg.in -md5sum = edf81a602137858cd5835c050ac6e08c +md5sum = c4941a1c862474b71fd7255feb830299 [template-balancer] filename = instance-balancer.cfg.in diff --git a/software/slapos-master/instance-erp5.cfg.in b/software/slapos-master/instance-erp5.cfg.in index 87b10818d51e4edfc6f0be7af31c109433c6daf3..12ef5be5cf9ff276cdf3af520c80d95d7cae6477 100644 --- a/software/slapos-master/instance-erp5.cfg.in +++ b/software/slapos-master/instance-erp5.cfg.in @@ -96,7 +96,7 @@ backup-caucased = ${:srv}/backup/caucased {{ request('memcached-volatile', 'kumofs', 'memcached', {'tcpv4-port': 2010, 'ram-storage-size': 64}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }} {{ request('mariadb', 'mariadb', 'mariadb', {'tcpv4-port': 2099, 'max-slowqueries-threshold': monitor_dict.get('max-slowqueries-threshold', 1000), 'slowest-query-threshold': monitor_dict.get('slowest-query-threshold', ''), 'test-database-amount': test_runner_total_database_count}, {'database-list': True, 'test-database-list': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }} {% if has_posftix -%} -{{ request('smtp', 'postfix', 'smtp', {'tcpv4-port': 2025, 'smtpd-sasl-user': 'erp5@nowhere'}, key_config={'smtpd-sasl-password': 'publish-early:smtpd-sasl-password'}) }} +{{ request('smtp', 'postfix', 'smtp', {'tcpv4-port': 2025, 'smtpd-sasl-user': 'erp5@nowhere'}, key_config={'smtpd-sasl-password': 'publish-early:smtpd-sasl-password', 'monitor-passwd': 'monitor-htpasswd:passwd'}) }} {%- else %} [request-smtp] # Placeholder smtp service URL @@ -135,7 +135,7 @@ connection-url = smtp://127.0.0.2:0/ {% endif -%} {% endfor -%} -{% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%} + {% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%} {% set zope_address_list_id_dict = {} -%} {% if zope_partition_dict -%} diff --git a/stack/monitor/buildout.hash.cfg b/stack/monitor/buildout.hash.cfg index 049194bb1169dafaa13d718ad25ee4d355737527..675a1dad6a1379c447c463e8c8973c47ed773ce6 100644 --- a/stack/monitor/buildout.hash.cfg +++ b/stack/monitor/buildout.hash.cfg @@ -14,4 +14,4 @@ # not need these here). [monitor2-template] filename = instance-monitor.cfg.jinja2.in -md5sum = 8ba788b85f2649d8e0f8b9905edcf8a0 +md5sum = da5fa743dba8709dfdd9c2d474741de8 diff --git a/stack/monitor/instance-monitor.cfg.jinja2.in b/stack/monitor/instance-monitor.cfg.jinja2.in index a5867402265221242625d338b52c0bd526b2ae02..2412839c9949e5ab7f2f08fa58a1ea57f24b884a 100644 --- a/stack/monitor/instance-monitor.cfg.jinja2.in +++ b/stack/monitor/instance-monitor.cfg.jinja2.in @@ -228,11 +228,6 @@ input = inline:#!/bin/sh output = ${directory:bin}/xnice mode = 700 -[promise-monitor-httpd-is-process-older-than-dependency-set] -recipe = slapos.cookbook:wrapper -command-line = {{ bin_directory }}/is-process-older-than-dependency-set ${monitor-httpd-conf-parameter:pid-file} -wrapper-path = ${directory:promises}/promise-monitor-httpd-is-process-older-than-dependency-set - [monitor-globalstate-wrapper] recipe = slapos.cookbook:wrapper command-line = ${xnice-bin:output} {{ monitor_genstatus }} '${monitor-conf:rendered}' @@ -411,7 +406,6 @@ depends = ${monitor-bootstrap-promise:name} ${monitor-symlink:recipe} ${promise-check-slapgrid:recipe} - ${promise-monitor-httpd-is-process-older-than-dependency-set:wrapper-path} ${logrotate-entry-monitor-httpd:name} ${logrotate-entry-monitor-data:name} ${logrotate-entry-monitor-promise-history:name}