An error occurred fetching the project authors.
- 29 Jun, 2021 1 commit
-
-
Xavier Thompson authored
Change all `check_port_listening` promises to `check_socket_listening` and rename all associated `config-hostname` arguments to `config-host`
-
- 03 Mar, 2021 1 commit
-
-
Vincent Pelletier authored
When the outside world path does not match the Zope path (typically: Web Site).
-
- 21 Jan, 2021 1 commit
-
-
Jérome Perrin authored
Since bd3c2b18 (Remove httpd from ERP5 and use haproxy instead, 2020-12-14) timing in balancer access log files are in milliseconds, no longer in microseconds as they use to be with apache. We update apachedex to version 1.8, where it supports generating reports from access log files with milliseconds, as long as the expected format is passed with --logformat argument. We changed the default value of apachedex configuration to use the expected --logformat argument, but users with a custom apachedex config passed as instance parameters (monitor.apachedex-configuration) will have to update their request parameters, to also pass --logformat. Since this is breaking change, we take this opportunity to introduce another breaking change, this parameter is not longer a string with all arguments on the same line, which was problematic because these arguments contained quotes and backslashes. The arguments are now passed as a list of strings which will become the list of arguments passed to apachedex. This is implemented by generating an apachedex config file, which simplifies the generation of the wrapper. For this we also needed to upate slapos.toolbox. The same change is reflected to the overriden profiles in slapos-master, but for slapos-master we don't pass the --logformat argument, because slapos-master is using httpd, so the logs timings are still in microseconds.
-
- 07 Dec, 2020 2 commits
-
-
Jérome Perrin authored
haproxy can be controlled with this socket, so it might be useful to "expose" it - it's not really expose because we only use a UNIX socket.
-
Jérome Perrin authored
Two main differences of haproxy are file format for certificates and logs. HAProxy also uses certificates in PEM format, but it expect its own server certificate and the key to be in the same file (although recent version seems to accept separate files, we don't use this now) and the CRL and CA certificates also all together in the same file. We change to use the same file for certificate and key and for CA and CRL, in the updater script we we build PEM files by containing all CA certificates and all CRL together. Also, since haproxy needs to be reloaded when certificate change, we run it in master-worker mode, with a pid file so that we can signal it to reload. For the logs, since haproxy does not log to file, we introduce a rsyslogd to log to a file. The log format is same as with httpd, except that timing are not in microseconds but in milliseconds - this did not seem to be configurable. This is a problem for apachedex reports on log, for that we plan to use an updated version of apachedex with support for `%{ms}T` for durations. HAProxy is configured with same timeouts, except: - "connect" timeout has been increased a bit (from 5 to 10s), because the comment "The connection should be immediate on LAN" was no longer true, now that haproxy is accessed from frontend. - the server entries for testrunner are a very long timeout (8h) because some ERP5 functional tests exceeed the 305s timeout. The SSL configuration is with current "modern" config from https://ssl-config.mozilla.org/ Tests have been modified a bit, because haproxy uses HTTP/2.0 and not 1.1 like httpd was doing several haproxy features (keep alive and gzip compression) are only available when backend uses HTTP/1.1, so we adjusted tests to use a 1.1 backend. There was also differences with logs, because of the time being in milliseconds. TestPublishedURLIsReachableMixin._checkERP5IsReachable was also updated, it was working by chance because when accessed behind httpd->haproxy->zope, zope was producing a redirect URL that was the URL of haproxy, which could be resolved by chance. This test was updated to access zope with a path that contains VirtualHostMonster magic, as the shared frontend ( with "zope" software type) is supposed to set. This should hopefuly solve the "502 Proxy Error" that we are observing with httpd.
-
- 10 Nov, 2020 2 commits
-
-
Jérome Perrin authored
Revert "software/erp5: use a caucase managed certificate for balancer" This reverts commit 74d18b9d and also follow up fixup ( 555b26a2 ). We are not ready to use caucase here, there are still too many problems with caucase (keys are lost at each SR update etc) and design might still evolve, so let's go back to self signed certificate for now. Also remove the promise and the updater, since they are also not working and causing problems on instances that have been updated (and where the key no longer match the certificate)
-
Jérome Perrin authored
fix balancer CSR generation: Caucase rerequest uses a CSR *template* and use it to generate a new CSR with a new key, so we should not use the actual key to generate this CSR, because it is caucase rerequest job to generate the key. Also, we should be careful not to generate a new CSR every time this command run, otherwise a new key will be generated and a new CSR will be sent to caucase, but caucase will not sign it automatically (since we configure it to sign only one certificate). This means that the case of IP address changes is currently not supported automatically. To support it we would need to: - force generation of a new CSR template - force caucase rerequester to request a new certificate (by removing existing certificate) - force caucased to sign the new certificate This commit also fix indentation and remove simplefile macro that is no longer used
-
- 23 Oct, 2020 1 commit
-
-
Jérome Perrin authored
Since 0.9.6 caucase stopped using the 128bits OID arc that caddy/golang does not support, so nothing prevents us from using a caucase certiciate now.
-
- 21 Oct, 2020 1 commit
-
-
Jérome Perrin authored
We don't plan using varnish like this.
-
- 16 Jun, 2020 2 commits
-
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
- 06 Mar, 2020 1 commit
-
-
Łukasz Nowak authored
-
- 19 Nov, 2019 1 commit
-
-
Łukasz Nowak authored
As possible cover promises in tests.
-
- 19 Jun, 2019 1 commit
-
-
Julien Muchembled authored
We'll add monitoring to NEO so some parts are also moved there from ERP5.
-
- 17 Apr, 2019 1 commit
-
-
Jérome Perrin authored
A regression in the apache entries for testrunner used one apache port for each zope - not one for each family as what was intended. There was also a problem that these apache ports were used even when no testrunner.
-
- 12 Mar, 2019 1 commit
-
-
Thomas Gambier authored
The certificates generated by caucase are not supported by Caddy (see https://www.erp5.com/project_section/vifib/forum/Problem-with-caddy-frontend-and-caucase-0.95-issued-certificate-UNinzubDv0) /cc @rafael @alain.takoudjou /reviewed-on nexedi/slapos!531
-
- 01 Mar, 2019 1 commit
-
-
Vincent Pelletier authored
Notes stack/erp5 * The service-auto-approve-amount to default is set to 1, in order that the only needed service is automatically approved. As caucase is accessed internally (on local IPv4) only partitions on the same server will access caucase.
-
- 20 Nov, 2018 1 commit
-
-
Nicolas Wavrant authored
-
- 14 Nov, 2018 2 commits
-
-
Jérome Perrin authored
The case where test runner is not enabled got broken in 2a457867
-
Nicolas Wavrant authored
-
- 17 Sep, 2018 1 commit
-
-
Tristan Cavelier authored
/reviewed-on nexedi/slapos!406
-
- 10 Sep, 2018 1 commit
-
-
Jérome Perrin authored
We don't want runUnitTest is to listen on 127.0.0.1, as it is not allowed for SlapOS instances, runUnitTest wrapper is extended to include `--zserver` with a pre-assigned ip:port. runTestSuite starts several test in parrallel (controlled by `--node_quantity` argument, which is passed by erp5testnode), so we need to make sure that we provide it with enough ip:port. For this, we extended runTestSuite with a `--zserver_address_list` argument and we generate a wrapper with a list of `testrunner.node-count` pre-assigned ip:ports. Because zelenium tests needs to access this zserver over a secure origin (otherwise modern browser features such as service worker are not available), use an https proxy in the apache from the balancer partition. runUnitTest and runTestSuite have been extended with resp. `--zserver_frontend_url` and `--zserver_frontend_url_list` arguments and the URLs published by the balancer paritions are set in the wrappers. For compatibility reasons, runTestSuite pass parameters as environment variables. Implementation notes: This introduces a circular depencency, balancer partition needs to know the address of the testrunners and zope partitions needs to know the URLs of the corresponding http proxies on the apache. This is is handled by `slapos.recipe:publish-early`: 1. request zope family with an empty `test-runner-apache-url-list`. zope is instanciated a first time. zope returns `test-runner-address-list` ( a list of (host, port) tuples ) 2. request balancer with `test-runner-address-list` balancer is instanciated. balancer returns `{{ family_name }}-test-runner-url-list` ( a list of apache URLs ), which are published in the root partition. 3. zope family is re-requested with updated`test-runner-apache-url-list` information instance-erp5.cfg.in template was also reorganised to move `[publish-early]` next to `[publish]` at the bottom of the file because these sections are semantically related. Also test runner generation is moved after zope generation, because we want to allocate test runners ports after zopes, otherwise existing zopes would get new ports when existing instances are upgraded.
-
- 14 Aug, 2018 1 commit
-
-
Tristan Cavelier authored
-
- 18 May, 2018 1 commit
-
-
Roque authored
- List of configuration files that are used to generate the hash for the service wrapper's name. /reviewed-on nexedi/slapos!333
-
- 16 Mar, 2018 1 commit
-
-
Julien Muchembled authored
This is a follow-up of commit 5c980caf, now that the new code of the 'wrapper' recipe is used (1.0.58 released).
-
- 28 Dec, 2017 1 commit
-
-
Tristan Cavelier authored
instance-erp5.cfg.in: quoted values should not be part of the configuration parameters https://lab.nexedi.com/nexedi/slapos.toolbox/blob/beb86eab2dee7178aa6e4795da0f56bb6cacaea1/slapos/apachedex.py#L62 modify default apachedex parameters --erp5-base +erp5 .*/VirtualHostRoot/erp5(/|\?|$) --base +other / instance-balancer.cfg.in: option `--configuration` should be used instead of `--config` https://lab.nexedi.com/nexedi/slapos.toolbox/blob/beb86eab2dee7178aa6e4795da0f56bb6cacaea1/slapos/apachedex.py#L76
-
- 06 Oct, 2017 2 commits
-
-
Hardik Juneja authored
/reviewed-on nexedi/slapos!239
-
Rafael Monnerat authored
This reverts commit 9b0b7a8b
-
- 04 Oct, 2017 1 commit
-
-
Julien Muchembled authored
-
- 28 Sep, 2017 1 commit
-
-
Hardik Juneja authored
-
- 18 Aug, 2017 3 commits
-
-
Hardik Juneja authored
-
Hardik Juneja authored
-
Hardik Juneja authored
-
- 11 Aug, 2017 1 commit
-
-
Vincent Pelletier authored
-
- 18 Jul, 2017 1 commit
-
-
Hardik Juneja authored
whenever the zope instances have the same title (example all zope have 'Zope monitor' as title) the request to frontends consider it as the same request and gives same frontend to each of them. /reviewed-on nexedi/slapos!202
-
- 03 Jul, 2017 1 commit
-
-
Alain Takoudjou authored
Allows requesting a caucase partition and reusing an existing caucase instance. For client-certificate-based authentication, client must be able to access backend directly (frontend is not possible).
-
- 20 Jun, 2017 2 commits
-
-
Hardik Juneja authored
-
Hardik Juneja authored
-
- 16 Feb, 2017 1 commit
-
-
Vincent Pelletier authored
When a process is stopped: - it may not have emitted logs since previous rotation: add "missingok" As a direct consequence: stop using logrotate recipe. - its pid file (if applicable) may be missing: test its non-empty presence before calling slapos-kill Also, stop using slapos.cookbook:logrotate. Update obvious users (cloudooo, neoppod, erp5, monitor, re6stnet).
-
- 08 Feb, 2017 1 commit
-
-
Vincent Pelletier authored
-