Commit bd1399d3 authored by Rafael Monnerat's avatar Rafael Monnerat

Update Release Candidate

parents d4173404 07d64efb
...@@ -59,8 +59,8 @@ KVM instance parameters: ...@@ -59,8 +59,8 @@ KVM instance parameters:
For port forwarding to IPv6 of slapos partition For port forwarding to IPv6 of slapos partition
- use-nat (default: True) - use-nat (default: True)
Add one interface using qemu User Network (NAT), this interface support nat-rules. Add one interface using qemu User Network (NAT), this interface support nat-rules.
- use-tap (default: False) - use-tap (default: True)
Add One interface that use tap interface Add one interface that uses tap interface from the host
- enable-vhost (default: False) - enable-vhost (default: False)
Increase network speed by enabling vhost on qemu. (To use if the module is loaded on host machine) Increase network speed by enabling vhost on qemu. (To use if the module is loaded on host machine)
......
...@@ -19,7 +19,7 @@ md5sum = 028b6a6456d744c11b1bb2c51ecd51b2 ...@@ -19,7 +19,7 @@ md5sum = 028b6a6456d744c11b1bb2c51ecd51b2
[template-kvm] [template-kvm]
filename = instance-kvm.cfg.jinja2 filename = instance-kvm.cfg.jinja2
md5sum = c51026e815ca43b5de5ddc6cbd8bf1e2 md5sum = c298aaa20a368ddc118b8bb22dc84dc3
[template-kvm-cluster] [template-kvm-cluster]
filename = instance-kvm-cluster.cfg.jinja2.in filename = instance-kvm-cluster.cfg.jinja2.in
......
...@@ -266,9 +266,9 @@ ...@@ -266,9 +266,9 @@
}, },
"use-tap": { "use-tap": {
"title": "Use QEMU TAP network interface", "title": "Use QEMU TAP network interface",
"description": "Use QEMU TAP network interface, might require a bridge on SlapOS Node.", "description": "Use QEMU TAP network interface, requires taps creation on SlapOS Node.",
"type": "boolean", "type": "boolean",
"default": false "default": true
}, },
"use-nat": { "use-nat": {
"title": "Use QEMU USER Mode interface (NAT)", "title": "Use QEMU USER Mode interface (NAT)",
...@@ -278,7 +278,7 @@ ...@@ -278,7 +278,7 @@
}, },
"nat-rules": { "nat-rules": {
"title": "List of rules for NAT of QEMU user mode network stack.", "title": "List of rules for NAT of QEMU user mode network stack.",
"description": "List of rules for NAT of QEMU user mode network stack, as space-separated list of ports (with optional protocol). For each port specified, it will redirect port x of the VM (example: \"80 udp:53\") to the port x + 10000 of the public IPv6 of the host (example: \"10080 udp:10053\"). Ignored if \"use-tap\" parameter is enabled.", "description": "List of rules for NAT of QEMU user mode network stack, as space-separated list of ports (with optional protocol). For each port specified, it will redirect port x of the VM (example: \"80 udp:53\") to the port x + 10000 of the public IPv6 of the host (example: \"10080 udp:10053\").",
"type": "string", "type": "string",
"default": "22 80 443" "default": "22 80 443"
}, },
......
{% set enable_http = slapparameter_dict.get('enable-http-server', 'False').lower() -%} {% set enable_http = slapparameter_dict.get('enable-http-server', 'False').lower() -%}
{% set use_tap = slapparameter_dict.get('use-tap', 'False').lower() -%} {% set use_tap = slapparameter_dict.get('use-tap', 'True').lower() -%}
{% set use_nat = slapparameter_dict.get('use-nat', 'True').lower() -%} {% set use_nat = slapparameter_dict.get('use-nat', 'True').lower() -%}
{% set wipe_disk = slapparameter_dict.get('wipe-disk-ondestroy', 'False').lower() -%} {% set wipe_disk = slapparameter_dict.get('wipe-disk-ondestroy', 'False').lower() -%}
{% set nat_restrict = slapparameter_dict.get('nat-restrict-mode', 'False').lower() -%} {% set nat_restrict = slapparameter_dict.get('nat-restrict-mode', 'False').lower() -%}
...@@ -677,7 +677,7 @@ cpu-model = host ...@@ -677,7 +677,7 @@ cpu-model = host
nat-rules = 22 80 443 nat-rules = 22 80 443
use-nat = True use-nat = True
use-tap = False use-tap = True
nat-restrict-mode = False nat-restrict-mode = False
enable-vhost = False enable-vhost = False
......
...@@ -18,7 +18,7 @@ md5sum = edf81a602137858cd5835c050ac6e08c ...@@ -18,7 +18,7 @@ md5sum = edf81a602137858cd5835c050ac6e08c
[template-balancer] [template-balancer]
filename = instance-balancer.cfg.in filename = instance-balancer.cfg.in
md5sum = 356cb73670ea4599ad608b29fb86b278 md5sum = 1a6a00153441d6a8e7ff9d27039e541e
[template-apache-backend-conf] [template-apache-backend-conf]
filename = apache-backend.conf.in filename = apache-backend.conf.in
......
...@@ -27,10 +27,10 @@ mode = 644 ...@@ -27,10 +27,10 @@ mode = 644
updater_path='${directory:services-on-watch}/caucase-updater', updater_path='${directory:services-on-watch}/caucase-updater',
url=ssl_parameter_dict['caucase-url'], url=ssl_parameter_dict['caucase-url'],
data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
crt_path='${apache-conf-ssl:cert}', crt_path='${apache-conf-ssl:caucase-cert}',
ca_path='${apache-conf-ssl:ca-cert}', ca_path='${apache-conf-ssl:ca-cert}',
crl_path='${apache-conf-ssl:crl}', crl_path='${apache-conf-ssl:crl}',
key_path='${apache-conf-ssl:key}', key_path='${apache-conf-ssl:caucase-key}',
on_renew='${apache-graceful:output}', on_renew='${apache-graceful:output}',
max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0), max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
template_csr_pem=ssl_parameter_dict.get('csr'), template_csr_pem=ssl_parameter_dict.get('csr'),
...@@ -119,9 +119,25 @@ hash-files = ${haproxy-cfg:rendered} ...@@ -119,9 +119,25 @@ hash-files = ${haproxy-cfg:rendered}
[apache-conf-ssl] [apache-conf-ssl]
cert = ${directory:apache-conf}/apache.crt cert = ${directory:apache-conf}/apache.crt
key = ${directory:apache-conf}/apache.pem key = ${directory:apache-conf}/apache.pem
# XXX caucase certificate is not supported by caddy for now
caucase-cert = ${directory:apache-conf}/apache-caucase.crt
caucase-key = ${directory:apache-conf}/apache-caucase.pem
ca-cert = ${directory:apache-conf}/ca.crt ca-cert = ${directory:apache-conf}/ca.crt
crl = ${directory:apache-conf}/crl.pem crl = ${directory:apache-conf}/crl.pem
[apache-ssl]
{% if ssl_parameter_dict.get('key') -%}
key = ${apache-ssl-key:rendered}
cert = ${apache-ssl-cert:rendered}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{% else %}
recipe = plone.recipe.command
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
key = ${apache-conf-ssl:key}
cert = ${apache-conf-ssl:cert}
{%- endif %}
[apache-conf-parameter-dict] [apache-conf-parameter-dict]
backend-list = {{ dumps(apache_dict.values()) }} backend-list = {{ dumps(apache_dict.values()) }}
zope-virtualhost-monster-backend-dict = {{ dumps(zope_virtualhost_monster_backend_dict) }} zope-virtualhost-monster-backend-dict = {{ dumps(zope_virtualhost_monster_backend_dict) }}
...@@ -133,8 +149,8 @@ access-log = ${directory:log}/apache-access.log ...@@ -133,8 +149,8 @@ access-log = ${directory:log}/apache-access.log
# Apache 2.4's default value (60 seconds) can be a bit too short # Apache 2.4's default value (60 seconds) can be a bit too short
timeout = 300 timeout = 300
# Basic SSL server configuration # Basic SSL server configuration
cert = ${apache-conf-ssl:cert} cert = ${apache-ssl:cert}
key = ${apache-conf-ssl:key} key = ${apache-ssl:key}
cipher = cipher =
ssl-session-cache = ${directory:log}/apache-ssl-session-cache ssl-session-cache = ${directory:log}/apache-ssl-session-cache
# Client x509 auth # Client x509 auth
...@@ -218,6 +234,7 @@ services-on-watch = ${:etc}/service ...@@ -218,6 +234,7 @@ services-on-watch = ${:etc}/service
var = ${buildout:directory}/var var = ${buildout:directory}/var
run = ${:var}/run run = ${:var}/run
log = ${:var}/log log = ${:var}/log
srv = ${buildout:directory}/srv
ca-dir = ${buildout:directory}/srv/ssl ca-dir = ${buildout:directory}/srv/ssl
requests = ${:ca-dir}/requests requests = ${:ca-dir}/requests
private = ${:ca-dir}/private private = ${:ca-dir}/private
......
...@@ -66,7 +66,7 @@ md5sum = 0969fbb25b05c02ef3c2d437b2f4e1a0 ...@@ -66,7 +66,7 @@ md5sum = 0969fbb25b05c02ef3c2d437b2f4e1a0
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = a2423975b29ab023f64ce257d097e286 md5sum = 9009939093730fb8219cbe7092dda9ab
[monitor-template-dummy] [monitor-template-dummy]
filename = dummy.cfg filename = dummy.cfg
...@@ -86,7 +86,7 @@ md5sum = 3a6c7dec898abc7d1506957154ef566e ...@@ -86,7 +86,7 @@ md5sum = 3a6c7dec898abc7d1506957154ef566e
[template-balancer] [template-balancer]
filename = instance-balancer.cfg.in filename = instance-balancer.cfg.in
md5sum = 7fcedcacb0558e770cbb1c1d63322ea4 md5sum = a2f795e5ed9537951ee70114111930b0
[template-haproxy-cfg] [template-haproxy-cfg]
filename = haproxy.cfg.in filename = haproxy.cfg.in
......
...@@ -26,10 +26,10 @@ mode = 644 ...@@ -26,10 +26,10 @@ mode = 644
updater_path='${directory:services-on-watch}/caucase-updater', updater_path='${directory:services-on-watch}/caucase-updater',
url=ssl_parameter_dict['caucase-url'], url=ssl_parameter_dict['caucase-url'],
data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
crt_path='${apache-conf-ssl:cert}', crt_path='${apache-conf-ssl:caucase-cert}',
ca_path='${apache-conf-ssl:ca-cert}', ca_path='${apache-conf-ssl:ca-cert}',
crl_path='${apache-conf-ssl:crl}', crl_path='${apache-conf-ssl:crl}',
key_path='${apache-conf-ssl:key}', key_path='${apache-conf-ssl:caucase-key}',
on_renew='${apache-graceful:output}', on_renew='${apache-graceful:output}',
max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0), max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
template_csr_pem=ssl_parameter_dict.get('csr'), template_csr_pem=ssl_parameter_dict.get('csr'),
...@@ -118,9 +118,25 @@ hash-files = ${haproxy-cfg:rendered} ...@@ -118,9 +118,25 @@ hash-files = ${haproxy-cfg:rendered}
[apache-conf-ssl] [apache-conf-ssl]
cert = ${directory:apache-conf}/apache.crt cert = ${directory:apache-conf}/apache.crt
key = ${directory:apache-conf}/apache.pem key = ${directory:apache-conf}/apache.pem
# XXX caucase certificate is not supported by caddy for now
caucase-cert = ${directory:apache-conf}/apache-caucase.crt
caucase-key = ${directory:apache-conf}/apache-caucase.pem
ca-cert = ${directory:apache-conf}/ca.crt ca-cert = ${directory:apache-conf}/ca.crt
crl = ${directory:apache-conf}/crl.pem crl = ${directory:apache-conf}/crl.pem
[apache-ssl]
{% if ssl_parameter_dict.get('key') -%}
key = ${apache-ssl-key:rendered}
cert = ${apache-ssl-cert:rendered}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{% else %}
recipe = plone.recipe.command
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
key = ${apache-conf-ssl:key}
cert = ${apache-conf-ssl:cert}
{%- endif %}
[apache-conf-parameter-dict] [apache-conf-parameter-dict]
backend-list = {{ dumps(apache_dict.values()) }} backend-list = {{ dumps(apache_dict.values()) }}
zope-virtualhost-monster-backend-dict = {{ dumps(zope_virtualhost_monster_backend_dict) }} zope-virtualhost-monster-backend-dict = {{ dumps(zope_virtualhost_monster_backend_dict) }}
...@@ -132,8 +148,8 @@ access-log = ${directory:log}/apache-access.log ...@@ -132,8 +148,8 @@ access-log = ${directory:log}/apache-access.log
# Apache 2.4's default value (60 seconds) can be a bit too short # Apache 2.4's default value (60 seconds) can be a bit too short
timeout = 300 timeout = 300
# Basic SSL server configuration # Basic SSL server configuration
cert = ${apache-conf-ssl:cert} cert = ${apache-ssl:cert}
key = ${apache-conf-ssl:key} key = ${apache-ssl:key}
cipher = cipher =
ssl-session-cache = ${directory:log}/apache-ssl-session-cache ssl-session-cache = ${directory:log}/apache-ssl-session-cache
# Client x509 auth # Client x509 auth
......
...@@ -163,10 +163,10 @@ filename = instance-mariadb.cfg ...@@ -163,10 +163,10 @@ filename = instance-mariadb.cfg
extra-context = extra-context =
section parameter_dict dynamic-template-mariadb-parameters section parameter_dict dynamic-template-mariadb-parameters
# Keep cloudooo section for backward compatibility # Keep a section for backward compatibility for removed types
# Once the section is removed, ghost instances will keep failing until # Once the section is removed, ghost instances will keep failing until
# garbage collection be implemented. # garbage collection be implemented.
[dynamic-template-cloudooo-legacy] [dynamic-template-legacy]
recipe = collective.recipe.template recipe = collective.recipe.template
input = inline:[buildout] input = inline:[buildout]
eggs-directory = ${buildout:eggs-directory} eggs-directory = ${buildout:eggs-directory}
...@@ -174,7 +174,7 @@ input = inline:[buildout] ...@@ -174,7 +174,7 @@ input = inline:[buildout]
offline = true offline = true
parts = parts =
output = ${directory:directory/instance-cloudoo-legacy.cfg output = ${directory:directory/instance-legacy.cfg
mode = 644 mode = 644
# we need this value to be present in a section, # we need this value to be present in a section,
...@@ -202,4 +202,5 @@ zope = dynamic-template-zope:rendered ...@@ -202,4 +202,5 @@ zope = dynamic-template-zope:rendered
jupyter = dynamic-template-jupyter:rendered jupyter = dynamic-template-jupyter:rendered
# Keep cloudooo backward compatibility # Keep cloudooo backward compatibility
cloudooo = dynamic-template-cloudooo-legacy:output cloudooo = dynamic-template-legacy:output
caucase = dynamic-template-legacy:output
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment