Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Esteban Blanc
slapos
Commits
d98f21c4
Commit
d98f21c4
authored
Oct 09, 2020
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Simplify parameters passed to apache-custom-slave-list
parent
edcf83eb
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
56 additions
and
63 deletions
+56
-63
software/caddy-frontend/buildout.hash.cfg
software/caddy-frontend/buildout.hash.cfg
+2
-2
software/caddy-frontend/instance-apache-frontend.cfg.in
software/caddy-frontend/instance-apache-frontend.cfg.in
+16
-24
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
.../caddy-frontend/templates/apache-custom-slave-list.cfg.in
+38
-37
No files found.
software/caddy-frontend/buildout.hash.cfg
View file @
d98f21c4
...
...
@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in
md5sum =
3f0b109d039ca79d6a50ae32028c727c
md5sum =
584095eaee849764d55983beeb35c0e7
[profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in
...
...
@@ -30,7 +30,7 @@ md5sum = 74beef8d78df18e7fe9d5a6a3a9bf43c
[profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum =
30d87315036c7e538c81139cb7cc4620
md5sum =
23b6d77683b369707407cc78660864d5
[profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
...
...
software/caddy-frontend/instance-apache-frontend.cfg.in
View file @
d98f21c4
...
...
@@ -282,11 +282,7 @@ stop-on-error = True
depends = ${caddyprofiledeps:recipe}
template = {{ parameter_dict['profile_slave_list'] }}
filename = custom-personal-instance-slave-list.cfg
slave_instance_list = {{ dumps(instance_parameter['slave-instance-list']) }}
extra_slave_instance_list = {{ dumps(instance_parameter.get('configuration.extra_slave_instance_list')) }}
master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }}
local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }}
local_ipv6 = {{ dumps(instance_parameter['ipv6-random']) }}
software_type = single-custom-personal
bin_directory = {{ parameter_dict['bin_directory'] }}
caddy_executable = {{ parameter_dict['caddy'] }}
...
...
@@ -300,46 +296,32 @@ extra-context =
import urlparse_module urlparse
import furl_module furl
key caddy_executable :caddy_executable
key http_port configuration:plain_http_port
key https_port configuration:port
key public_ipv4 configuration:public-ipv4
key slave_instance_list :slave_instance_list
key extra_slave_instance_list :extra_slave_instance_list
key master_key_download_url :master_key_download_url
key autocert caddy-directory:autocert
key master_certificate caddy-configuration:master-certificate
key caddy_log_directory caddy-directory:slave-log
key expose_csr_id_organization :organization
key expose_csr_id_organizational_unit :organizational-unit
key local_ipv4 :local_ipv4
key local_ipv6 :local_ipv6
key global_ipv6 slap-network-information:global-ipv6
key empty_template software-release-path:template-empty
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key software_type :software_type
key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
key frontend_graceful_reload caddy-configuration:frontend-graceful-command
section frontend_configuration frontend-configuration
section caddy_configuration caddy-configuration
key monitor_base_url monitor-instance-parameter:monitor-base-url
key bin_directory :bin_directory
key enable_http2_by_default configuration:enable-http2-by-default
key global_disable_http2 configuration:global-disable-http2
key ciphers configuration:ciphers
key access_log caddy-configuration:access-log
key error_log caddy-configuration:error-log
key sixtunnel_executable :sixtunnel_executable
key not_found_file caddy-configuration:not-found-file
key custom_ssl_directory caddy-directory:custom-ssl-directory
section kedifa_configuration kedifa-configuration
# BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END
## backend haproxy
key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration
section backend_haproxy_configuration backend-haproxy-configuration
## full configuration
## Configuration passed by section
section configuration configuration
section backend_haproxy_configuration backend-haproxy-configuration
section instance_parameter instance-parameter
section frontend_configuration frontend-configuration
section caddy_configuration caddy-configuration
section kedifa_configuration kedifa-configuration
# Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template]
...
...
@@ -1035,5 +1017,15 @@ config-command =
{%- if key.startswith('configuration.') %}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{%- endif -%}
{%- endfor %}
[instance-parameter]
{#- There are dangerous keys like recipe, etc #}
{#- XXX: Some other approach would be useful #}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- for key, value in instance_parameter.iteritems() -%}
{%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
{{ key }} = {{ dumps(value) }}
{%- endif -%}
{%- endfor -%}
{%- endif -%} {# if instance_parameter['slap-software-type'] == software_type #}
software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
View file @
d98f21c4
...
...
@@ -4,21 +4,22 @@
{%- set backend_slave_list = [] %}
{%- set part_list = [] %}
{%- set cache_port = caddy_configuration.get('cache-port') %}
{%- set cache_access = "http://%s:%s" % (
local_ipv4
, cache_port) %}
{%- set ssl_cache_access = "http://%s:%s/HTTPS" % (
local_ipv4
, cache_port) %}
{%- set backend_haproxy_http_url = 'http://%s:%s' % (
local_ipv4
, backend_haproxy_configuration['http-port']) %}
{%- set backend_haproxy_https_url = 'http://%s:%s' % (
local_ipv4
, backend_haproxy_configuration['https-port']) %}
{%- set cache_access = "http://%s:%s" % (
instance_parameter['ipv4-random']
, cache_port) %}
{%- set ssl_cache_access = "http://%s:%s/HTTPS" % (
instance_parameter['ipv4-random']
, cache_port) %}
{%- set backend_haproxy_http_url = 'http://%s:%s' % (
instance_parameter['ipv4-random']
, backend_haproxy_configuration['http-port']) %}
{%- set backend_haproxy_https_url = 'http://%s:%s' % (
instance_parameter['ipv4-random']
, backend_haproxy_configuration['https-port']) %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4':
local_ipv4, 'http_port': http_port, 'https_port': https_port
} %}
{%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4':
instance_parameter['ipv4-random'], 'http_port': configuration['plain_http_port'], 'https_port': configuration['port']
} %}
{%- set slave_log_dict = {} %}
{%- if extra_slave_instance_list %}
{%- set slave_instance_information_list = [] %}
{%- set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %}
{%- set slave_instance_information_list = [] %}
{%- set slave_instance_list = instance_parameter['slave-instance-list'] %}
{%- if configuration['extra_slave_instance_list'] %}
{%- do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %}
{%- endif %}
{%- if master_key_download_url %}
{%- do kedifa_updater_mapping.append((master_key_download_url,
master_certificate
, apache_certificate)) %}
{%- do kedifa_updater_mapping.append((master_key_download_url,
caddy_configuration['master-certificate']
, apache_certificate)) %}
{%- else %}
{%- do kedifa_updater_mapping.append(('notreadyyet',
master_certificate
, apache_certificate)) %}
{%- do kedifa_updater_mapping.append(('notreadyyet',
caddy_configuration['master-certificate']
, apache_certificate)) %}
{%- endif %}
{%- if kedifa_configuration['slave_kedifa_information'] %}
{%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
...
...
@@ -53,7 +54,7 @@ context =
{%- if slave_ciphers %}
{%- set slave_cipher_list = ' '.join(slave_ciphers) %}
{%- else %}
{%- set slave_cipher_list = c
iphers
.strip() %}
{%- set slave_cipher_list = c
onfiguration['ciphers']
.strip() %}
{%- endif %}
{%- do slave_instance.__setitem__('cipher_list', slave_cipher_list) %}
{#- Manage common instance parameters #}
...
...
@@ -102,8 +103,8 @@ context =
{%- do part_list.extend([slave_logrotate_section, slave_section_title]) %}
{%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
{#- Pass HTTP2 switch #}
{%- do slave_instance.__setitem__('enable_http2_by_default',
enable_http2_by_default
) %}
{%- do slave_instance.__setitem__('global_disable_http2',
global_disable_http2
) %}
{%- do slave_instance.__setitem__('enable_http2_by_default',
configuration['enable-http2-by-default']
) %}
{%- do slave_instance.__setitem__('global_disable_http2',
configuration['global-disable-http2']
) %}
{#- Pass backend timeout values #}
{%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
{%- if slave_instance.get(key, '') == '' %}
...
...
@@ -128,7 +129,7 @@ context =
{%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %}
{%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%- do slave_publish_dict.__setitem__('public-ipv4',
public_ipv4
) %}
{%- do slave_publish_dict.__setitem__('public-ipv4',
configuration['public-ipv4']
) %}
{%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
{#- Set slave domain if none was defined #}
{%- if slave_instance.get('custom_domain', None) == None %}
...
...
@@ -224,7 +225,7 @@ cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.ge
extra-context =
key content :cert-content
{%- else %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate,
master_certificate
)) %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate,
caddy_configuration['master-certificate']
)) %}
{%- endif %}
{#- BBB: SlapOS Master non-zero knowledge END #}
...
...
@@ -233,9 +234,9 @@ extra-context =
[{{ slave_configuration_section_name }}]
certificate = {{ certificate }}
https_port = {{ dumps('' ~
https_port
) }}
http_port = {{ dumps('' ~
http_port
) }}
local_ipv4 = {{ dumps('' ~
local_ipv4
) }}
https_port = {{ dumps('' ~
configuration['port']
) }}
http_port = {{ dumps('' ~
configuration['plain_http_port']
) }}
local_ipv4 = {{ dumps('' ~
instance_parameter['ipv4-random']
) }}
{%- for key, value in slave_instance.iteritems() %}
{%- if value is not none %}
{{ key }} = {{ dumps('' ~ value) }}
...
...
@@ -283,7 +284,7 @@ config-frequency = 720
{#- ############################### #}
{#- Publish Slave Information #}
{%- if not
extra_slave_instance_list
%}
{%- if not
configuration['extra_slave_instance_list']
%}
{%- set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %}
{%- do part_list.append(publish_section_title) %}
[{{ publish_section_title }}]
...
...
@@ -320,27 +321,27 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[tunnel-6to4-base-http_port]
<= tunnel-6to4-base
ipv4-port = {{
http_port
}}
ipv6-port = {{
http_port
}}
ipv4-port = {{
configuration['plain_http_port']
}}
ipv6-port = {{
configuration['plain_http_port']
}}
[tunnel-6to4-base-https_port]
<= tunnel-6to4-base
ipv4-port = {{
https_port
}}
ipv6-port = {{
https_port
}}
ipv4-port = {{
configuration['port']
}}
ipv6-port = {{
configuration['port']
}}
{#- Define log access #}
[caddy-log-access-parameters]
caddy_log_directory = {{ dumps(caddy_log_directory) }}
caddy_configuration_directory = {{ dumps(caddy_configuration_directory) }}
local_ipv4 = {{ dumps(
local_ipv4
) }}
local_ipv4 = {{ dumps(
instance_parameter['ipv4-random']
) }}
global_ipv6 = {{ dumps(global_ipv6) }}
https_port = {{ dumps(
https_port
) }}
http_port = {{ dumps(
http_port
) }}
https_port = {{ dumps(
configuration['port']
) }}
http_port = {{ dumps(
configuration['plain_http_port']
) }}
ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }}
access_log = {{ dumps(
access_log
) }}
error_log = {{ dumps(
error_log
) }}
not_found_file = {{ dumps(
not_found_file
) }}
access_log = {{ dumps(
caddy_configuration['access-log']
) }}
error_log = {{ dumps(
caddy_configuration['error-log']
) }}
not_found_file = {{ dumps(
caddy_configuration['not-found-file']
) }}
[caddy-log-access]
< = jinja2-template-base
...
...
@@ -352,7 +353,7 @@ extra-context =
section parameter_dict caddy-log-access-parameters
[slave-introspection-parameters]
local-ipv4 = {{ dumps(
local_ipv4
) }}
local-ipv4 = {{ dumps(
instance_parameter['ipv4-random']
) }}
global-ipv6 = {{ dumps(global_ipv6) }}
https-port = {{ frontend_configuration['slave-introspection-https-port'] }}
ip-access-certificate = {{ frontend_configuration.get('ip-access-certificate') }}
...
...
@@ -384,9 +385,9 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{#- Publish information for the instance #}
[publish-caddy-information]
recipe = slapos.cookbook:publish.serialised
public-ipv4 = {{
public_ipv4
}}
private-ipv4 = {{
local_ipv4
}}
{%- if
extra_slave_instance_list
%}
public-ipv4 = {{
configuration['public-ipv4']
}}
private-ipv4 = {{
instance_parameter['ipv4-random']
}}
{%- if
configuration['extra_slave_instance_list']
%}
{#- sort_keys are important in order to avoid shuffling parameters on each run #}
slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
{%- endif %}
...
...
@@ -407,8 +408,8 @@ recipe = slapos.cookbook:wrapper
command-line = {{ kedifa_configuration['kedifa-updater'] }}
--server-ca-certificate {{ kedifa_configuration['ca-certificate'] }}
--identity {{ kedifa_configuration['certificate'] }}
--master-certificate {{
master_certificate
}}
--on-update "{{
frontend_graceful_reload
}}"
--master-certificate {{
caddy_configuration['master-certificate']
}}
--on-update "{{
caddy_configuration['frontend-graceful-command']
}}"
${kedifa-updater-mapping:file}
{{ kedifa_configuration['kedifa-updater-state-file'] }}
...
...
@@ -418,7 +419,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[kedifa-updater-run]
recipe = plone.recipe.command
stop-on-error = True
command = {{ kedifa_configuration['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{
frontend_graceful_reload
}}"
command = {{ kedifa_configuration['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{
caddy_configuration['frontend-graceful-command']
}}"
update-command = ${:command}
[kedifa-updater-mapping]
...
...
@@ -452,7 +453,7 @@ extra-context =
{%- for key, value in backend_haproxy_configuration.items() %}
{{ key }} = {{ value }}
{%- endfor %}
local-ipv4 = {{ dumps('' ~
local_ipv4
) }}
local-ipv4 = {{ dumps('' ~
instance_parameter['ipv4-random']
) }}
global-ipv6 = ${slap-network-information:global-ipv6}
request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment