diff --git a/software/caddy-frontend/buildout.hash.cfg b/software/caddy-frontend/buildout.hash.cfg index 5b085c45275521467e053d4e1767ca98a692d841..dbb1c97026f40f548cd55885d678e823a02a139f 100644 --- a/software/caddy-frontend/buildout.hash.cfg +++ b/software/caddy-frontend/buildout.hash.cfg @@ -14,7 +14,7 @@ # not need these here). [template] filename = instance.cfg.in -md5sum = 4ee9654b01dd99e36ed84ddb08814309 +md5sum = d1df1988d793357de74643771b3cd62a [profile-common] filename = instance-common.cfg.in @@ -22,11 +22,11 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 [profile-caddy-frontend] filename = instance-apache-frontend.cfg.in -md5sum = 584095eaee849764d55983beeb35c0e7 +md5sum = 70fba21c38c309d5237b972626faf096 [profile-caddy-replicate] filename = instance-apache-replicate.cfg.in -md5sum = 74beef8d78df18e7fe9d5a6a3a9bf43c +md5sum = 5fe2de2096fa9da9f549bd44e3c69c0e [profile-slave-list] _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in @@ -114,7 +114,7 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8 [profile-kedifa] filename = instance-kedifa.cfg.in -md5sum = b5165126e373a488fa514a724d3b1d70 +md5sum = c8cfbfe7a2ef43cc7731f5ad9dd52d8d [template-backend-haproxy-rsyslogd-conf] _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in diff --git a/software/caddy-frontend/instance-apache-frontend.cfg.in b/software/caddy-frontend/instance-apache-frontend.cfg.in index ceb3f036112acce288430117ebd97d53b6b4828b..ef5e115ec71642255f1279ce629616f0c4f72c3d 100644 --- a/software/caddy-frontend/instance-apache-frontend.cfg.in +++ b/software/caddy-frontend/instance-apache-frontend.cfg.in @@ -3,9 +3,9 @@ {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} [buildout] extends = - {{ parameter_dict['profile_common'] }} - {{ parameter_dict['profile_monitor'] }} - {{ parameter_dict['profile_logrotate_base'] }} + {{ software_parameter_dict['profile_common'] }} + {{ software_parameter_dict['profile_monitor'] }} + {{ software_parameter_dict['profile_logrotate_base'] }} parts = directory @@ -102,16 +102,16 @@ single-default = ${dynamic-custom-personal-profile-slave-list:rendered} single-custom-personal = ${dynamic-custom-personal-profile-slave-list:rendered} [frontend-configuration] -template-log-access = {{ parameter_dict['template_log_access'] }} +template-log-access = {{ software_parameter_dict['template_log_access'] }} log-access-configuration = ${directory:etc}/log-access.conf ip-access-certificate = ${self-signed-ip-access:certificate} -caddy-directory = {{ parameter_dict['caddy_location'] }} +caddy-directory = {{ software_parameter_dict['caddy_location'] }} caddy-ipv6 = {{ instance_parameter['ipv6-random'] }} caddy-https-port = ${configuration:port} -nginx = {{ parameter_dict['nginx'] }} -nginx_mime = {{ parameter_dict['nginx_mime'] }} -htpasswd = {{ parameter_dict['htpasswd'] }} -slave-introspection-template = {{ parameter_dict['template_slave_introspection_httpd_nginx'] }} +nginx = {{ software_parameter_dict['nginx'] }} +nginx_mime = {{ software_parameter_dict['nginx_mime'] }} +htpasswd = {{ software_parameter_dict['htpasswd'] }} +slave-introspection-template = {{ software_parameter_dict['template_slave_introspection_httpd_nginx'] }} slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf slave-introspection-https-port = ${configuration:slave-introspection-https-port} slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access} @@ -129,14 +129,14 @@ command = [ -f ${:certificate} ] && exit 0 rm -f ${:certificate} /bin/bash -c ' \ - {{ parameter_dict['openssl'] }} req \ + {{ software_parameter_dict['openssl'] }} req \ -new -newkey rsa:2048 -sha256 \ -nodes -x509 -days 36500 \ -keyout ${:certificate} \ -subj "/CN=Self Signed IP Access" \ -reqexts SAN \ -extensions SAN \ - -config <(cat {{ parameter_dict['openssl_cnf'] }} \ + -config <(cat {{ software_parameter_dict['openssl_cnf'] }} \ <(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \ -out ${:certificate}' @@ -152,7 +152,7 @@ command = [ -f ${:certificate} ] && exit 0 rm -f ${:certificate} /bin/bash -c ' \ - {{ parameter_dict['openssl'] }} req \ + {{ software_parameter_dict['openssl'] }} req \ -new -newkey rsa:2048 -sha256 \ -nodes -x509 -days 36500 \ -keyout ${:certificate} \ @@ -168,20 +168,20 @@ slapparameter_dict = {{ dumps(instance_parameter['configuration']) }} slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }} context = import json_module json - raw profile_common {{ parameter_dict['profile_common'] }} - raw profile_logrotate_base {{ parameter_dict['profile_logrotate_base'] }} - raw profile_monitor {{ parameter_dict['profile_monitor'] }} + raw profile_common {{ software_parameter_dict['profile_common'] }} + raw profile_logrotate_base {{ software_parameter_dict['profile_logrotate_base'] }} + raw profile_monitor {{ software_parameter_dict['profile_monitor'] }} key slap_software_type :slap_software_type key slapparameter_dict :slapparameter_dict section directory directory ${:extra-context} [software-release-path] -template-empty = {{ parameter_dict['template_empty'] }} -template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }} -template-backend-haproxy-configuration = {{ parameter_dict['template_backend_haproxy_configuration'] }} -template-backend-haproxy-rsyslogd-conf = {{ parameter_dict['template_backend_haproxy_rsyslogd_conf'] }} -caddy-location = {{ parameter_dict['caddy_location'] }} +template-empty = {{ software_parameter_dict['template_empty'] }} +template-default-slave-virtualhost = {{ software_parameter_dict['template_default_slave_virtualhost'] }} +template-backend-haproxy-configuration = {{ software_parameter_dict['template_backend_haproxy_configuration'] }} +template-backend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_backend_haproxy_rsyslogd_conf'] }} +caddy-location = {{ software_parameter_dict['caddy_location'] }} [kedifa-login-config] d = ${directory:ca-dir} @@ -199,7 +199,7 @@ organizational_unit = {{ instance_parameter['configuration.frontend-name'] }} command = {% if slapparameter_dict['kedifa-caucase-url'] %} if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then - {{ parameter_dict['openssl'] }} req -new -sha256 \ + {{ software_parameter_dict['openssl'] }} req -new -sha256 \ -newkey rsa:2048 -nodes -keyout ${:key} \ -subj "/O=${:organization}/OU=${:organizational_unit}" \ -out ${:template-csr} @@ -213,7 +213,7 @@ stop-on-error = True {{ caucase.updater( prefix='caucase-updater', - buildout_bin_directory=parameter_dict['bin_directory'], + buildout_bin_directory=software_parameter_dict['bin_directory'], updater_path='${directory:service}/kedifa-login-certificate-caucase-updater', url=slapparameter_dict['kedifa-caucase-url'], data_dir='${directory:srv}/caucase-updater', @@ -231,7 +231,7 @@ certificate = ${kedifa-login-config:certificate} cas-ca-certificate = ${kedifa-login-config:cas-ca-certificate} csr = ${caucase-updater-csr:csr} crl = ${kedifa-login-config:crl} -kedifa-updater = {{ parameter_dict['kedifa-updater'] }} +kedifa-updater = {{ software_parameter_dict['kedifa-updater'] }} kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json slave_kedifa_information = {{ dumps(slapparameter_dict['slave-kedifa-information']) }} @@ -252,7 +252,7 @@ organizational_unit = {{ instance_parameter['configuration.frontend-name'] }} command = {% if slapparameter_dict['backend-client-caucase-url'] %} if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then - {{ parameter_dict['openssl'] }} req -new -sha256 \ + {{ software_parameter_dict['openssl'] }} req -new -sha256 \ -newkey rsa:2048 -nodes -keyout ${:key} \ -subj "/O=${:organization}/OU=${:organizational_unit}" \ -out ${:template-csr} @@ -266,7 +266,7 @@ stop-on-error = True {{ caucase.updater( prefix='backend-client-caucase-updater', - buildout_bin_directory=parameter_dict['bin_directory'], + buildout_bin_directory=software_parameter_dict['bin_directory'], updater_path='${directory:service}/backend-client-login-certificate-caucase-updater', url=slapparameter_dict['backend-client-caucase-url'], data_dir='${directory:srv}/backend-client-caucase-updater', @@ -280,13 +280,13 @@ stop-on-error = True [dynamic-custom-personal-profile-slave-list] < = jinja2-template-base depends = ${caddyprofiledeps:recipe} -template = {{ parameter_dict['profile_slave_list'] }} +template = {{ software_parameter_dict['profile_slave_list'] }} filename = custom-personal-instance-slave-list.cfg master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }} software_type = single-custom-personal -bin_directory = {{ parameter_dict['bin_directory'] }} -caddy_executable = {{ parameter_dict['caddy'] }} -sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel +bin_directory = {{ software_parameter_dict['bin_directory'] }} +caddy_executable = {{ software_parameter_dict['caddy'] }} +sixtunnel_executable = {{ software_parameter_dict['sixtunnel'] }}/bin/6tunnel organization = {{ slapparameter_dict['cluster-identification'] }} organizational-unit = {{ instance_parameter['configuration.frontend-name'] }} backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] }} @@ -326,7 +326,7 @@ extra-context = # Deploy Caddy Frontend with Jinja power [dynamic-caddy-frontend-template] < = jinja2-template-base -template = {{ parameter_dict['template_caddy_frontend_configuration'] }} +template = {{ software_parameter_dict['template_caddy_frontend_configuration'] }} rendered = ${caddy-configuration:frontend-configuration} local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }} extra-context = @@ -355,7 +355,7 @@ template = inline: #!/bin/sh export CADDYPATH=${directory:frontend_cluster} ulimit -n $(ulimit -Hn) - exec {{ parameter_dict['caddy'] }} \ + exec {{ software_parameter_dict['caddy'] }} \ -conf ${dynamic-caddy-frontend-template:rendered} \ -log ${caddy-configuration:error-log} \ -log-roll-mb 0 \ @@ -382,7 +382,7 @@ hash-files = ${caddy-wrapper:rendered} recipe = plone.recipe.command update-command = ${:command} filename = notfound.html -command = ln -sf {{ parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename} +command = ln -sf {{ software_parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename} [caddy-directory] recipe = slapos.cookbook:mkdirectory @@ -451,7 +451,7 @@ delaycompress = recipe = slapos.cookbook:mkdirectory configuration = ${directory:etc}/trafficserver local-state = ${directory:var}/trafficserver -bin_path = {{ parameter_dict['trafficserver'] }}/bin +bin_path = {{ software_parameter_dict['trafficserver'] }}/bin log = ${directory:log}/trafficserver cache-path = ${directory:srv}/ats_cache logrotate-backup = ${logrotate-directory:logrotate-backup}/trafficserver @@ -467,24 +467,24 @@ ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow cache-path = ${trafficserver-directory:cache-path} disk-cache-size = ${configuration:disk-cache-size} ram-cache-size = ${configuration:ram-cache-size} -templates-dir = {{ parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory +templates-dir = {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory request-timeout = ${configuration:request-timeout} [trafficserver-configuration-directory] recipe = plone.recipe.command -command = cp -rn {{ parameter_dict['trafficserver'] }}/etc/trafficserver/* ${:target} +command = cp -rn {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/* ${:target} target = ${trafficserver-directory:configuration} [trafficserver-launcher] recipe = slapos.cookbook:wrapper -command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_manager +command-line = {{ software_parameter_dict['trafficserver'] }}/bin/traffic_manager wrapper-path = ${trafficserver-variable:wrapper-path} environment = TS_ROOT=${buildout:directory} hash-existing-files = ${buildout:directory}/software_release/buildout.cfg [trafficserver-reload] recipe = slapos.cookbook:wrapper -command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_ctl config reload +command-line = {{ software_parameter_dict['trafficserver'] }}/bin/traffic_ctl config reload wrapper-path = ${trafficserver-variable:reload-path} environment = TS_ROOT=${buildout:directory} @@ -501,19 +501,19 @@ context = [trafficserver-records-config] < = trafficserver-jinja2-template-base -template = {{ parameter_dict['template_trafficserver_records_config'] }} +template = {{ software_parameter_dict['template_trafficserver_records_config'] }} filename = records.config extra-context = import os_module os [trafficserver-storage-config] < = trafficserver-jinja2-template-base -template = {{ parameter_dict['template_trafficserver_storage_config'] }} +template = {{ software_parameter_dict['template_trafficserver_storage_config'] }} filename = storage.config [trafficserver-logging-yaml] < = trafficserver-jinja2-template-base -template = {{ parameter_dict['template_trafficserver_logging_yaml'] }} +template = {{ software_parameter_dict['template_trafficserver_logging_yaml'] }} filename = logging.yaml [trafficserver-remap-config] @@ -532,14 +532,14 @@ filename = remap.config [trafficserver-plugin-config] < = trafficserver-jinja2-template-base -template = {{ parameter_dict['template_empty'] }} +template = {{ software_parameter_dict['template_empty'] }} filename = plugin.config context = key content trafficserver-variable:plugin-config [trafficserver-ip-allow-config] < = trafficserver-jinja2-template-base -template = {{ parameter_dict['template_empty'] }} +template = {{ software_parameter_dict['template_empty'] }} filename = ip_allow.config context = key content trafficserver-variable:ip-allow-config @@ -553,7 +553,7 @@ config-port = ${trafficserver-variable:input-port} [trafficserver-ctl] recipe = slapos.cookbook:wrapper -command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_ctl +command-line = {{ software_parameter_dict['trafficserver'] }}/bin/traffic_ctl wrapper-path = ${directory:bin}/traffic_ctl environment = TS_ROOT=${buildout:directory} @@ -565,10 +565,10 @@ config-wrapper-path = ${trafficserver-ctl:wrapper-path} [trafficserver-rotate-script] < = jinja2-template-base -template = {{ parameter_dict['template_rotate_script'] }} +template = {{ software_parameter_dict['template_rotate_script'] }} rendered = ${directory:bin}/trafficserver-rotate mode = 0700 -xz_binary = {{ parameter_dict['xz_location'] ~ '/bin/xz' }} +xz_binary = {{ software_parameter_dict['xz_location'] ~ '/bin/xz' }} pattern = *.old # days to keep log files keep_days = 365 @@ -592,12 +592,12 @@ command = ${trafficserver-rotate-script:rendered} ### Caddy Graceful and promises [frontend-caddy-configuration-state] < = jinja2-template-base -template = {{ parameter_dict['template_configuration_state_script'] }} +template = {{ software_parameter_dict['template_configuration_state_script'] }} rendered = ${directory:bin}/${:_buildout_section_name_} mode = 0700 path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt -sha256sum = {{ parameter_dict['sha256sum'] }} +sha256sum = {{ software_parameter_dict['sha256sum'] }} extra-context = key path_list :path_list @@ -614,7 +614,7 @@ signature_file = ${directory:run}/validate_configuration_state_signature [frontend-caddy-graceful] < = jinja2-template-base -template = {{ parameter_dict['template_graceful_script'] }} +template = {{ software_parameter_dict['template_graceful_script'] }} rendered = ${directory:etc-run}/frontend-caddy-safe-graceful mode = 0700 @@ -624,7 +624,7 @@ extra-context = [frontend-caddy-validate] < = jinja2-template-base -template = {{ parameter_dict['template_validate_script'] }} +template = {{ software_parameter_dict['template_validate_script'] }} rendered = ${directory:bin}/frontend-caddy-validate mode = 0700 last_state_file = ${directory:run}/caddy_configuration_last_state @@ -636,7 +636,7 @@ extra-context = [frontend-caddy-lazy-graceful] < = jinja2-template-base -template = {{ parameter_dict['template_caddy_lazy_script_call'] }} +template = {{ software_parameter_dict['template_caddy_lazy_script_call'] }} rendered = ${directory:bin}/frontend-caddy-lazy-graceful mode = 0700 pid-file = ${directory:run}/lazy-graceful.pid @@ -649,7 +649,7 @@ extra-context = # Promises checking configuration: [promise-helper-last-configuration-state] < = jinja2-template-base -template = {{ parameter_dict['template_empty'] }} +template = {{ software_parameter_dict['template_empty'] }} rendered = ${directory:bin}/frontend-read-last-configuration-state mode = 0700 content = @@ -730,13 +730,13 @@ statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connecti [backend-haproxy] recipe = slapos.cookbook:wrapper -command-line = {{ parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} +command-line = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} wrapper-path = ${directory:service}/backend-haproxy hash-existing-files = ${buildout:directory}/software_release/buildout.cfg [backend-haproxy-rsyslogd-lazy-graceful] < = jinja2-template-base -template = {{ parameter_dict['template_caddy_lazy_script_call'] }} +template = {{ software_parameter_dict['template_caddy_lazy_script_call'] }} rendered = ${directory:bin}/backend-haproxy-rsyslogd-lazy-graceful mode = 0700 pid-file = ${directory:run}/backend-haproxy-rsyslogd-lazy-graceful.pid @@ -761,12 +761,12 @@ delaycompress = [backend-haproxy-configuration-state] <= jinja2-template-base -template = {{ parameter_dict['template_configuration_state_script'] }} +template = {{ software_parameter_dict['template_configuration_state_script'] }} rendered = ${directory:bin}/${:_buildout_section_name_} mode = 0700 path_list = ${backend-haproxy-configuration:file} ${backend-client-login-config:certificate} -sha256sum = {{ parameter_dict['sha256sum'] }} +sha256sum = {{ software_parameter_dict['sha256sum'] }} extra-context = key path_list :path_list @@ -783,7 +783,7 @@ signature_file = ${directory:run}/backend_haproxy_validate_configuration_state_s [backend-haproxy-graceful] < = jinja2-template-base -template = {{ parameter_dict['template_graceful_script'] }} +template = {{ software_parameter_dict['template_graceful_script'] }} rendered = ${directory:etc-run}/backend-haproxy-safe-graceful mode = 0700 @@ -793,11 +793,11 @@ extra-context = [backend-haproxy-validate] <= jinja2-template-base -template = {{ parameter_dict['template_validate_script'] }} +template = {{ software_parameter_dict['template_validate_script'] }} rendered = ${directory:bin}/backend-haproxy-validate mode = 0700 last_state_file = ${directory:run}/backend_haproxy_configuration_last_state -validate_command = {{ parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c +validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c extra-context = key validate_command :validate_command key configuration_state_command backend-haproxy-configuration-state-validate:rendered @@ -811,7 +811,7 @@ config-verification-script = ${promise-backend-haproxy-configuration-helper:rend [promise-backend-haproxy-configuration-helper] < = jinja2-template-base -template = {{ parameter_dict['template_empty'] }} +template = {{ software_parameter_dict['template_empty'] }} rendered = ${directory:bin}/backend-haproxy-read-last-configuration-state mode = 0700 content = @@ -837,7 +837,7 @@ extra-context = [backend-haproxy-rsyslogd] recipe = slapos.cookbook:wrapper -command-line = {{ parameter_dict['rsyslogd_executable'] }} -i ${backend-haproxy-rsyslogd-config:pid-file} -n -f ${backend-haproxy-rsyslogd-configuration:rendered} +command-line = {{ software_parameter_dict['rsyslogd_executable'] }} -i ${backend-haproxy-rsyslogd-config:pid-file} -n -f ${backend-haproxy-rsyslogd-configuration:rendered} wrapper-path = ${directory:service}/backend-haproxy-rsyslogd hash-existing-files = ${buildout:directory}/software_release/buildout.cfg @@ -859,35 +859,35 @@ private-path-list += [monitor-traffic-summary-last-stats-wrapper] < = jinja2-template-base -template = {{ parameter_dict['template_wrapper'] }} +template = {{ software_parameter_dict['template_wrapper'] }} rendered = ${directory:bin}/traffic-summary-last-stats_every_1_hour mode = 0700 -command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ parameter_dict['trafficserver'] }}/bin/traffic_logstats -f ${trafficserver-directory:log}/squid.blog)</pre>" +command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ software_parameter_dict['trafficserver'] }}/bin/traffic_logstats -f ${trafficserver-directory:log}/squid.blog)</pre>" extra-context = key content monitor-traffic-summary-last-stats-wrapper:command # Produce ATS Cache stats [monitor-ats-cache-stats-wrapper] < = jinja2-template-base -template = {{ parameter_dict['template_wrapper'] }} +template = {{ software_parameter_dict['template_wrapper'] }} rendered = ${directory:bin}/ats-cache-stats_every_1_hour mode = 0700 -command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ parameter_dict['trafficserver'] }}/bin/traffic_shell ${monitor-ats-cache-stats-config:rendered})</pre>" +command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ software_parameter_dict['trafficserver'] }}/bin/traffic_shell ${monitor-ats-cache-stats-config:rendered})</pre>" extra-context = key content monitor-ats-cache-stats-wrapper:command [monitor-caddy-server-status-wrapper] < = jinja2-template-base -template = {{ parameter_dict['template_wrapper'] }} +template = {{ software_parameter_dict['template_wrapper'] }} rendered = ${directory:bin}/monitor-caddy-server-status-wrapper mode = 0700 -command = {{ parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1 +command = {{ software_parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1 extra-context = key content monitor-caddy-server-status-wrapper:command [monitor-ats-cache-stats-config] < = jinja2-template-base -template = {{ parameter_dict['template_empty'] }} +template = {{ software_parameter_dict['template_empty'] }} rendered = ${trafficserver-configuration-directory:target}/cache-config.stats mode = 644 context = @@ -931,12 +931,12 @@ return = domain secure_access [slave-introspection-configuration-state] <= jinja2-template-base -template = {{ parameter_dict['template_configuration_state_script'] }} +template = {{ software_parameter_dict['template_configuration_state_script'] }} rendered = ${directory:bin}/${:_buildout_section_name_} mode = 0700 path_list = ${frontend-configuration:slave-introspection-configuration} ${frontend-configuration:ip-access-certificate} -sha256sum = {{ parameter_dict['sha256sum'] }} +sha256sum = {{ software_parameter_dict['sha256sum'] }} extra-context = key path_list :path_list @@ -953,7 +953,7 @@ signature_file = ${directory:run}/slave_introspection_validate_configuration_sta [slave-introspection-graceful] < = jinja2-template-base -template = {{ parameter_dict['template_graceful_script'] }} +template = {{ software_parameter_dict['template_graceful_script'] }} rendered = ${directory:etc-run}/slave-introspection-safe-graceful mode = 0700 @@ -963,11 +963,11 @@ extra-context = [slave-introspection-validate] <= jinja2-template-base -template = {{ parameter_dict['template_validate_script'] }} +template = {{ software_parameter_dict['template_validate_script'] }} rendered = ${directory:bin}/slave-introspection-validate mode = 0700 last_state_file = ${directory:run}/slave_introspection_configuration_last_state -validate_command = {{ parameter_dict['nginx'] }} -c ${frontend-configuration:slave-introspection-configuration} -t +validate_command = {{ software_parameter_dict['nginx'] }} -c ${frontend-configuration:slave-introspection-configuration} -t extra-context = key validate_command :validate_command key configuration_state_command slave-introspection-configuration-state-validate:rendered @@ -981,7 +981,7 @@ config-verification-script = ${promise-slave-introspection-configuration-helper: [promise-slave-introspection-configuration-helper] < = jinja2-template-base -template = {{ parameter_dict['template_empty'] }} +template = {{ software_parameter_dict['template_empty'] }} rendered = ${directory:bin}/slave-introspection-read-last-configuration-state mode = 0700 content = diff --git a/software/caddy-frontend/instance-apache-replicate.cfg.in b/software/caddy-frontend/instance-apache-replicate.cfg.in index 0b66419eb3795423419cfb00aa07873fdd343518..8fa99f747284e77241b798cffacfbf8622e3ca21 100644 --- a/software/caddy-frontend/instance-apache-replicate.cfg.in +++ b/software/caddy-frontend/instance-apache-replicate.cfg.in @@ -20,7 +20,7 @@ rendered = ${buildout:directory}/${:filename} extra-context = context = import json_module json - raw profile_common {{ parameter_dict['profile_common'] }} + raw profile_common {{ software_parameter_dict['profile_common'] }} ${:extra-context} {% set popen = functools_module.partial(subprocess_module.Popen, stdout=subprocess_module.PIPE, stderr=subprocess_module.STDOUT, stdin=subprocess_module.PIPE) %} @@ -142,7 +142,7 @@ context = {% for url_key in ['url', 'https-url'] %} {% if url_key in slave %} {% set url = (slave[url_key] or '').strip() %} -{% if subprocess_module.call([parameter_dict['caddy_backend_url_validator'], url]) == 1 or not validators.url(url) %} +{% if subprocess_module.call([software_parameter_dict['caddy_backend_url_validator'], url]) == 1 or not validators.url(url) %} {% do slave_error_list.append('slave %s %r invalid' % (url_key, url)) %} {% elif url != slave[url_key] %} {% do slave_warning_list.append('slave %s %r has been converted to %r' % (url_key, slave[url_key], url)) %} @@ -151,7 +151,7 @@ context = {% endfor %} {% if 'ssl_proxy_ca_crt' in slave %} {% set ssl_proxy_ca_crt = slave.get('ssl_proxy_ca_crt', '') %} -{% set check_popen = popen([parameter_dict['openssl'], 'x509', '-noout']) %} +{% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %} {% do check_popen.communicate(ssl_proxy_ca_crt) %} {% if check_popen.returncode != 0 %} {% do slave_error_list.append('ssl_proxy_ca_crt is invalid') %} @@ -167,8 +167,8 @@ context = {% do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required') %} {% endif %} {% if slave.get('ssl_key') and slave.get('ssl_crt') %} -{% set key_popen = popen([parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %} -{% set crt_popen = popen([parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %} +{% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %} +{% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %} {% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %} {% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %} {% if not key_modulus or key_modulus != crt_modulus %} @@ -375,7 +375,7 @@ active-slave-instance-list = {{ json_module.dumps(active_slave_instance_list, so [dynamic-publish-slave-information] < = jinja2-template-base -template = {{ parameter_dict['profile_replicate_publish_slave_information'] }} +template = {{ software_parameter_dict['profile_replicate_publish_slave_information'] }} filename = dynamic-publish-slave-information.cfg extensions = jinja2.ext.do extra-context = @@ -422,7 +422,7 @@ organization = {{ cluster_identification }} organizational_unit = Automatic Internal Kedifa Caucase CSR command = if [ ! -f ${:csr} ] && [ ! -f ${:key} ] ; then - {{ parameter_dict['openssl'] }} req -new -sha256 \ + {{ software_parameter_dict['openssl'] }} req -new -sha256 \ -newkey rsa:2048 -nodes -keyout ${:key} \ -subj "/O=${:organization}/OU=${:organizational_unit}" \ -out ${:csr} @@ -438,8 +438,8 @@ stop-on-error = True recipe = slapos.recipe.template:jinja2 context = key caucase_url aikc-config:caucase-url -template = inline:#!{{ parameter_dict['dash'] }}/bin/dash - exec {{ parameter_dict['bin_directory'] }}/caucase \ +template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash + exec {{ software_parameter_dict['bin_directory'] }}/caucase \ {# raw block to use context #} {% raw %} --ca-url {{ caucase_url }} \ @@ -472,7 +472,7 @@ command = {% do part_list.append('aikc-user-caucase-updater-promise') %} {{ caucase.updater( prefix='aikc-user-caucase-updater', - buildout_bin_directory=parameter_dict['bin_directory'], + buildout_bin_directory=software_parameter_dict['bin_directory'], updater_path='${directory:service}/aikc-user-caucase-updater', url='${aikc-config:caucase-url}', data_dir='${directory:srv}/caucase-updater', @@ -503,7 +503,7 @@ recipe = slapos.recipe.template:jinja2 context = key csr_id_url request-{{ csr }}:connection-csr_id-url key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate -template = inline:#!{{ parameter_dict['dash'] }}/bin/dash +template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash test -f ${directory:aikc}/{{ csr }}-done && exit 0 ${buildout:executable} ${aikc-check-certificate:rendered} \ {# raw block to use context #} @@ -512,7 +512,7 @@ template = inline:#!{{ parameter_dict['dash'] }}/bin/dash """{{ csr_id_certificate }}""" {% endraw %} if [ $? = 0 ]; then - csr_id=`{{ parameter_dict['curl'] }}/bin/curl -s -k -g \ + csr_id=`{{ software_parameter_dict['curl'] }}/bin/curl -s -k -g \ {% raw %} {{ csr_id_url }} \ {% endraw %} @@ -554,7 +554,7 @@ organization = {{ cluster_identification }} organizational_unit = Automatic Sign Backend Client Caucase CSR command = if [ ! -f ${:csr} ] && [ ! -f ${:key} ] ; then - {{ parameter_dict['openssl'] }} req -new -sha256 \ + {{ software_parameter_dict['openssl'] }} req -new -sha256 \ -newkey rsa:2048 -nodes -keyout ${:key} \ -subj "/O=${:organization}/OU=${:organizational_unit}" \ -out ${:csr} @@ -570,8 +570,8 @@ stop-on-error = True recipe = slapos.recipe.template:jinja2 context = key caucase_url aibcc-config:caucase-url -template = inline:#!{{ parameter_dict['dash'] }}/bin/dash - exec {{ parameter_dict['bin_directory'] }}/caucase \ +template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash + exec {{ software_parameter_dict['bin_directory'] }}/caucase \ {# raw block to use context #} {% raw %} --ca-url {{ caucase_url }} \ @@ -606,7 +606,7 @@ command = {% do part_list.append('aibcc-user-caucase-updater-promise') %} {{ caucase.updater( prefix='aibcc-user-caucase-updater', - buildout_bin_directory=parameter_dict['bin_directory'], + buildout_bin_directory=software_parameter_dict['bin_directory'], updater_path='${directory:service}/aibcc-user-caucase-updater', url='${aibcc-config:caucase-url}', data_dir='${directory:srv}/caucase-updater', @@ -636,7 +636,7 @@ recipe = slapos.recipe.template:jinja2 context = key csr_id_url request-{{ csr }}:connection-backend-client-csr_id-url key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate -template = inline:#!{{ parameter_dict['dash'] }}/bin/dash +template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash test -f ${directory:aibcc}/{{ csr }}-done && exit 0 ${buildout:executable} ${aibcc-check-certificate:rendered} \ {# raw block to use context #} @@ -645,7 +645,7 @@ template = inline:#!{{ parameter_dict['dash'] }}/bin/dash """{{ csr_id_certificate }}""" {% endraw %} if [ $? = 0 ]; then - csr_id=`{{ parameter_dict['curl'] }}/bin/curl -s -k -g \ + csr_id=`{{ software_parameter_dict['curl'] }}/bin/curl -s -k -g \ {% raw %} {{ csr_id_url }} \ {% endraw %} @@ -670,7 +670,7 @@ recipe = slapos.recipe.template:jinja2 filename = rejected-slave.json directory = ${directory:promise-output} rendered = ${:directory}/${:filename} -template = {{ parameter_dict['template_empty'] }} +template = {{ software_parameter_dict['template_empty'] }} {% if rejected_slave_title_dict %} {# sort_keys are important in order to avoid shuffling parameters on each run #} content = {{ dumps(json_module.dumps(rejected_slave_title_dict, indent=2, sort_keys=True)) }} @@ -692,7 +692,7 @@ port = 14455 directory = ${rejected-slave-json:directory} url = https://${rejected-slave-password:user}:${rejected-slave-password:passwd}@[${rejected-slave-publish-configuration:ip}]:${rejected-slave-publish-configuration:port}/${rejected-slave-json:filename} recipe = slapos.cookbook:wrapper -command-line = {{ parameter_dict['caddy'] }} +command-line = {{ software_parameter_dict['caddy'] }} -conf ${rejected-slave-template:rendered} -log stderr -http2=true @@ -761,7 +761,7 @@ config-url = ${rejected-slave-publish:url} hash-existing-files = ${buildout:directory}/software_release/buildout.cfg {{ caucase.caucased( prefix='caucased-backend-client', - buildout_bin_directory=parameter_dict['bin_directory'], + buildout_bin_directory=software_parameter_dict['bin_directory'], caucased_path='${directory:service}/caucased-backend-client', backup_dir='${directory:backup-caucased}', data_dir='${directory:caucased}', @@ -773,8 +773,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg [buildout] extends = - {{ parameter_dict['profile_common'] }} - {{ parameter_dict['profile_monitor2'] }} + {{ software_parameter_dict['profile_common'] }} + {{ software_parameter_dict['profile_monitor2'] }} parts = monitor-base publish-slave-information diff --git a/software/caddy-frontend/instance-kedifa.cfg.in b/software/caddy-frontend/instance-kedifa.cfg.in index 78931586b5820ac35691a896c794112756e39c74..06600209f3c3d52793eb8293608d35081472906c 100644 --- a/software/caddy-frontend/instance-kedifa.cfg.in +++ b/software/caddy-frontend/instance-kedifa.cfg.in @@ -3,9 +3,9 @@ # KeDiFa instance profile [buildout] extends = - {{ parameter_dict['profile_common'] }} - {{ parameter_dict['profile_monitor'] }} - {{ parameter_dict['profile_logrotate_base'] }} + {{ software_parameter_dict['profile_common'] }} + {{ software_parameter_dict['profile_monitor'] }} + {{ software_parameter_dict['profile_logrotate_base'] }} parts = monitor-base @@ -36,7 +36,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg {% set caucase_url = 'http://' ~ caucase_netloc -%} {{ caucase.caucased( prefix='caucased', - buildout_bin_directory=parameter_dict['bin_directory'], + buildout_bin_directory=software_parameter_dict['bin_directory'], caucased_path='${directory:service}/caucased', backup_dir='${directory:backup-caucased}', data_dir='${directory:caucased}', @@ -83,11 +83,11 @@ organization = {{ slapparameter_dict['cluster-identification'] }} organizational_unit = Kedifa Partition command = if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then - /bin/bash -c '{{ parameter_dict['openssl'] }} req -new -sha256 \ + /bin/bash -c '{{ software_parameter_dict['openssl'] }} req -new -sha256 \ -newkey rsa:2048 -nodes -keyout ${:key} \ -subj "/O=${:organization}/OU=${:organizational_unit}" \ -reqexts SAN \ - -config <(cat {{ parameter_dict['openssl_cnf'] }} \ + -config <(cat {{ software_parameter_dict['openssl_cnf'] }} \ <(printf "\n[SAN]\nsubjectAltName=IP:${kedifa-config:ip}")) \ -out ${:template-csr}' fi @@ -98,7 +98,7 @@ stop-on-error = True {{ caucase.updater( prefix='caucase-updater', - buildout_bin_directory=parameter_dict['bin_directory'], + buildout_bin_directory=software_parameter_dict['bin_directory'], updater_path='${directory:service}/caucase-updater', url=caucase_url, data_dir='${directory:srv}/caucase-updater', @@ -119,7 +119,7 @@ csr_work_path = ${directory:tmp}/${:_buildout_section_name_} stop-on-error = False update-command = ${:command} command = - {{ parameter_dict['bin_directory'] }}/caucase \ + {{ software_parameter_dict['bin_directory'] }}/caucase \ --ca-url {{ caucase_url }} \ --ca-crt ${kedifa-config:ca-certificate} \ --crl ${kedifa-config:crl} \ @@ -138,7 +138,7 @@ stop-on-error = True update-command = ${:command} command = if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then - {{ parameter_dict['openssl'] }} req -new -newkey rsa:2048 -sha256 -subj \ + {{ software_parameter_dict['openssl'] }} req -new -newkey rsa:2048 -sha256 -subj \ "/O=${kedifa-csr:organization}/OU=${kedifa-csr:organizational_unit}/CN={{ instance_parameter['ipv6-random'] }}" \ -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate} fi @@ -171,7 +171,7 @@ config-port = ${expose-csr_id-configuration:port} [expose-csr_id] depends = ${store-csr_id:command} recipe = slapos.cookbook:wrapper -command-line = {{ parameter_dict['caddy'] }} +command-line = {{ software_parameter_dict['caddy'] }} -conf ${expose-csr_id-template:rendered} -log ${expose-csr_id-configuration:error-log} -http2=true @@ -195,7 +195,7 @@ slapparameter_dict = {{ dumps(instance_parameter['configuration']) }} slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }} context = import json_module json - raw profile_common {{ parameter_dict['profile_common'] }} + raw profile_common {{ software_parameter_dict['profile_common'] }} key slap_software_type :slap_software_type key slapparameter_dict :slapparameter_dict section directory directory @@ -215,7 +215,7 @@ logfile = ${directory:log}/kedifa.log [kedifa-reloader] <= jinja2-template-base -template = {{ parameter_dict['template_wrapper'] }} +template = {{ software_parameter_dict['template_wrapper'] }} rendered = ${directory:etc-run}/kedifa-reloader command = kill -HUP `cat ${kedifa-config:pidfile}` @@ -241,7 +241,7 @@ delaycompress = [kedifa] recipe = slapos.cookbook:wrapper -command-line = {{ parameter_dict['kedifa'] }} +command-line = {{ software_parameter_dict['kedifa'] }} --ip ${kedifa-config:ip} --port ${kedifa-config:port} --db ${kedifa-config:db} @@ -268,7 +268,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg recipe = plone.recipe.command file = ${directory:reservation}/${:_buildout_section_name_} command = - [ ! -f ${:file} ] && {{ parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file} + [ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file} update-command = ${:command} [{{ slave_reference }}-auth-random] @@ -283,7 +283,7 @@ commands = recipe = plone.recipe.command file = ${directory:reservation}/${:_buildout_section_name_} command = - [ ! -f ${:file} ] && {{ parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file} + [ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file} update-command = ${:command} [master-auth-random] diff --git a/software/caddy-frontend/instance.cfg.in b/software/caddy-frontend/instance.cfg.in index 6eac39987c44a9f4c5ee5213b4ec9ae58ba4aa0f..8ce62c2bceab270ed53d19c24634a5e95183dab0 100644 --- a/software/caddy-frontend/instance.cfg.in +++ b/software/caddy-frontend/instance.cfg.in @@ -1,5 +1,5 @@ [buildout] -extends = {{ template_frontend_parameter_dict['profile_common'] }} +extends = {{ software_parameter_dict['profile_common'] }} parts = switch-softwaretype @@ -16,7 +16,7 @@ context = key slapparameter_dict instance-parameter:configuration key slave_instance_list instance-parameter:slave-instance-list section instance_parameter instance-parameter - section parameter_dict dynamic-parameter-section + section software_parameter_dict software-parameter-section ${:extra-context} [switch-softwaretype] @@ -29,27 +29,27 @@ single-custom-personal = ${dynamic-profile-caddy-frontend:rendered} replicate = ${dynamic-profile-caddy-replicate:rendered} kedifa = ${dynamic-profile-kedifa:rendered} -[dynamic-parameter-section] -{% for key,value in template_frontend_parameter_dict.iteritems() %} +[software-parameter-section] +{% for key,value in software_parameter_dict.iteritems() %} {{ key }} = {{ dumps(value) }} {% endfor -%} [dynamic-profile-caddy-frontend] < = jinja2-template-base -template = {{ template_frontend_parameter_dict['profile_caddy_frontend'] }} +template = {{ software_parameter_dict['profile_caddy_frontend'] }} filename = instance-caddy-frontend.cfg extensions = jinja2.ext.do extra-context = import furl_module furl raw software_type single-custom-personal -caucase-jinja2-library = {{ template_frontend_parameter_dict['caucase_jinja2_library'] }} +caucase-jinja2-library = {{ software_parameter_dict['caucase_jinja2_library'] }} import-list = file caucase :caucase-jinja2-library [dynamic-profile-caddy-replicate] < = jinja2-template-base depends = ${caddyprofiledeps:recipe} -template = {{ template_frontend_parameter_dict['profile_caddy_replicate'] }} +template = {{ software_parameter_dict['profile_caddy_replicate'] }} filename = instance-caddy-replicate.cfg extensions = jinja2.ext.do extra-context = @@ -59,18 +59,18 @@ extra-context = key cluster_identification instance-parameter:root-instance-title # Must match the key id in [switch-softwaretype] which uses this section. raw software_type RootSoftwareInstance-default-custom-personal-replicate -caucase-jinja2-library = {{ template_frontend_parameter_dict['caucase_jinja2_library'] }} +caucase-jinja2-library = {{ software_parameter_dict['caucase_jinja2_library'] }} import-list = file caucase :caucase-jinja2-library [dynamic-profile-kedifa] < = jinja2-template-base -template = {{ template_frontend_parameter_dict['profile_kedifa'] }} +template = {{ software_parameter_dict['profile_kedifa'] }} filename = instance-kedifa.cfg extensions = jinja2.ext.do extra-context = raw software_type kedifa -caucase-jinja2-library = {{ template_frontend_parameter_dict['caucase_jinja2_library'] }} +caucase-jinja2-library = {{ software_parameter_dict['caucase_jinja2_library'] }} import-list = file caucase :caucase-jinja2-library diff --git a/software/caddy-frontend/software.cfg b/software/caddy-frontend/software.cfg index 3c7dc08abba414da2fa8104a774c1fd7fc649193..7ae02a673cb71dcaac8546ba5258d83cdc2ee20f 100644 --- a/software/caddy-frontend/software.cfg +++ b/software/caddy-frontend/software.cfg @@ -82,7 +82,7 @@ context = key develop_eggs_directory buildout:develop-eggs-directory key eggs_directory buildout:eggs-directory -[template-frontend-parameter-section] +[software-parameter-section] # libraries caucase_jinja2_library = ${caucase-jinja2-library:target} @@ -148,7 +148,7 @@ template = ${:_profile_base_location_}/instance.cfg.in rendered = ${buildout:directory}/template.cfg mode = 0644 context = - section template_frontend_parameter_dict template-frontend-parameter-section + section software_parameter_dict software-parameter-section [profile-caddy-frontend] recipe = slapos.recipe.build:download