Update Release Candidate

component/apache/apache-backend.conf.in

@@ -23,14 +23,14 @@
  #       #  The path given to "SSLSessionCache shmcb:<folder_path>(512000)"
  #       "ssl-session-cache": "<folder_path>",
  #
- #       #  The path given to "SSLCACertificateFile" (can be empty)
+ #       #  The path given to "SSLCACertificatePath" (can be empty)
  #       #  If this value is not empty, it enables client certificate check.
  #       #  (Enabling "SSLVerifyClient require")
- #       "ca-cert": "<file_path>",
+ #       "ca-cert-dir": "<directory_path>",
  #
- #       #  The path given to "SSLCARevocationFile" (used if ca-cert is not
+ #       #  The path given to "SSLCARevocationPath" (used if ca-cert-dir is not
  #       #  empty)
- #       "crl": "<file_path>",
+ #       "crl-dir": "<directory_path>",
  #
  #       #  The path given to "ErrorLog"
  #       "error-log": "<file_path>",
@@ -69,7 +69,7 @@
  #  From to `backend-list`:
  #   - 0.0.0.0:8000 redirecting internaly to http://10.0.0.10:8001 and
  #   - [::1]:8000 redirecting internaly to http://10.0.0.10:8001
- #  only accepting requests from clients who provide a valid SSL certificate trusted in `ca-cert`.
+ #  only accepting requests from clients who provide a valid SSL certificate trusted in `ca-cert-dir`.
  #   - 0.0.0.0:8002 redirecting internaly to http://10.0.0.10:8003
  #   - [::1]:8002 redirecting internaly to http://10.0.0.10:8003
  #  accepting requests from any client.
@@ -83,6 +83,8 @@
  #  For more details, refer to
  #  https://docs.zope.org/zope2/zope2book/VirtualHosting.html#using-virtualhostroot-and-virtualhostbase-together
 -#}
+{% set ca_cert_dir = parameter_dict.get('ca-cert-dir') -%}
+{% set crl_dir = parameter_dict.get('crl-dir') -%}
 LoadModule unixd_module modules/mod_unixd.so
 LoadModule access_compat_module modules/mod_access_compat.so
 LoadModule authz_core_module modules/mod_authz_core.so
@@ -133,15 +135,17 @@ SSLProxyEngine On
 
 # As backend is trusting Remote-User header unset it always
 RequestHeader unset Remote-User
-{% if parameter_dict['ca-cert'] -%}
+# Drop incoming X-Forwarded-For without valid client authentication
+RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
+{% if ca_cert_dir -%}
 SSLVerifyClient optional
 RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
-SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
-{%   if parameter_dict['crl'] -%}
+SSLCACertificatePath {{ ca_cert_dir }}
+{%   if crl_dir -%}
 SSLCARevocationCheck chain
-SSLCARevocationFile {{ parameter_dict['crl'] }}
-{%-   endif %}
-{%- endif %}
+SSLCARevocationPath {{ crl_dir }}
+{%   endif -%}
+{% endif -%}
 
 ErrorLog "{{ parameter_dict['error-log'] }}"
 # Default apache log format with request time in microsecond at the end
@@ -161,11 +165,9 @@ Listen {{ ip }}:{{ port }}
 {%   endfor -%}
 <VirtualHost *:{{ port }}>
   SSLEngine on
-{% if enable_authentication and parameter_dict['ca-cert'] and parameter_dict['crl'] -%}
+{%   if enable_authentication -%}
+{{     assert(ca_cert_dir) -}}
   SSLVerifyClient require
-  SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
-  SSLCARevocationCheck chain
-  SSLCARevocationFile {{ parameter_dict['crl'] }}
 
   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
 
@@ -183,11 +185,9 @@ Listen {{ ip }}:{{ port }}
 <VirtualHost {{ ip }}:{{ port }}>
   SSLEngine on
   Timeout 3600
-{%   if enable_authentication and parameter_dict['ca-cert'] and parameter_dict['crl'] -%}
+{%   if enable_authentication -%}
+{{     assert(ca_cert_dir) -}}
   SSLVerifyClient require
-  SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
-  SSLCARevocationCheck chain
-  SSLCARevocationFile {{ parameter_dict['crl'] }}
 
   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
 

component/apache/buildout.hash.cfg

@@ -14,5 +14,5 @@
 # not need these here).
 [template-apache-backend-conf]
 filename = apache-backend.conf.in
-md5sum = bb8c175a93336f0e1838fd47225426f9
+md5sum = ace264843228af84d025797f520ce70f
 

component/haproxy/buildout.cfg

@@ -13,14 +13,15 @@ parts = haproxy
 [haproxy]
 recipe = slapos.recipe.cmmi
 shared = true
-url = http://www.haproxy.org/download/1.8/src/haproxy-1.8.25.tar.gz
-md5sum = ef2164ca3b1ea9011aa271a8cbe030a4
+url = http://www.haproxy.org/download/2.0/src/haproxy-2.0.15.tar.gz
+md5sum = 59f892991476f08e2d16ac460c502f61
 configure-command = true
-# If the system is running on Linux 2.6, we use "linux26" as the TARGET,
+# for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET,
 # otherwise use "generic".
 # For ARCH value, x86_64 and i[3456]86 are supported.
 make-options =
-  TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux2628 || echo generic)"
+  TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
+  CPU=native
   ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
   PREFIX=@@LOCATION@@
   USE_DL=1

component/libestr/buildout.cfg

@@ -4,5 +4,6 @@ parts =
 
 [libestr]
 recipe = slapos.recipe.cmmi
-url = http://libestr.adiscon.com/files/download/libestr-0.1.10.tar.gz
-md5sum = f4c9165a23587e77f7efe65d676d5e8e
+url = http://libestr.adiscon.com/files/download/libestr-0.1.11.tar.gz
+md5sum = 1f25a2332750d4bfacfb314235fedff0
+shared = true

component/libfastjson/buildout.cfg

+[buildout]
+extends =
+  ../autoconf/buildout.cfg
+  ../automake/buildout.cfg
+  ../pkgconfig/buildout.cfg
+  ../m4/buildout.cfg
+
+parts =
+  libfastjson
+
+[libfastjson]
+recipe = slapos.recipe.cmmi
+url = https://github.com/rsyslog/libfastjson/archive/v0.99.8.tar.gz
+md5sum = 730713ad1d851def7ac8898f751bbfdd
+shared = true
+pre-configure =
+  autoreconf -fvi -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal -I ${automake:location}/share/aclocal
+
+environment =
+  PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:%(PATH)s
+  M4=${m4:location}/bin/m4

component/mariadb/mdev20693-mixin.cfg

+# To be extended after mariadb's buildout.cfg
+
+[mariadb]
+patches +=
+  ${:_profile_base_location_}/mdev20693.patch#34ca907d6b36ba81d75bed118243f637

component/mariadb/mdev20693.patch

+From: Sergei Petrunia <psergey@askmonty.org>
+Date: Tue, 1 Oct 2019 15:29:38 -0700
+Subject: [PATCH] #1052: ha_rocksdb::records_in_range() vastly overestimates
+ #rows (#1053)
+
+Summary:
+In ha_rocksdb::records_in_range, Do not adjust the key value. See
+issue comments for justification.
+
+The optimizer_loose_index_scans test was hitting this. The testcase
+there has a key(b,d) and queries with WHERE b=... and d>=98 (the latter
+condition not matching any rows in the table).
+Pull Request resolved: https://github.com/facebook/mysql-5.6/pull/1053
+
+Upstream commit 2b1e7918066a967b3a48fe486e5687d786aee052.
+
+diff -ur a/storage/rocksdb/ha_rocksdb.cc b/storage/rocksdb/ha_rocksdb.cc
+--- a/storage/rocksdb/ha_rocksdb.cc	2020-05-09 21:28:02.000000000 +0200
++++ b/storage/rocksdb/ha_rocksdb.cc	2020-06-24 21:14:13.090911121 +0200
+@@ -11941,11 +11941,6 @@
+         max_key->flag == HA_READ_AFTER_KEY) {
+       kd.successor(m_sk_packed_tuple_old, size2);
+     }
+-    // pad the upper key with FFFFs to make sure it is more than the lower
+-    if (size1 > size2) {
+-      memset(m_sk_packed_tuple_old + size2, 0xff, size1 - size2);
+-      size2 = size1;
+-    }
+   } else {
+     kd.get_supremum_key(m_sk_packed_tuple_old, &size2);
+   }
+@@ -11953,8 +11948,11 @@
+   const rocksdb::Slice slice1((const char *)m_sk_packed_tuple, size1);
+   const rocksdb::Slice slice2((const char *)m_sk_packed_tuple_old, size2);
+ 
+-  // slice1 >= slice2 means no row will match
++  // It's possible to get slice1 == slice2 for a non-inclusive range with the
++  // right bound being successor() of the left one, e.g. "t.key>10 AND t.key<11"
+   if (slice1.compare(slice2) >= 0) {
++    // It's not possible to get slice2 > slice1
++    DBUG_ASSERT(slice1.compare(slice2) == 0);
+     DBUG_RETURN(HA_EXIT_SUCCESS);
+   }
+ 
+diff -ur a/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result b/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result
+--- a/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result	2020-05-09 21:28:02.000000000 +0200
++++ b/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result	2020-06-24 21:14:13.082911030 +0200
+@@ -126,9 +126,9 @@
+ set optimizer_switch = 'skip_scan=off';
+ explain select a, b, c, d from t where a in (1, 5) and b in (1, 2) and d >= 98;
+ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+-1	SIMPLE	t	range	PRIMARY,b	PRIMARY	8	NULL	#	Using where; Using index
++1	SIMPLE	t	range	PRIMARY,b	b	12	NULL	#	Using where; Using index
+ rows_read
+-200
++0
+ set optimizer_switch = 'skip_scan=on,skip_scan_cost_based=off';
+ explain select a, b, c, d from t where a in (1, 5) and b in (1, 2) and d >= 98;
+ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+@@ -140,9 +140,9 @@
+ set optimizer_switch = 'skip_scan=off';
+ explain select a, b, c, d from t where a in (1, 2, 3, 4, 5) and b in (1, 2, 3) and d >= 98;
+ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+-1	SIMPLE	t	range	PRIMARY,b	PRIMARY	8	NULL	#	Using where; Using index
++1	SIMPLE	t	range	PRIMARY,b	b	12	NULL	#	Using where; Using index
+ rows_read
+-750
++0
+ set optimizer_switch = 'skip_scan=on,skip_scan_cost_based=off';
+ explain select a, b, c, d from t where a in (1, 2, 3, 4, 5) and b in (1, 2, 3) and d >= 98;
+ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+@@ -154,9 +154,9 @@
+ set optimizer_switch = 'skip_scan=off';
+ explain select a, b, c, d from t where a = 5 and b = 2 and d >= 98;
+ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+-1	SIMPLE	t	ref	PRIMARY,b	PRIMARY	8	const,const	#	Using where; Using index
++1	SIMPLE	t	range	PRIMARY,b	b	12	NULL	#	Using where; Using index
+ rows_read
+-50
++0
+ set optimizer_switch = 'skip_scan=on,skip_scan_cost_based=off';
+ explain select a, b, c, d from t where a = 5 and b = 2 and d >= 98;
+ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+@@ -271,7 +271,7 @@
+ 1
+ explain select a, b, c, d from t where (a < 1 or a = 4 or a = 5) and b in (1, 2, 3) and d >= 98;
+ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+-1	SIMPLE	t	range	PRIMARY,b	PRIMARY	8	NULL	#	Using where; Using index
++1	SIMPLE	t	range	PRIMARY,b	b	8	NULL	#	Using where; Using index
+ select count(*) from information_schema.optimizer_trace where trace like '%prefix_not_const_equality%';
+ count(*)
+ 1
+diff -ur a/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result b/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result
+--- a/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result	2020-05-09 21:28:02.000000000 +0200
++++ b/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result	2020-06-24 21:14:13.082911030 +0200
+@@ -27,3 +27,42 @@
+ date
+ 2018-10-05
+ drop table t1;
++#
++# Issue #1052: ha_rocksdb::records_in_range() vastly overestimates the number of rows in certain ranges
++#
++CREATE TABLE t1 (
++part_id smallint(5) unsigned NOT NULL,
++oid bigint(20) unsigned NOT NULL,
++tid bigint(20) unsigned NOT NULL,
++filler char(32),
++KEY tid (part_id,tid,oid)
++) ENGINE=ROCKSDB;
++create table t2(a int primary key);
++insert into t2 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
++create table t3(a int primary key);
++insert into t3 select A.a + B.a* 10 + C.a * 100 from t2 A, t2 B, t2 C;
++set rocksdb_max_row_locks=1000000;
++insert into t1
++select 
++0, 
++A.a + 1000*B.a,
++A.a + 1000*B.a,
++'filler-data'
++from t2 A, t3 B;
++insert into t1
++select 
++1,
++A.a + 1000*B.a,
++A.a + 1000*B.a,
++'filler-data'
++from t2 A, t3 B;
++set global rocksdb_force_flush_memtable_now=1;
++explain select * from t1 where part_id=0 and tid>100000000;
++id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
++1	SIMPLE	t1	range	tid	tid	10	NULL	#	Using index condition
++# We can't check "rows" in EXPLAIN output directly as that value tends
++# to change a bit. Instead, check that the value is sufficiently low
++select @a < 10 as "MUST BE 1";
++MUST BE 1
++1
++drop table t2,t3,t1;
+diff -ur a/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test b/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test
+--- a/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test	2020-05-09 21:28:02.000000000 +0200
++++ b/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test	2020-06-24 21:14:13.082911030 +0200
+@@ -31,3 +31,63 @@
+ select * from t1 where date < '2018-10-09' order by date desc limit 1;
+ drop table t1;
+ 
++
++--echo #
++--echo # Issue #1052: ha_rocksdb::records_in_range() vastly overestimates the number of rows in certain ranges
++--echo #
++
++CREATE TABLE t1 (
++  part_id smallint(5) unsigned NOT NULL,
++  oid bigint(20) unsigned NOT NULL,
++  tid bigint(20) unsigned NOT NULL,
++  filler char(32),
++  KEY tid (part_id,tid,oid)
++) ENGINE=ROCKSDB;
++
++create table t2(a int primary key);
++insert into t2 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
++
++create table t3(a int primary key);
++insert into t3 select A.a + B.a* 10 + C.a * 100 from t2 A, t2 B, t2 C;
++
++set rocksdb_max_row_locks=1000000;
++insert into t1
++select 
++  0, 
++  A.a + 1000*B.a,
++  A.a + 1000*B.a,
++  'filler-data'
++from t2 A, t3 B;
++
++insert into t1
++select 
++  1,
++  A.a + 1000*B.a,
++  A.a + 1000*B.a,
++  'filler-data'
++from t2 A, t3 B;
++set global rocksdb_force_flush_memtable_now=1;
++
++--replace_column 9 #
++explain select * from t1 where part_id=0 and tid>100000000;
++
++--echo # We can't check "rows" in EXPLAIN output directly as that value tends
++--echo # to change a bit. Instead, check that the value is sufficiently low
++
++let $explain=`explain select * from t1 where part_id=0 and tid>100000000`;
++--disable_query_log
++eval set @a= '$explain';
++set @a=(select substr(@a, 1+locate('\t', @a))); # id
++set @a=(select substr(@a, 1+locate('\t', @a))); # select_type
++set @a=(select substr(@a, 1+locate('\t', @a))); # table
++set @a=(select substr(@a, 1+locate('\t', @a))); # type
++set @a=(select substr(@a, 1+locate('\t', @a))); # possible_keys
++set @a=(select substr(@a, 1+locate('\t', @a))); # key
++set @a=(select substr(@a, 1+locate('\t', @a))); # key_len
++set @a=(select substr(@a, 1+locate('\t', @a))); # ref
++# ok now at rows
++set @a=(select substr(@a, 1, locate('\t', @a)-1)); # rows
++--enable_query_log
++
++select @a < 10 as "MUST BE 1";
++drop table t2,t3,t1;

component/powerdns/buildout.cfg

@@ -2,33 +2,42 @@
 extends =
   ../autoconf/buildout.cfg
   ../automake/buildout.cfg
-  ../bison/buildout.cfg
-  ../flex/buildout.cfg
-  ../git/buildout.cfg
   ../boost-lib/buildout.cfg
   ../libtool/buildout.cfg
   ../make/buildout.cfg
-  ../mariadb/buildout.cfg
+  ../openssl/buildout.cfg
   ../pkgconfig/buildout.cfg
-  ../ragel/buildout.cfg
   ../zlib/buildout.cfg
 
+# For geoip backend
+# https://doc.powerdns.com/authoritative/backends/geoip.html
+  ../geoip2/buildout.cfg
+  ../yaml-cpp/buildout.cfg
+
 parts =
   powerdns
 
 [powerdns]
 recipe = slapos.recipe.cmmi
-url = http://downloads.powerdns.com/releases/pdns-3.3.1.tar.gz
-md5sum = 074e2ff211fd12ecad25b5c1cc190dd4
+url = http://downloads.powerdns.com/releases/pdns-4.2.1.tar.bz2
+md5sum = b5f3998a3bc438b905c72c0473408839
 configure-options =
   --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
   --with-boost=${boost-lib:location}
-  --with-modules="geo"
+  --with-libcrypto=${openssl:location}
+  --with-modules="geoip"
   --with-dynmodules=""
   --without-lua
+  --disable-lua-records
+pkg_config_depends = ${yaml-cpp:location}/lib/pkgconfig
 environment =
-  PATH=${make:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:${bison:location}/bin:${flex:location}/bin:${git:location}/bin:${ragel:location}/bin:%(PATH)s
-  LDFLAGS=-L${boost-lib:location}/lib -Wl,-rpath=${boost-lib:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lz
-  CPPFLAGS=-I${boost-lib:location}/include
+  PATH=${autoconf:location}/bin:${automake:location}/bin:${libmaxminddb:location}/bin:${libtool:location}/bin:${make:location}/bin:${pkgconfig:location}/bin:%(PATH)s
+  LDFLAGS=-L${boost-lib:location}/lib -Wl,-rpath=${boost-lib:location}/lib -L${libmaxminddb:location}/lib -Wl,-rpath=${libmaxminddb:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${yaml-cpp:location}/lib -Wl,-rpath=${yaml-cpp:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  CPPFLAGS=-I${boost-lib:location}/include -I${libmaxminddb:location}/include -I${yaml-cpp:location}/include
+  PKG_CONFIG_PATH=${:pkg_config_depends}
+# XXX: Override the default value "-Llib -lyaml-cpp"; "-Llib" is a problem
+  YAML_LIBS = -lyaml-cpp
+make-options =
+  LIBTOOL=libtool
 make-target =
   install

component/pypy/buildout.cfg

+[buildout]
+extends =
+  ../bzip2/buildout.cfg
+  ../gdbm/buildout.cfg
+  ../libexpat/buildout.cfg
+  ../libffi/buildout.cfg
+  ../ncurses/buildout.cfg
+  ../openssl/buildout.cfg
+  ../pkgconfig/buildout.cfg
+  ../sqlite3/buildout.cfg
+  ../zlib/buildout.cfg
+
+[pycparser-shared]
+# XXX:
+recipe = slapos.recipe.cmmi
+shared = true
+url = https://github.com/eliben/pycparser/archive/release_v2.20.tar.gz
+md5sum = a5d9ea5350a8edb8239af73913ea2858
+configure-command = :
+make-binary =
+make-targets = python setup.py install --install-lib @@LOCATION@@
+
+[pypy2]
+recipe = slapos.recipe.cmmi
+shared = true
+url = https://bitbucket.org/pypy/pypy/downloads/pypy2.7-v7.3.1-src.tar.bz2
+md5sum = 7608bd58940ffc5403632c2c786d83bb
+configure-command =
+  sed -i '/"_tkinter":/s/^/#/' lib_pypy/tools/build_cffi_imports.py
+  cat <<EOF > Makefile
+  PREFIX = @@LOCATION@@
+  export PYPY_USESSION_BASENAME=slapos
+  export TMPDIR=\$(realpath ..)
+  all: pypy/goal/pypy-c lib_pypy/tools/build_cffi_imports.py
+  	\$^
+  c_src_dir:
+  	cd pypy/goal && PYTHONPATH=${pycparser-shared:location} $${PYTHON:-python2}  ../../rpython/bin/rpython --batch --source --opt=jit --shared targetpypystandalone
+  	ln -s ../usession-\$\$PYPY_USESSION_BASENAME-\$\$USER/testing_1 \$@
+  pypy/goal/pypy-c: c_src_dir
+  	\$(MAKE) -C \$<
+  	mv \$</libpypy-c.so \$</pypy-c pypy/goal
+  	touch \$@
+  install:
+  	mkdir -p \$(PREFIX)/bin \$(PREFIX)/include
+  	find lib_pypy lib-python/2.7 -type d '(' '(' -name __pycache__ -o -name _tkinter -o -name test -o -name tests ')' -prune -o -print ')' \
+  	|while read d; do mkdir -p \$(PREFIX)/\$\$d && find \$\$d -maxdepth 1 -type f ! -name '*.o' ! -name '*.c' |xargs -r cp -t \$(PREFIX)/\$\$d; done
+  	d=lib-python/2.7/test && mkdir -p \$(PREFIX)/\$\$d && for x in __init__ pystone regrtest test_support; do echo \$\$d/\$\$x.py; done |xargs -r cp -t \$(PREFIX)/\$\$d
+  	cd lib-python && cp conftest.py stdlib-version.* \$(PREFIX)/lib-python
+  	cp -r include/pypy_*.h include/PyPy.h pypy/module/cpyext/include/* pypy/module/cpyext/parse/* \$(PREFIX)/include
+  	cd pypy/goal && cp libpypy-c.so \$(PREFIX)/bin && cp pypy-c \$(PREFIX)/bin/pypy
+environment =
+  C_INCLUDE_PATH=${bzip2:location}/include:${gdbm:location}/include:${libexpat:location}/include:${ncurses:location}/include:${ncurses:location}/include/ncursesw:${openssl:location}/include:${sqlite3:location}/include:${zlib:location}/include
+  LDFLAGS=-L${bzip2:location}/lib -L${gdbm:location}/lib -L${libexpat:location}/lib -L${libffi:location}/lib -L${ncurses:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -L${zlib:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib
+  PATH=${pkgconfig:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${libffi:location}/lib/pkgconfig

component/rsyslogd/buildout.cfg

@@ -2,21 +2,25 @@
 parts =
   rsyslogd
 extends =
+  ../curl/buildout.cfg
   ../libestr/buildout.cfg
-  ../json-c/buildout.cfg
+  ../libfastjson/buildout.cfg
   ../libuuid/buildout.cfg
   ../zlib/buildout.cfg
 
 [rsyslogd]
 recipe = slapos.recipe.cmmi
-url = http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.12.0.tar.gz
-md5sum = c31c2d545c8a3b8695bdf076851d1517
+url = https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2004.0.tar.gz
+md5sum = 375a60ab0f461367f84f07a5dbda6de2
+shared = true
 configure-options =
   --disable-klog
   --disable-libgcrypt
   --disable-liblogging-stdlog
+  --disable-libsystemd
 environment =
-  PKG_CONFIG_PATH=${libestr:location}/lib/pkgconfig:${json-c:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig
-  CPPFLAGS=-I${libestr:location}/include -I${json-c:location}/include -I${libuuid:location}/include -I${zlib:location}/include
-  LDFLAGS=-Wl,-rpath=${libestr:location}/lib -Wl,-rpath=${json-c:location}/lib -Wl,-rpath=${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  PATH=${pkgconfig:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${libestr:location}/lib/pkgconfig:${curl:location}/lib/pkgconfig:${libfastjson:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig
+  CPPFLAGS=-I${libestr:location}/include -I${curl:location}/include -I${libfastjson:location}/include -I${libuuid:location}/include -I${zlib:location}/include
+  LDFLAGS=-Wl,-rpath=${libestr:location}/lib -Wl,-rpath=${curl:location}/lib -Wl,-rpath=${libfastjson:location}/lib -Wl,-rpath=${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
   ZLIB_CFLAGS=-I${zlib:location}/include

component/slapos/obs.cfg

@@ -86,8 +86,12 @@ environment +=
 pre-configure =
   sed -i 's#/opt/slapos/parts/dbus/lib/libdbus-1.la#${dbus:location}/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la
 environment +=
+  PATH=${pkgconfig:location}/bin:${python:location}/bin:%(PATH)s
   LD_LIBRARY_PATH=${dbus:location}/lib
   LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${dbus:location}/lib -Wl,-rpath=${dbus:location}/lib
+  PYTHON=${python:location}/bin/python${python:version}
+  PYTHON_INCLUDES=-I${python:location}/include/python${python:version}
+  PYTHON_LIBS=-L${python:location}/lib -lpython${python:version} -lpthread -ldl -lutil -lm
 post-install =
   sed -i 's#${dbus:location}/lib/libdbus-1.la#/opt/slapos/parts/dbus/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la
 
@@ -110,7 +114,7 @@ make-options =
 
 [gobject-introspection]
 pre-configure =
-  ln -s ${python2.7:location}/bin/python2.7 ${python2.7:location}/bin/python2.
+  ln -s ${python:location}/bin/python${python:version} ${python:location}/bin/python2.
   sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config
   libtoolize -c -f
   aclocal -I${pkgconfig:location}/share/aclocal -I${gettext:location}/share/aclocal -I${libtool:location}/share/aclocal -I${glib:location}/share/aclocal
@@ -120,24 +124,24 @@ configure-options +=
 environment +=
   PATH=${autoconf:location}/bin:${automake:location}/bin:${pkgconfig:location}/bin:${libtool:location}/bin:${intltool:location}/bin:${gettext:location}/bin:${glib:location}/bin:${flex:location}/bin:${bison-go:location}/bin:%(PATH)s
   GIR_DIR=${buildout:parts-directory}/${:_buildout_section_name_}/share/gir-1.0
-  CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${python2.7:location}/include/python2.7
-  LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi -L${python2.7:location}/lib
+  CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${python:location}/include/python${python:version}
+  LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi -L${python:location}/lib
   ACLOCAL_PATH=${pkgconfig:location}/share/aclocal:${gettext:location}/share/aclocal:${libtool:location}/share/aclocal:${glib:location}/share/aclocal:${intltool:location}/share/aclocal
   M4=${m4:location}/bin/m4
   PERL5LIB=${perl:location}/lib/5.28.1/
 
 post-install = 
-  sed -i 's#!${python2.7:location}/bin/python2.7#!/opt/slapos/parts/python2.7/bin/python2.7#' ${python2.7:location}/bin/python-config
+  sed -i 's#!${python:location}/bin/python${python:version}#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#' ${python:location}/bin/python-config
   rm -rf ${bison-go:location}
 
 [pygobject3]
 pre-configure +=
-  sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config
+  sed -i 's#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#!${python:location}/bin/python${python:version}#' ${python:location}/bin/python-config
 environment +=
-  CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${gettext:location}/include -I${libffi:location}/include -I${python2.7:location}/include/python2.7
-  LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${python2.7:location}/lib
+  CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${gettext:location}/include -I${libffi:location}/include -I${python:location}/include/python${python:version}
+  LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${python:location}/lib
 post-install =
-  sed -i 's#!${python2.7:location}/bin/python2.7#!/opt/slapos/parts/python2.7/bin/python2.7#' ${python2.7:location}/bin/python-config
+  sed -i 's#!${python:location}/bin/python${python:version}#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#' ${python:location}/bin/python-config
 
 [ncurses]
 configure-options =

component/sysbench/buildout.cfg

@@ -16,7 +16,6 @@ shared = true
 url = https://github.com/akopytov/sysbench/archive/1.0.19.tar.gz
 md5sum = 2912bfe7238cac7351459019a84e2557
 pre-configure =
-  aclocal -I${pkgconfig:location}/share/aclocal -I${libtool:location}/share/aclocal -I${gettext:location}/share/aclocal
   ./autogen.sh
 configure-options =
   --disable-static

component/yaml-cpp/buildout.cfg

+[buildout]
+extends =
+  ../cmake/buildout.cfg
+
+parts =
+  yaml-cpp
+
+[yaml-cpp]
+recipe = slapos.recipe.cmmi
+shared = true
+url = https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-0.6.3.tar.gz
+md5sum = b45bf1089a382e81f6b661062c10d0c2
+location = @@LOCATION@@
+configure-command =
+  mkdir build && cd build && \
+  ${cmake:location}/bin/cmake \
+    -DYAML_BUILD_SHARED_LIBS=ON \
+    -DCMAKE_INSTALL_PREFIX=${:location} \
+    ..
+make-options = -C build

slapos/recipe/haproxy/template/haproxy.cfg.in

@@ -3,10 +3,7 @@ global
   stats socket %(socket_path)s level admin
 
 defaults
-  log global
   mode  http
-  option  httplog
-  option  dontlognull
   retries 1
   option redispatch
   maxconn 2000
@@ -23,11 +20,11 @@ defaults
   timeout connect 5s
   # As requested in haproxy doc, make this "at least equal to timeout server".
   timeout client 305s
-  # Use "option forceclose" to not preserve client & server persistent connections
+  # Use "option httpclose" to not preserve client & server persistent connections
   # while handling every incoming request individually, dispatching them one after
   # another to servers, in HTTP close mode. This is really needed when haproxy
   # is configured with maxconn to 1, without this options browser are unable
   # to render a page
-  option forceclose
+  option httpclose
 
 %(server_text)s

software/caddy-frontend/README.caddy_frontend.rst

@@ -237,14 +237,6 @@ Will append the specified path to the "VirtualHostRoot" of the zope's VirtualHos
 "path" is an optional parameter, ignored if not specified.
 Example of value: "/erp5/web_site_module/hosting/"
 
-caddy_custom_https
-~~~~~~~~~~~~~~~~~~
-Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
-
-caddy_custom_http
-~~~~~~~~~~~~~~~~~
-Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above
-
 url
 ~~~
 Necessary to activate cache. ``url`` of backend to use.
@@ -359,33 +351,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
     partition_parameter_kw={
         "url":"https://[1:2:3:4:5:6:7:8]:1234",
 
-        "caddy_custom_https":'
-  https://www.example.com:%(https_port)s, https://example.com:%(https_port)s {
-    bind %(local_ipv4)s
-    tls %(certificate)s %(certificate)s
-
-    log / %(access_log)s {combined}
-    errors %(error_log)s
-
-    proxy / https://[1:2:3:4:5:6:7:8]:1234 {
-      transparent
-      timeout 600s
-      insecure_skip_verify
-    }
-  }
-        "caddy_custom_http":'
-  http://www.example.com:%(http_port)s, http://example.com:%(http_port)s {
-    bind %(local_ipv4)s
-    log / %(access_log)s {combined}
-    errors %(error_log)s
-  
-    proxy / https://[1:2:3:4:5:6:7:8]:1234/ {
-      transparent
-      timeout 600s
-      insecure_skip_verify
-    }
-  }
-
 Simple Cache Example - XXX - to be written
 ------------------------------------------
 
@@ -402,40 +367,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
 	"domain": "www.example.org",
 	"enable_cache": "True",
 
-        "caddy_custom_https":'
-  ServerName www.example.org
-  ServerAlias www.example.org
-  ServerAlias example.org
-  ServerAdmin geronimo@example.org
-  SSLEngine on
-  SSLProxyEngine on
-  # Rewrite part
-  ProxyVia On
-  ProxyPreserveHost On
-  ProxyTimeout 600
-  RewriteEngine On
-  RewriteRule ^/(.*) %(cache_access)s/$1 [L,P]',
-
-        "caddy_custom_http":'
-  ServerName www.example.org
-  ServerAlias www.example.org
-  ServerAlias example.org
-  ServerAdmin geronimo@example.org
-  SSLProxyEngine on
-  # Rewrite part
-  ProxyVia On
-  ProxyPreserveHost On
-  ProxyTimeout 600
-  RewriteEngine On
-
-  # Not using HTTPS? Ask that guy over there.
-  # Dummy redirection to https. Note: will work only if https listens
-  # on standard port (443).
-  RewriteRule ^/(.*) %(cache_access)s/$1 [L,P],
-    }
-  )
-
-
 Advanced example - XXX - to be written
 --------------------------------------
 
@@ -457,56 +388,6 @@ the proxy::
         "path":"/erp5",
         "domain":"example.org",
 
-  	"caddy_custom_https":'
-  ServerName www.example.org
-  ServerAlias www.example.org
-  ServerAdmin example.org
-  SSLEngine on
-  SSLProxyEngine on
-  SSLProtocol all -SSLv2 -SSLv3
-  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
-  SSLHonorCipherOrder on
-  # Use personal ssl certificates
-  SSLCertificateFile %(ssl_crt)s
-  SSLCertificateKeyFile %(ssl_key)s
-  SSLCACertificateFile %(ssl_ca_crt)s
-  SSLCertificateChainFile %(ssl_ca_crt)s
-  # Configure personal logs
-  ErrorLog "%(error_log)s"
-  LogLevel info
-  LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
-  CustomLog "%(access_log)s" combined
-  # Rewrite part
-  ProxyVia On
-  ProxyPreserveHost On
-  ProxyTimeout 600
-  RewriteEngine On
-  # Redirect / to /index.html
-  RewriteRule ^/$ /index.html [R=302,L]
-  # Use cache
-  RewriteRule ^/(.*) %(cache_access)s/VirtualHostBase/https/www.example.org:443/erp5/VirtualHostRoot/$1 [L,P]',
-
-    "caddy_custom_http":'
-  ServerName www.example.org
-  ServerAlias www.example.org
-  ServerAlias example.org
-  ServerAdmin geronimo@example.org
-  SSLProxyEngine on
-  # Rewrite part
-  ProxyVia On
-  ProxyPreserveHost On
-  ProxyTimeout 600
-  RewriteEngine On
-  # Configure personal logs
-  ErrorLog "%(error_log)s"
-  LogLevel info
-  LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
-  CustomLog "%(access_log)s" combined
-  # Not using HTTPS? Ask that guy over there.
-  # Dummy redirection to https. Note: will work only if https listens
-  # on standard port (443).
-  RewriteRule ^/(.*)$ https://%%{SERVER_NAME}%%{REQUEST_URI}',
-
     "ssl_key":"-----BEGIN RSA PRIVATE KEY-----
   XXXXXXX..........XXXXXXXXXXXXXXX
   -----END RSA PRIVATE KEY-----",
@@ -522,20 +403,6 @@ the proxy::
     }
   )
 
-QUIC Protocol
-=============
-
-Note: QUIC support in Caddy is really experimental. It can result with silently having problems with QUIC connections or hanging Caddy process. So in case of QUIC error ``QUIC_NETWORK_IDLE_TIMEOUT`` or ``QUIC_PEER_GOING_AWAY`` it is required to restart caddy process.
-
-Note: Chrome will refuse to connect to QUIC on different port then HTTPS has been served. As Caddy binds to high ports, if QUIC is wanted, the browser need to connect to high port too.
-
-Experimental QUIC available in Caddy is not configurable. If caddy is configured to bind to HTTPS port ``${port}``, QUIC is going to be advertised on this port only. It is not possible to configure another public port in case of port rewriting.
-
-So it is required to ``DNAT`` from ``${public IP}`` of the computer to the computer partition running caddy ``${local IP}`` with configured port::
-
-  iptables -A DNAT -d ${public IP}/32 -p udp -m udp --dport ${port} -j DNAT --to-destination ${local IP}:${port}
-
-
 Promises
 ========
 
@@ -621,3 +488,8 @@ Each `caddy-frontend-N` partition downloads certificates from the kedifa server.
 Caucase (exposed by ``kedifa-caucase-url`` in master partition parameters) is used to handle certificates for authentication to kedifa server.
 
 If ``automatic-internal-kedifa-caucase-csr`` is enabled (by default it is) there are scripts running on master partition to simulate human to sign certificates for each caddy-frontend-N node.
+
+Support for X-Real-Ip and X-Forwarded-For
+-----------------------------------------
+
+X-Forwarded-For and X-Real-Ip are transmitted to the backend, but only for IPv4 access to the frontend. In case of IPv6 access, the provided IP will be wrong, because of using 6tunnel.

software/caddy-frontend/buildout.hash.cfg

@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = 816bc8179cf4195a35e07f22c36679fa
+md5sum = 20f7a925e686949092823595c79a0523
 
 [template-common]
 filename = instance-common.cfg.in
@@ -22,26 +22,22 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
 
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = 60aefa15002b04665a95a6c197eac5ab
+md5sum = 0851faa528eb4f21330a6f23f77dea7f
 
 [template-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 087bd9404cd120bd7602a9fbfcddc064
+md5sum = a544bf7586f5945bbf108abe9818c7dd
 
 [template-slave-list]
-filename = templates/apache-custom-slave-list.cfg.in
-md5sum = d96fea7dd4d7f0a157c86d25a263d8e1
-
-[template-slave-configuration]
-filename = templates/custom-virtualhost.conf.in
-md5sum = 54ae95597a126ae552c3a913ddf29e5e
+_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
+md5sum = 9da1616d203e4909af37e658aa923d95
 
 [template-replicate-publish-slave-information]
-filename = templates/replicate-publish-slave-information.cfg.in
+_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
 md5sum = 7e3ee70c447f8203273d78f66ab519c3
 
 [template-caddy-frontend-configuration]
-filename = templates/Caddyfile.in
+_update_hash_filename_ = templates/Caddyfile.in
 md5sum = f0faf6d2e6c187df7e25bf717676f9df
 
 [caddy-backend-url-validator]
@@ -49,63 +45,63 @@ filename = templates/caddy-backend-url-validator.in
 md5sum = 0979a03476e86bf038516c9565dadc17
 
 [template-not-found-html]
-filename = templates/notfound.html
+_update_hash_filename_ = templates/notfound.html
 md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 
 [template-default-slave-virtualhost]
-filename = templates/default-virtualhost.conf.in
-md5sum = 7e26935bb6daf00d8fc01d97eebc7abd
+_update_hash_filename_ = templates/default-virtualhost.conf.in
+md5sum = a72e9056eeda3c7c794f6f6560056380
 
 [template-cached-slave-virtualhost]
-filename = templates/cached-virtualhost.conf.in
-md5sum = a73839d777fbd548286bbeccf47be335
+_update_hash_filename_ = templates/cached-virtualhost.conf.in
+md5sum = e839ca3cb308f7fcdfa06c2f1b95e93f
 
 [template-log-access]
-filename = templates/template-log-access.conf.in
+_update_hash_filename_ = templates/template-log-access.conf.in
 md5sum = f8068179333ce19e95df561c70073857
 
 [template-empty]
-filename = templates/empty.in
+_update_hash_filename_ = templates/empty.in
 md5sum = c2314c3a9c3412a38d14b312d3df83c1
 
 [template-wrapper]
-filename = templates/wrapper.in
+_update_hash_filename_ = templates/wrapper.in
 md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
 
 [template-trafficserver-records-config]
-filename = templates/trafficserver/records.config.jinja2
-md5sum = 3a4e378932ffc7768426bb7a897e2c45
+_update_hash_filename_ = templates/trafficserver/records.config.jinja2
+md5sum = f3f31188de56bb35383335b3219537f4
 
 [template-trafficserver-storage-config]
-filename = templates/trafficserver/storage.config.jinja2
+_update_hash_filename_ = templates/trafficserver/storage.config.jinja2
 md5sum = baf7b89cc9ab5506100b0c900808c1ea
 
 [template-trafficserver-logging-config]
-filename = templates/trafficserver/logging.config.jinja2
+_update_hash_filename_ = templates/trafficserver/logging.config.jinja2
 md5sum = 6aed31174dc262ced02f31624321df41
 
 [template-nginx-eventsource-slave-virtualhost]
-filename = templates/nginx-eventsource-slave.conf.in
+_update_hash_filename_ = templates/nginx-eventsource-slave.conf.in
 md5sum = 217a6c801b8330b0b825f7b8b4c77184
 
 [template-caddy-lazy-script-call]
-filename = templates/apache-lazy-script-call.sh.in
+_update_hash_filename_ = templates/apache-lazy-script-call.sh.in
 md5sum = b9f73f6323f9fceea054c46c854d2862
 
 [template-graceful-script]
-filename = templates/graceful-script.sh.in
+_update_hash_filename_ = templates/graceful-script.sh.in
 md5sum = 061cc244558fd3af2b6bacf17cae5555
 
 [template-validate-script]
-filename = templates/validate-script.sh.in
+_update_hash_filename_ = templates/validate-script.sh.in
 md5sum = f26e11574f266c7437c9c89e3c93825a
 
 [template-configuration-state-script]
-filename = templates/configuration-state-script.sh.in
+_update_hash_filename_ = templates/configuration-state-script.sh.in
 md5sum = 4d2537d2698d32a7e909989f8778d144
 
 [template-rotate-script]
-filename = templates/rotate-script.sh.in
+_update_hash_filename_ = templates/rotate-script.sh.in
 md5sum = 8c150e1e6c993708d31936742f3a7302
 
 [caddyprofiledeps-setup]

software/caddy-frontend/common.cfg

@@ -119,15 +119,10 @@ template_default_slave_virtualhost = ${template-default-slave-virtualhost:target
 template_empty = ${template-empty:target}
 template_log_access = ${template-log-access:target}
 template_not_found_html = ${template-not-found-html:target}
-template_slave_configuration = ${template-slave-configuration:target}
 template_slave_list = ${template-slave-list:target}
-template_trafficserver_records_config = ${template-trafficserver-records-config:location}
-template_trafficserver_records_config_filename = ${template-trafficserver-records-config:filename}
-template_trafficserver_records_config_location = ${template-trafficserver-records-config:location}
-template_trafficserver_storage_config_filename = ${template-trafficserver-storage-config:filename}
-template_trafficserver_storage_config_location = ${template-trafficserver-storage-config:location}
-template_trafficserver_logging_config_filename = ${template-trafficserver-logging-config:filename}
-template_trafficserver_logging_config_location = ${template-trafficserver-logging-config:location}
+template_trafficserver_records_config = ${template-trafficserver-records-config:target}
+template_trafficserver_storage_config = ${template-trafficserver-storage-config:target}
+template_trafficserver_logging_config = ${template-trafficserver-logging-config:target}
 template_wrapper = ${template-wrapper:output}
 
 [template]
@@ -155,8 +150,7 @@ mode = 0644
 
 [caddy-backend-url-validator]
 recipe = slapos.recipe.template
-url = ${:_profile_base_location_}/templates/${:filename}
-filename = caddy-backend-url-validator.in
+url = ${:_profile_base_location_}/${:filename}
 output = ${buildout:directory}/caddy-backend-url-validator
 mode = 0750
 
@@ -172,44 +166,32 @@ mode = 0644
 
 [download-template]
 recipe = slapos.recipe.build:download
-url = ${:_profile_base_location_}/templates/${:filename}
+url = ${:_profile_base_location_}/${:_update_hash_filename_}
 mode = 640
 
 [template-slave-list]
 <=download-template
-filename = apache-custom-slave-list.cfg.in
-
-[template-slave-configuration]
-<=download-template
-filename = custom-virtualhost.conf.in
 
 [template-replicate-publish-slave-information]
 <=download-template
-filename = replicate-publish-slave-information.cfg.in
 
 [template-caddy-frontend-configuration]
 <=download-template
-filename = Caddyfile.in
 
 [template-not-found-html]
 <=download-template
-filename = notfound.html
 
 [template-default-slave-virtualhost]
 <=download-template
-filename = default-virtualhost.conf.in
 
 [template-cached-slave-virtualhost]
 <=download-template
-filename = cached-virtualhost.conf.in
 
 [template-log-access]
 <=download-template
-filename = template-log-access.conf.in
 
 [template-empty]
 <=download-template
-filename = empty.in
 
 [template-wrapper]
 recipe = slapos.recipe.template
@@ -219,35 +201,24 @@ mode = 0644
 
 [template-trafficserver-records-config]
 <=download-template
-url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
-filename = records.config.jinja2
 
 [template-trafficserver-storage-config]
 <=download-template
-url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
-filename = storage.config.jinja2
 
 [template-trafficserver-logging-config]
 <=download-template
-url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
-filename = logging.config.jinja2
 
 [template-rotate-script]
 <=download-template
-filename = rotate-script.sh.in
 
 [template-caddy-lazy-script-call]
 <=download-template
-filename = apache-lazy-script-call.sh.in
 
 [template-graceful-script]
 <=download-template
-filename = graceful-script.sh.in
 
 [template-validate-script]
 <=download-template
-filename = validate-script.sh.in
 
 [template-configuration-state-script]
 <=download-template
-filename = configuration-state-script.sh.in

software/caddy-frontend/instance-apache-frontend.cfg.in

@@ -15,7 +15,6 @@ parts =
   caucase-updater
   caucase-updater-promise
   frontend-caddy-graceful
-  not-found-html
   port-redirection
   promise-frontend-caddy-configuration
   promise-caddy-frontend-v4-https
@@ -147,7 +146,6 @@ context =
 
 [software-release-path]
 template-empty = {{ parameter_dict['template_empty'] }}
-template-slave-configuration = {{ parameter_dict['template_slave_configuration'] }}
 template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }}
 template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }}
 caddy-location = {{ parameter_dict['caddy_location'] }}
@@ -249,7 +247,6 @@ extra-context =
     key local_ipv6 :local_ipv6
     key global_ipv6 slap-network-information:global-ipv6
     key empty_template software-release-path:template-empty
-    key template_custom_slave_configuration software-release-path:template-slave-configuration
     key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
     key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost
     key software_type :software_type
@@ -278,19 +275,6 @@ extra-context =
     key apache_certificate apache-certificate:rendered
 # BBB: SlapOS Master non-zero knowledge END
 
-[dynamic-virtualhost-template-slave]
-<= jinja2-template-base
-template = {{ parameter_dict['template_slave_configuration'] }}
-rendered = ${directory:template}/slave-virtualhost.conf.in
-# BBB: apache_custom_https and apache_custom_http
-extra-context =
-    key https_port configuration:port
-    key http_port configuration:plain_http_port
-    key apache_custom_https configuration:apache_custom_https
-    key apache_custom_http configuration:apache_custom_http
-    key caddy_custom_https configuration:caddy_custom_https
-    key caddy_custom_http configuration:caddy_custom_http
-
 # Deploy Caddy Frontend with Jinja power
 [dynamic-caddy-frontend-template]
 < = jinja2-template-base
@@ -334,9 +318,6 @@ template = inline:
   -http2=false \
 {% else %}
   -http2=true \
-{% endif %}
-{% if instance_parameter['configuration.enable-quic'].lower() in TRUE_VALUES %}
-  -quic \
 {% endif %}
   -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s \
   -disable-http-challenge \
@@ -353,10 +334,10 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 hash-files = ${caddy-wrapper:rendered}
 
 [not-found-html]
-recipe = slapos.cookbook:symbolic.link
-target-directory = ${caddy-directory:document-root}
-link-binary =
-	    {{ parameter_dict['template_not_found_html'] }}
+recipe = plone.recipe.command
+update-command = ${:command}
+filename = notfound.html
+command = ln -sf  {{ parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename}
 
 [caddy-directory]
 recipe = slapos.cookbook:mkdirectory
@@ -377,7 +358,7 @@ access-log = ${directory:log}/frontend-access.log
 error-log = ${directory:log}/frontend-error.log
 pid-file = ${directory:run}/httpd.pid
 frontend-graceful-command = ${frontend-caddy-validate:rendered} && kill -USR1 $(cat ${:pid-file})
-not-found-file = ${caddy-directory:document-root}/notfound.html
+not-found-file = ${caddy-directory:document-root}/${not-found-html:filename}
 master-certificate = ${caddy-directory:master-autocert-dir}/master.pem
 # Communication with ATS
 cache-port = ${trafficserver-variable:input-port}
@@ -478,19 +459,19 @@ context =
 
 [trafficserver-records-config]
 < = trafficserver-jinja2-template-base
-template = {{ parameter_dict['template_trafficserver_records_config_location'] }}/{{ parameter_dict['template_trafficserver_records_config_filename'] }}
+template = {{ parameter_dict['template_trafficserver_records_config'] }}
 filename = records.config
 extra-context =
     import os_module os
 
 [trafficserver-storage-config]
 < = trafficserver-jinja2-template-base
-template = {{ parameter_dict['template_trafficserver_storage_config_location'] }}/{{ parameter_dict['template_trafficserver_storage_config_filename'] }}
+template = {{ parameter_dict['template_trafficserver_storage_config'] }}
 filename = storage.config
 
 [trafficserver-logging-config]
 < = trafficserver-jinja2-template-base
-template = {{ parameter_dict['template_trafficserver_logging_config_location'] }}/{{ parameter_dict['template_trafficserver_logging_config_filename'] }}
+template = {{ parameter_dict['template_trafficserver_logging_config'] }}
 filename = logging.config
 
 [trafficserver-remap-config]

software/caddy-frontend/instance-apache-replicate.cfg.in

@@ -78,13 +78,12 @@ context =
                                   }) %}
 {% endfor %}
 
-{% set authorized_slave_string_list = slapparameter_dict.pop('-frontend-authorized-slave-string', '').split() %}
+{% set authorized_slave_string_list = [] %}
 {% set authorized_slave_list = [] %}
 {% set rejected_slave_dict = {} %}
 {% set rejected_slave_title_dict = {} %}
 {% set warning_slave_dict = {} %}
 {% set used_host_list = [] %}
-{% set unauthorized_message = 'slave not authorized' %}
 {% for slave in sorted(slave_instance_list) %}
 {%   set slave_error_list = [] %}
 {%   set slave_warning_list = [] %}
@@ -104,7 +103,6 @@ context =
 {%       endif %}
 {%     endfor %}
 {%   endif %}
-{#   BBB: apache_custom_https AND apache_custom_http #}
 {%   set custom_domain = slave.get('custom_domain') %}
 {%   if custom_domain and custom_domain in used_host_list %}
 {%      do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %}
@@ -133,15 +131,6 @@ context =
 {%     endfor %}
 {%     do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %}
 {%   endif %}
-{%   for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %}
-{%     if slave.get(key) %}
-{%       if not slave.get('slave_reference') in authorized_slave_string_list %}
-{%         if not unauthorized_message in slave_error_list %}
-{%           do slave_error_list.append(unauthorized_message) %}
-{%         endif %}
-{%       endif %}
-{%     endif %}
-{%   endfor %} {# for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] #}
 {%   if slave.get('url') %}
 {%     if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1 %}
 {%       do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %}

software/caddy-frontend/instance-caddy-input-schema.json

 {
   "$schema": "http://json-schema.org/draft-04/schema",
   "properties": {
-    "-frontend-authorized-slave-string": {
-      "description": "List of SOFTINST-XXX of Slaves, separated by space which is allowed to use custom configuration.",
-      "title": "Authorized Slave String",
-      "type": "string"
-    },
     "-frontend-quantity": {
       "description": "Quantity of Frontends Replicate.",
       "title": "Frontend Replication Quantity",
@@ -71,16 +66,6 @@
       "title": "Test Verification URL",
       "type": "string"
     },
-    "enable-quic": {
-      "default": "false",
-      "description": "Enables QUIC - Quick UDP Internet Connections. Note that this is experimental feature, thus can result in undefined behaviour. Warning: Changing the parameter will result in restarting Caddy process.",
-      "enum": [
-        "true",
-        "false"
-      ],
-      "title": "Enable QUIC",
-      "type": "string"
-    },
     "proxy-try-duration": {
       "default": 5,
       "description": "A time during which Caddy will try to establish connection with a backend. Setting it to 0 will result with immediate return of 502 EOF error to the browser, even if it would be possible to (re)connect to the backend during few moments. More info in https://caddyserver.com/docs/proxy try_durtion.",

software/caddy-frontend/instance-slave-caddy-input-schema.json

@@ -53,20 +53,6 @@
       "title": "HTTPS Only",
       "type": "string"
     },
-    "caddy_custom_http": {
-      "default": "",
-      "description": "Raw http configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
-      "textarea": true,
-      "title": "HTTP configuration",
-      "type": "string"
-    },
-    "caddy_custom_https": {
-      "default": "",
-      "description": "Raw https configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
-      "textarea": true,
-      "title": "HTTPS configuration",
-      "type": "string"
-    },
     "default-path": {
       "default": "",
       "description": "Provide default path to redirect user to when user access / (the site root)",
@@ -153,12 +139,6 @@
       "title": "Prefer gzip Encoding for Backend",
       "type": "string"
     },
-    "re6st-optimal-test": {
-      "default": "",
-      "description": "IPv6 and IPv6 Address for the frontend test if re6st is on the optimal status (use ipv6,ipv4)",
-      "title": "IPv6 and IPv4 Address to test Re6st",
-      "type": "string"
-    },
     "server-alias": {
       "default": "",
       "description": "Server Alias List separated by space",

software/caddy-frontend/instance.cfg.in

@@ -103,11 +103,6 @@ configuration.nginx_port = 9443
 configuration.kedifa_port = 7879
 # Warning: Caucase takes also cacuase_port+1
 configuration.caucase_port = 8890
-# BBB: apache_custom_https and apache_custom_http
-configuration.apache_custom_https = ""
-configuration.apache_custom_http = ""
-configuration.caddy_custom_https = ""
-configuration.caddy_custom_http = ""
 configuration.apache-key =
 configuration.apache-certificate =
 configuration.open-port = 80 443
@@ -120,7 +115,6 @@ configuration.enable-http2-by-default = true
 configuration.global-disable-http2 = false
 configuration.ciphers =
 configuration.request-timeout = 600
-configuration.enable-quic = false
 configuration.mpm-graceful-shutdown-timeout = 5
 configuration.frontend-name =
 configuration.proxy-try-duration = 5

software/caddy-frontend/templates/apache-custom-slave-list.cfg.in

-{% if software_type == slap_software_type %}
-
-{% set kedifa_updater_mapping = [] %}
-{% set cached_server_dict = {} %}
-{% set part_list = [] %}
-{% set cache_port = caddy_configuration.get('cache-port') %}
-{% set cached_port = caddy_configuration.get('cache-through-port') %}
-{% set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %}
-{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %}
-{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %}
-{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
-{% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %}
-{% set slave_log_dict = {} %}
-{% if extra_slave_instance_list %}
-{%   set slave_instance_information_list = [] %}
-{%   set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %}
-{% endif %}
+{%- if software_type == slap_software_type %}
+{%- set kedifa_updater_mapping = [] %}
+{%- set cached_server_dict = {} %}
+{%- set part_list = [] %}
+{%- set cache_port = caddy_configuration.get('cache-port') %}
+{%- set cached_port = caddy_configuration.get('cache-through-port') %}
+{%- set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %}
+{%- set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %}
+{%- set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %}
+{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
+{%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %}
+{%- set slave_log_dict = {} %}
+{%- if extra_slave_instance_list %}
+{%-   set slave_instance_information_list = [] %}
+{%-   set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %}
+{%- endif %}
+{%- if master_key_download_url %}
+{%-   do kedifa_updater_mapping.append((master_key_download_url, master_certificate, apache_certificate)) %}
+{%- else %}
+{%-   do kedifa_updater_mapping.append(('notreadyyet', master_certificate, apache_certificate)) %}
+{%- endif %}
+{%- if slave_kedifa_information %}
+{%-   set slave_kedifa_information = json_module.loads(slave_kedifa_information) %}
+{%- else %}
+{%-   set slave_kedifa_information = {} %}
+{%- endif -%}
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
 extensions = jinja2.ext.do
@@ -30,18 +39,6 @@ sharedscripts = true
 notifempty = true
 create = true
 
-{% if master_key_download_url %}
-{%   do kedifa_updater_mapping.append((master_key_download_url, master_certificate, apache_certificate)) %}
-{% else %}
-{%   do kedifa_updater_mapping.append(('notreadyyet', master_certificate, apache_certificate)) %}
-{% endif %}
-
-{% if slave_kedifa_information %}
-{%   set slave_kedifa_information = json_module.loads(slave_kedifa_information) %}
-{% else %}
-{%   set slave_kedifa_information = {} %}
-{% endif %}
-
 # empty sections if no slaves are available
 [slave-log-directory-dict]
 [slave-password]
@@ -49,172 +46,160 @@ create = true
 # empty section if no cached slaves are available
 [slave-log-cache-direct-directory-dict]
 
-{# Loop thought slave list to set up slaves #}
-{% for slave_instance in slave_instance_list %}
-{#   Manage ciphers #}
-{%   set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %}
-{%   if slave_ciphers %}
-{%     set slave_cipher_list = ' '.join(slave_ciphers) %}
-{%   else %}
-{%     set slave_cipher_list = ciphers.strip() %}
-{%   endif %}
-{%   do slave_instance.__setitem__('cipher_list', slave_cipher_list) %}
-{%   set slave_type = slave_instance.get('type', '') %}
-{%   set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
-{%   set slave_reference = slave_instance.get('slave_reference') %}
-{%   set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
-{%   if slave_kedifa %}
-{%     set key_download_url = slave_kedifa.get('key-download-url') %}
-{%   else %}
-{%     set key_download_url = 'notreadyyet' %}
-{%   endif %}
-{%   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
-{%   set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
-{%   set slave_publish_dict = {} %}
-{%   set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
-{%   set slave_logrotate_section = slave_reference + "-logs" %}
-{%   set slave_logrotate_cache_direct_section = slave_reference + "-cache-direct-logs" %}
-{%   set slave_password_section = slave_reference + "-password" %}
-{%   set slave_ln_section = slave_reference + "-ln" %}
-
-{#   extend parts #}
-{%   do part_list.extend([slave_ln_section]) %}
-{%   do part_list.extend([slave_logrotate_section, slave_section_title]) %}
-
-{%   set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
-{%   if enable_cache %}
-{%     set slave_log_cache_direct_folder = '${logrotate-directory:logrotate-backup}/' + slave_logrotate_cache_direct_section %}
-{%     do part_list.extend([slave_logrotate_cache_direct_section]) %}
-{%   endif %}
-
-{#   Pass HTTP2 switch #}
-{%   do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
-{%   do slave_instance.__setitem__('global_disable_http2', global_disable_http2) %}
-
-{#   Pass proxy_try_duration and proxy_try_interval #}
-{%   do slave_instance.__setitem__('proxy_try_duration', proxy_try_duration) %}
-{%   do slave_instance.__setitem__('proxy_try_interval', proxy_try_interval) %}
-
-{#   Set Up log files #}
-{%   do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}
-{%   do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %}
-{%   do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %}
-{%   do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %}
-{%   if enable_cache %}
-{%     do slave_parameter_dict.__setitem__('access_log_cache_direct', '/'.join([caddy_log_cache_direct_directory, '%s_access_log' % slave_reference])) %}
-{%     do slave_parameter_dict.__setitem__('error_log_cache_direct', '/'.join([caddy_log_cache_direct_directory, '%s_error_log' % slave_reference])) %}
-{%     do slave_instance.__setitem__('access_log_cache_direct', slave_parameter_dict.get('access_log_cache_direct')) %}
-{%     do slave_instance.__setitem__('error_log_cache_direct', slave_parameter_dict.get('error_log_cache_direct')) %}
-{%   endif %}
-
-{#   Add slave log directory to the slave log access dict #}
-{%   do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}
-
-{%   set slave_log_access_url = 'https://' + slave_reference.lower() + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('caddy-ipv6') + ']:' + frontend_configuration.get('caddy-https-port') + '/' + slave_reference.lower() + '/' %}
-{%   do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
-{%   do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
-{%   do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %}
-
-{# Set slave domain if none was defined #}
-{%   if slave_instance.get('custom_domain', None) == None %}
-{%     set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %}
-{%     do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %}
-{%   endif %}
-
-{%   if enable_cache and 'url' in slave_instance %}
-{%     if 'domain' in slave_instance %}
-{%       if not slave_instance.get('custom_domain') %}
-{%         do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) %}
-{%       endif %}
-{%     endif %}
-{%     do slave_instance.__setitem__('backend_url', slave_instance.get('url')) %}
-{%     do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) %}
-{%     do slave_instance.__setitem__('url', cache_access) %}
-{%     do slave_instance.__setitem__('https-url', ssl_cache_access) %}
-{%     do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %}
-{%   endif %}
-
-{# BBB: apache_custom_https and apache_custom_http #}
-{%   if not slave_instance.has_key('caddy_custom_http') and not slave_instance.has_key('caddy_custom_https') and not slave_instance.has_key('apache_custom_http') and not slave_instance.has_key('apache_custom_https') %}
-{%     do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %}
-{%     do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
-{%     do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
-{%     do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
-{%   endif %}
+{#- Loop thought slave list to set up slaves #}
+{%- for slave_instance in slave_instance_list %}
+{#-   Manage ciphers #}
+{%-   set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %}
+{%-   if slave_ciphers %}
+{%-     set slave_cipher_list = ' '.join(slave_ciphers) %}
+{%-   else %}
+{%-     set slave_cipher_list = ciphers.strip() %}
+{%-   endif %}
+{%-   do slave_instance.__setitem__('cipher_list', slave_cipher_list) %}
+{%-   set slave_type = slave_instance.get('type', '') %}
+{%-   set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
+{%-   set slave_reference = slave_instance.get('slave_reference') %}
+{%-   set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
+{%-   if slave_kedifa %}
+{%-     set key_download_url = slave_kedifa.get('key-download-url') %}
+{%-   else %}
+{%-     set key_download_url = 'notreadyyet' %}
+{%-   endif %}
+{%-   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
+{%-   set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
+{%-   set slave_publish_dict = {} %}
+{%-   set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
+{%-   set slave_logrotate_section = slave_reference + "-logs" %}
+{%-   set slave_logrotate_cache_direct_section = slave_reference + "-cache-direct-logs" %}
+{%-   set slave_password_section = slave_reference + "-password" %}
+{%-   set slave_ln_section = slave_reference + "-ln" %}
+{#-   extend parts #}
+{%-   do part_list.extend([slave_ln_section]) %}
+{%-   do part_list.extend([slave_logrotate_section, slave_section_title]) %}
+{%-   set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
+{%-   if enable_cache %}
+{%-     set slave_log_cache_direct_folder = '${logrotate-directory:logrotate-backup}/' + slave_logrotate_cache_direct_section %}
+{%-     do part_list.extend([slave_logrotate_cache_direct_section]) %}
+{%-   endif %}
+{#-   Pass HTTP2 switch #}
+{%-   do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
+{%-   do slave_instance.__setitem__('global_disable_http2', global_disable_http2) %}
+{#-   Pass proxy_try_duration and proxy_try_interval #}
+{%-   do slave_instance.__setitem__('proxy_try_duration', proxy_try_duration) %}
+{%-   do slave_instance.__setitem__('proxy_try_interval', proxy_try_interval) %}
+{#-   Set Up log files #}
+{%-   do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}
+{%-   do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %}
+{%-   do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %}
+{%-   do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %}
+{%-   if enable_cache %}
+{%-     do slave_parameter_dict.__setitem__('access_log_cache_direct', '/'.join([caddy_log_cache_direct_directory, '%s_access_log' % slave_reference])) %}
+{%-     do slave_parameter_dict.__setitem__('error_log_cache_direct', '/'.join([caddy_log_cache_direct_directory, '%s_error_log' % slave_reference])) %}
+{%-     do slave_instance.__setitem__('access_log_cache_direct', slave_parameter_dict.get('access_log_cache_direct')) %}
+{%-     do slave_instance.__setitem__('error_log_cache_direct', slave_parameter_dict.get('error_log_cache_direct')) %}
+{%-   endif %}
+{#-   Add slave log directory to the slave log access dict #}
+{%-   do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}
+{%-   set slave_log_access_url = 'https://' + slave_reference.lower() + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('caddy-ipv6') + ']:' + frontend_configuration.get('caddy-https-port') + '/' + slave_reference.lower() + '/' %}
+{%-   do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
+{%-   do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
+{%-   do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %}
+{#-   Set slave domain if none was defined #}
+{%-   if slave_instance.get('custom_domain', None) == None %}
+{%-     set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %}
+{%-     do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %}
+{%-   endif %}
+{%-   if enable_cache and 'url' in slave_instance %}
+{%-     if 'domain' in slave_instance %}
+{%-       if not slave_instance.get('custom_domain') %}
+{%-         do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) %}
+{%-       endif %}
+{%-     endif %}
+{%-     do slave_instance.__setitem__('backend_url', slave_instance.get('url')) %}
+{%-     do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) %}
+{%-     do slave_instance.__setitem__('url', cache_access) %}
+{%-     do slave_instance.__setitem__('https-url', ssl_cache_access) %}
+{%-     do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %}
+{%-   endif %}
+{%-   do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %}
+{%-   do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
+{%-   do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
+{%-   do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
 
 [slave-log-directory-dict]
 {{slave_reference}} = {{ slave_log_folder }}
 
-{%   if enable_cache %}
+{%-   if enable_cache %}
 [slave-log-cache-direct-directory-dict]
 {{slave_reference}}_cache_direct = {{ slave_log_cache_direct_folder }}
-{%   endif %}
+{%-   endif %}
 
 [slave-password]
 {{ slave_reference }} = {{ '${' + slave_password_section + ':passwd}' }}
 
-{# Set slave logrotate entry #}
+{#-   Set slave logrotate entry #}
 [{{slave_logrotate_section}}]
 <= logrotate-entry-base
 name = ${:_buildout_section_name_}
 log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}}
 backup = {{ slave_log_folder }}
-{%    if enable_cache %}
+{%-   if enable_cache %}
+
 [{{slave_logrotate_cache_direct_section}}]
 <= logrotate-entry-base
 name = ${:_buildout_section_name_}
 log = {{slave_parameter_dict.get('access_log_cache_direct')}} {{slave_parameter_dict.get('error_log_cache_direct')}}
 backup = {{ slave_log_cache_direct_folder }}
-{%    endif %}
+{%-   endif %}
+
+{#-   integrate current logs inside #}
 
-{# integrate current logs inside #}
 [{{slave_ln_section}}]
 recipe = plone.recipe.command
 stop-on-error = false
 command = ln -s {{slave_parameter_dict.get('error_log')}} {{ slave_log_folder }}/error.log && ln -s {{slave_parameter_dict.get('access_log')}} {{ slave_log_folder }}/access.log
 
-{# Set password for slave #}
+{#-   Set password for slave #}
+
 [{{slave_password_section}}]
 recipe = slapos.cookbook:generate.password
 storage-path = {{caddy_configuration_directory}}/.{{slave_reference}}.passwd
 bytes = 8
 
-{# ################################################## #}
-{# Set Slave Certificates if needed                   #}
-{# Set certificate key for custom configuration       #}
-{% set cert_name = slave_reference.replace('-','.') + '.pem' %}
-{% set certificate = '%s/%s' % (autocert, cert_name) %}
-{% do slave_parameter_dict.__setitem__('certificate', certificate )%}
-
-{# Set ssl certificates for each slave #}
-{%   for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
-{%     if cert_name in slave_instance %}
-{%       set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
-{%       set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
-{%       do part_list.append(cert_title) %}
-{%       do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
-{%       do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
-{# Store certificates on fs #}
+{#-   ################################################## #}
+{#-   Set Slave Certificates if needed                   #}
+{#-   Set certificate key for custom configuration       #}
+{%-   set cert_name = slave_reference.replace('-','.') + '.pem' %}
+{%-   set certificate = '%s/%s' % (autocert, cert_name) %}
+{%-   do slave_parameter_dict.__setitem__('certificate', certificate )%}
+{#-   Set ssl certificates for each slave #}
+{%-     for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
+{%-       if cert_name in slave_instance %}
+{%-         set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
+{%-         set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
+{%-         do part_list.append(cert_title) %}
+{%-         do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
+{%-         do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
+{#-         Store certificates on fs #}
 [{{ cert_title }}]
 < = jinja2-template-base
 template = {{ empty_template }}
 rendered = {{ cert_file }}
 extra-context =
     key content {{ cert_title + '-config:value' }}
-# BBB: SlapOS Master non-zero knowledge BEGIN
-# Store certificate in config
+{#-         BBB: SlapOS Master non-zero knowledge BEGIN #}
+{#-         Store certificate in config #}
 [{{ cert_title + '-config' }}]
 value = {{ dumps(slave_instance.get(cert_name)) }}
-{%     endif %}
-{%   endfor %}
-
+{%-       endif %}
+{%-     endfor %}
 {#-   Set Up Certs #}
-{%   if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
-{%     set cert_title = '%s-crt' % (slave_reference) %}
-{%     set cert_file = '/'.join([bbb_ssl_directory, cert_title.replace('-','.')]) %}
-{%     do kedifa_updater_mapping.append((key_download_url, certificate, cert_file)) %}
-{%     do part_list.append(cert_title) %}
-{%     do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
+{%-   if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
+{%-     set cert_title = '%s-crt' % (slave_reference) %}
+{%-     set cert_file = '/'.join([bbb_ssl_directory, cert_title.replace('-','.')]) %}
+{%-     do kedifa_updater_mapping.append((key_download_url, certificate, cert_file)) %}
+{%-     do part_list.append(cert_title) %}
+{%-     do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
 
 [{{cert_title}}]
 < = jinja2-template-base
@@ -223,13 +208,14 @@ rendered = {{ cert_file }}
 cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '') + '\n' + slave_instance.get('ssl_key')) }}
 extra-context =
     key content :cert-content
-{%   else %}
-{%     do kedifa_updater_mapping.append((key_download_url, certificate, master_certificate)) %}
-{%   endif %}
-# BBB: SlapOS Master non-zero knowledge END
+{%-   else %}
+{%-     do kedifa_updater_mapping.append((key_download_url, certificate, master_certificate)) %}
+{%-   endif %}
+{#-   BBB: SlapOS Master non-zero knowledge END #}
+
+{#-   ########################################## #}
+{#-   Set Slave Configuration                    #}
 
-{# ########################################## #}
-{# Set Slave Configuration                    #}
 [{{ slave_configuration_section_name }}]
 certificate = {{ certificate }}
 https_port = {{ dumps('' ~ https_port) }}
@@ -238,51 +224,29 @@ local_ipv4 = {{ dumps('' ~ local_ipv4) }}
 cached_port = {{ dumps('' ~ cached_port) }}
 ssl_cached_port = {{ ('' ~ ssl_cached_port) }}
 request_timeout = {{ ('' ~ request_timeout) }}
-{# BBB: apache_custom_https and apache_custom_http #}
-{%     set caddy_custom_http_template = slave_instance.pop('caddy_custom_http', slave_instance.pop('apache_custom_http', '')) %}
-{%     set caddy_custom_https_template = slave_instance.pop('caddy_custom_https', slave_instance.pop('apache_custom_https', '')) %}
-{%     if caddy_custom_http_template is not none %}
-{%       set caddy_custom_http = ('' ~ caddy_custom_http_template) % slave_parameter_dict %}
-caddy_custom_http = {{ dumps(caddy_custom_http) }}
-{%     else %}
-{%       set caddy_custom_http = None %}
-{%     endif %}
-{%     if caddy_custom_https_template is not none %}
-{%       set caddy_custom_https = ('' ~ caddy_custom_https_template) % slave_parameter_dict %}
-caddy_custom_https = {{ dumps(caddy_custom_https) }}
-{%     else %}
-{%       set caddy_custom_https = None %}
-{%     endif %}
-{{ '\n' }}
-{%     for key, value in slave_instance.iteritems() %}
-{%       if value is not none %}
+{%-   for key, value in slave_instance.iteritems() %}
+{%-     if value is not none %}
 {{ key }} = {{ dumps('' ~ value) }}
-{%       endif %}
-{%     endfor %}
+{%-     endif %}
+{%-   endfor %}
 
 [{{ slave_section_title }}]
 < = jinja2-template-base
 rendered = {{ caddy_configuration_directory }}/${:filename}
 
-{%   if caddy_custom_http or caddy_custom_https %}
-template = {{ template_custom_slave_configuration }}
-extra-context =
-    section slave_parameter {{ slave_configuration_section_name }}
-{%   else %}
 template = {{ template_default_slave_configuration }}
 extra-context =
     section slave_parameter {{ slave_configuration_section_name }}
     import urllib_module urllib
-{%   endif %}
 
 filename = {{ '%s.conf' % slave_reference }}
 {{ '\n' }}
 
 
-{%   set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
-{%   if monitor_ipv6_test %}
-{%     set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
-{%     do part_list.append(monitor_ipv6_section_title) %}
+{%-   set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
+{%-   if monitor_ipv6_test %}
+{%-     set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
+{%-     do part_list.append(monitor_ipv6_section_title) %}
 [{{ monitor_ipv6_section_title }}]
 <= monitor-promise-base
 module = check_icmp_packet_lost
@@ -290,12 +254,11 @@ name = {{ monitor_ipv6_section_title }}.py
 config-address = {{ dumps(monitor_ipv6_test) }}
 # promise frequency in minutes (2 times/day)
 config-frequency = 720
-{%   endif %}
-
-{%   set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %}
-{%   if monitor_ipv4_test %}
-{%     set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %}
-{%     do part_list.append(monitor_ipv4_section_title) %}
+{%-   endif %}
+{%-   set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %}
+{%-   if monitor_ipv4_test %}
+{%-     set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %}
+{%-     do part_list.append(monitor_ipv4_section_title) %}
 [{{ monitor_ipv4_section_title }}]
 <= monitor-promise-base
 module = check_icmp_packet_lost
@@ -304,66 +267,41 @@ config-address = {{ dumps(monitor_ipv4_test) }}
 config-ipv4 = true
 # promise frequency in minutes (2 times/day)
 config-frequency = 720
-{%   endif %}
-
-{%   set re6st_optimal_test = '' ~ slave_instance.get('re6st-optimal-test', '') %}
-{%   set re6st_ipv6 = None %}
-{%   set re6st_ipv4 = None %}
-{%   if ',' in re6st_optimal_test %}
-{%     set re6st_ipv6, re6st_ipv4 = re6st_optimal_test.split(",") %}
-{%   endif %}
-{%   if re6st_ipv6 and re6st_ipv4 %}
-{%     set re6st_optimal_test_section_title = 'check-%s-re6st-optimal-test' % slave_instance.get('slave_reference') %}
-{%     do part_list.append(re6st_optimal_test_section_title) %}
-
-[{{ re6st_optimal_test_section_title }}]
-<= monitor-promise-base
-module = check_re6st_optimal_status
-name = {{ re6st_optimal_test_section_title }}.py
-config-ipv4 = {{ dumps(re6st_ipv4) }}
-config-ipv6 = {{ dumps(re6st_ipv6) }}
-# promise frequency in minutes (2 times/day)
-config-frequency = 720
-{%   endif %}
-
+{%-   endif %}
 
-{# ###############################  #}
-{# Publish Slave Information        #}
-{%   if not extra_slave_instance_list %}
-{%     set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %}
-{%     do part_list.append(publish_section_title) %}
+{#-   ###############################  #}
+{#-   Publish Slave Information        #}
+{%-   if not extra_slave_instance_list %}
+{%-     set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %}
+{%-     do part_list.append(publish_section_title) %}
 [{{ publish_section_title }}]
 recipe = slapos.cookbook:publish
-{%     for key, value in slave_publish_dict.iteritems() %}
+{%-     for key, value in slave_publish_dict.iteritems() %}
 {{ key }} = {{ value }}
-{%     endfor %}
-{%   else %}
-{%     do slave_instance_information_list.append(slave_publish_dict) %}
-{%   endif %}
-
-{# End of the main for loop#}
-{% endfor %}
+{%-     endfor %}
+{%-   else %}
+{%-     do slave_instance_information_list.append(slave_publish_dict) %}
+{%-   endif %}
+{%- endfor %} {# Slave iteration ends for slave_instance in slave_instance_list #}
 
 [slave-log-directories]
 <= slave-log-directory-dict
 recipe = slapos.cookbook:mkdirectory
 
-{% do part_list.append('slave-log-directories') %}
+{%- do part_list.append('slave-log-directories') %}
 
 [slave-log-cache-direct-directories]
 <= slave-log-cache-direct-directory-dict
 recipe = slapos.cookbook:mkdirectory
 
-{% do part_list.append('slave-log-cache-direct-directories') %}
-
-{% do part_list.append('caddy-log-access') %}
-
-###############################################
-### Prepare virtualhost for slaves using cache
+{%- do part_list.append('slave-log-cache-direct-directories') %}
+{%- do part_list.append('caddy-log-access') %}
+{#- ############################################## #}
+{#- ## Prepare virtualhost for slaves using cache  #}
+{%- for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %}
+{%-   set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %}
+{%-   do part_list.append(cached_slave_configuration_section_title) %}
 
-{% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %}
-{%   set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %}
-{%   do part_list.append(cached_slave_configuration_section_title) %}
 [{{ cached_slave_configuration_section_title }}]
 < = jinja2-template-base
 template = {{ template_cached_slave_configuration }}
@@ -373,8 +311,7 @@ extensions = jinja2.ext.do
 extra-context =
     section slave_parameter {{ slave_configuration_section_name }}
 {{ '\n' }}
-{% endfor %}
-
+{%- endfor %}
 {#- Define IPv6 to IPV4 tunneling #}
 [tunnel-6to4-base]
 recipe = slapos.cookbook:wrapper
@@ -404,7 +341,8 @@ ipv6-port = {{ cached_port }}
 ipv4-port = {{ ssl_cached_port }}
 ipv6-port = {{ ssl_cached_port }}
 
-{# Define log access #}
+{#- Define log access #}
+
 [caddy-log-access-parameters]
 caddy_log_directory = {{ dumps(caddy_log_directory) }}
 caddy_configuration_directory = {{ dumps(caddy_configuration_directory) }}
@@ -427,15 +365,15 @@ extra-context =
     section parameter_dict caddy-log-access-parameters
 
 
-{# Publish information for the instance #}
+{#- Publish information for the instance #}
 [publish-caddy-information]
 recipe = slapos.cookbook:publish.serialised
 public-ipv4 = {{ public_ipv4 }}
 private-ipv4 = {{ local_ipv4 }}
-{% if extra_slave_instance_list %}
-{# sort_keys are important in order to avoid shuffling parameters on each run #}
+{%- if extra_slave_instance_list %}
+{#-   sort_keys are important in order to avoid shuffling parameters on each run #}
 slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
-{% endif %}
+{%- endif %}
 monitor-base-url = {{ monitor_base_url }}
 csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt
 csr_id-certificate = ${get-csr_id-certificate:certificate}
@@ -463,9 +401,9 @@ update-command = ${:command}
 recipe = slapos.recipe.template:jinja2
 file = {{ kedifa_updater_mapping_file }}
 template = inline:
-{% for mapping in kedifa_updater_mapping %}
+{%- for mapping in kedifa_updater_mapping %}
   {{ mapping[0] }} {{ mapping[1] }} {{ mapping[2] }}
-{% endfor %}
+{%- endfor %}
 
 rendered = ${:file}
 
@@ -485,12 +423,12 @@ extends =
 parts +=
     kedifa-updater
     kedifa-updater-run
-{% for part in part_list %}
+{%- for part in part_list %}
 {{ '    %s' % part }}
-{% endfor %}
-{% if 'caddy-log-access' not in part_list %}
+{%- endfor %}
+{%- if 'caddy-log-access' not in part_list %}
     caddy-log-access-empty
-{% endif %}
+{%- endif %}
     publish-caddy-information
     tunnel-6to4-base-http_port
     tunnel-6to4-base-https_port
@@ -576,4 +514,4 @@ recipe = collective.recipe.shelloutput
 commands =
   certificate = cat ${certificate-csr_id:certificate}
 
-{% endif %}
+{%- endif %} {# if software_type == slap_software_type #}

software/caddy-frontend/templates/cached-virtualhost.conf.in

@@ -22,7 +22,10 @@
     try_duration {{ slave_parameter['proxy_try_duration'] }}s
     try_interval {{ slave_parameter['proxy_try_interval'] }}ms
 
-    transparent
+    header_upstream Host {host}
+{#    header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
+    header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
+    header_upstream -X-Forwarded-For-Real
     timeout {{ slave_parameter['request_timeout'] }}s
 {%- if ssl_proxy_verify %}
 {%-   if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
@@ -47,7 +50,10 @@
   proxy / {{ slave_parameter.get('https_backend_url', '') }} {
     try_duration {{ slave_parameter['proxy_try_duration'] }}s
     try_interval {{ slave_parameter['proxy_try_interval'] }}ms
-    transparent
+    header_upstream Host {host}
+{#    header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
+    header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
+    header_upstream -X-Forwarded-For-Real
     timeout {{ slave_parameter['request_timeout'] }}s
 {%- if ssl_proxy_verify %}
 {%-   if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}

software/caddy-frontend/templates/custom-virtualhost.conf.in

-{{ slave_parameter.get('caddy_custom_https', '') }}
-{{ slave_parameter.get('caddy_custom_http', '') }}

software/caddy-frontend/templates/default-virtualhost.conf.in

 {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
+{%- set enable_cache = slave_parameter.get('enable_cache', '').lower() in TRUE_VALUES %}
 {%- set disable_no_cache_header = slave_parameter.get('disable-no-cache-request', '').lower() in TRUE_VALUES %}
 {%- set disable_via_header = slave_parameter.get('disable-via-header', '').lower() in TRUE_VALUES %}
 {%- set prefer_gzip = slave_parameter.get('prefer-gzip-encoding-to-backend', '').lower() in TRUE_VALUES %}
@@ -39,6 +40,25 @@
 {%-   set enable_h2 = False %}
 {%- endif %}
 
+{%- macro proxy_header() %}
+    try_duration {{ slave_parameter['proxy_try_duration'] }}s
+    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
+    timeout {{ slave_parameter['request_timeout'] }}s
+{%-   if ssl_proxy_verify %}
+{%-     if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
+    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
+{%-     endif %} {#-     if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
+{%-   else %} {#-   if ssl_proxy_verify #}
+    insecure_skip_verify
+{%-   endif %} {#-   if ssl_proxy_verify #}
+    # force reset of X-Forwarded-For
+    header_upstream X-Forwarded-For {remote}
+{%-     if enable_cache %}
+    # provide a header for other components
+    header_upstream X-Forwarded-For-Real {remote}
+{%-     endif %}
+{%- endmacro %} {# proxy_header #}
+
 {%- for tls in [True, False] %}
 {%- if tls %}
 {%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')).rstrip('/') %}
@@ -102,8 +122,7 @@
 {%-   for (proxy_name, proxy_comment) in proxy_append_list %}
   # {{ proxy_comment }}
   proxy /{{ proxy_name }} {{ backend_url }} {
-    try_duration {{ slave_parameter['proxy_try_duration'] }}s
-    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
+{{ proxy_header() }}
 {%-     if proxy_name == 'prefer-gzip' %}
     without /prefer-gzip
     header_upstream Accept-Encoding gzip
@@ -122,14 +141,6 @@
     header_upstream -Pragma
 {%-   endif %} {#-   if disable_no_cache_header #}
     transparent
-    timeout {{ slave_parameter['request_timeout'] }}s
-{%-   if ssl_proxy_verify %}
-{%-     if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
-    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
-{%-     endif %} {#-     if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
-{%-   else %} {#-   if ssl_proxy_verify #}
-    insecure_skip_verify
-{%-   endif %} {#-   if ssl_proxy_verify #}
   } {# proxy #}
 {%-   endfor %} {#-   for (proxy_name, proxy_comment) in proxy_append_list #}
   {%- if default_path %}
@@ -174,54 +185,43 @@
   } {# redir #}
 {%- elif slave_type == 'notebook' %}
   proxy / {{ backend_url }} {
-    try_duration {{ slave_parameter['proxy_try_duration'] }}s
-    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
+{{ proxy_header() }}
     transparent
-    insecure_skip_verify
   }
   rewrite {
     regexp "/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/?"
     to /proxy/{1}
   }
   proxy /proxy/ {{ backend_url }} {
-    try_duration {{ slave_parameter['proxy_try_duration'] }}s
-    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
-    header_upstream X-Real-IP {remote}
-    header_upstream Host {host}
+{{ proxy_header() }}
+    transparent
     websocket
     without /proxy/
-    insecure_skip_verify
   }
 {%- elif slave_type == 'websocket' %}
 {%-   if websocket_path_list %}
   proxy / {{ backend_url }} {
-    try_duration {{ slave_parameter['proxy_try_duration'] }}s
-    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
+{{ proxy_header() }}
 {%-     if websocket_transparent %}
     transparent
 {%-     endif %}
-    insecure_skip_verify
   }
 {%-     for websocket_path in websocket_path_list %}
   proxy /{{ websocket_path }} {{ backend_url }} {
-    try_duration {{ slave_parameter['proxy_try_duration'] }}s
-    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
+{{ proxy_header() }}
     websocket
 {%-       if websocket_transparent %}
     transparent
 {%-       endif %}
-    insecure_skip_verify
   }
 {%-     endfor %}
 {%-   else %}
   proxy / {{ backend_url }} {
-    try_duration {{ slave_parameter['proxy_try_duration'] }}s
-    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
+{{ proxy_header() }}
     websocket
 {%-   if websocket_transparent %}
     transparent
 {%-   endif %}
-    insecure_skip_verify
   }
 {%-   endif %}
 {%- else %} {#- if slave_type ==  'zope' and backend_url #}
@@ -237,8 +237,7 @@
 {%-   for (proxy_name, proxy_comment) in proxy_append_list %}
   # {{ proxy_comment }}
   proxy /{{ proxy_name }} {{ backend_url }} {
-    try_duration {{ slave_parameter['proxy_try_duration'] }}s
-    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
+{{ proxy_header() }}
 {%-     if proxy_name == 'prefer-gzip' %}
     without /prefer-gzip
     header_upstream Accept-Encoding gzip
@@ -257,14 +256,6 @@
     header_upstream -Pragma
 {%-     endif %} {#-     if disable_no_cache_header #}
     transparent
-    timeout {{ slave_parameter['request_timeout'] }}s
-{%-     if ssl_proxy_verify %}
-{%-       if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
-    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
-{%-       endif %} {#-       if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
-{%-     else %} {#-     if ssl_proxy_verify #}
-    insecure_skip_verify
-{%-     endif %} {#-     if ssl_proxy_verify #}
   }  {# proxy #}
 {%-    endfor %} {#-   for (proxy_name, proxy_comment) in proxy_append_list #}
 {%-   endif %} {#-   if backend_url #}

software/caddy-frontend/templates/trafficserver/records.config.jinja2

@@ -27,6 +27,14 @@ CONFIG proxy.config.http.cache.open_write_fail_action INT 2
 CONFIG proxy.config.body_factory.template_sets_dir STRING  {{ ats_configuration['templates-dir'] }}
 # Support stale-if-error by returning cached content on backend 5xx or unavailability
 CONFIG proxy.config.http.negative_revalidating_enabled INT 1
+##############################################################################
+# Proxy users variables. Docs:
+#    https://docs.trafficserver.apache.org/records.config#proxy-user-variables
+##############################################################################
+# Do not modify headers, as it needlessly pollutes information
+CONFIG proxy.config.http.insert_client_ip INT 0
+CONFIG proxy.config.http.insert_squid_x_forwarded_for INT 0
+
 
 ##############################################################################
 # Thread configurations. Docs:
@@ -98,13 +106,6 @@ CONFIG proxy.config.http.down_server.abort_threshold INT 10
 CONFIG proxy.config.http.negative_caching_enabled INT 0
 CONFIG proxy.config.http.negative_caching_lifetime INT 1800
 
-##############################################################################
-# Proxy users variables. Docs:
-#    https://docs.trafficserver.apache.org/records.config#proxy-user-variables
-##############################################################################
-CONFIG proxy.config.http.insert_client_ip INT 1
-CONFIG proxy.config.http.insert_squid_x_forwarded_for INT 1
-
 ##############################################################################
 # Security. Docs:
 #    https://docs.trafficserver.apache.org/records.config#security

software/caddy-frontend/test/setup.py

@@ -46,7 +46,6 @@ setup(name=name,
         # ipaddress is patching IPAddress so IPv6 in SSL certificates
         # match works
         'ipaddress >= 1.0.22',
-        'forcediphttpsadapter',
         'requests-toolbelt',
         'supervisor',
         # caucase needed to connect to the KeDiFa caucase

software/caddy-frontend/test/test.py

@@ -33,12 +33,10 @@ from requests_toolbelt.adapters import source
 import json
 import multiprocessing
 import subprocess
-from unittest import skip, expectedFailure
+from unittest import skip
 import ssl
-import signal
 from BaseHTTPServer import HTTPServer
 from BaseHTTPServer import BaseHTTPRequestHandler
-from forcediphttpsadapter.adapters import ForcedIPHTTPSAdapter
 import time
 import tempfile
 import ipaddress
@@ -48,6 +46,8 @@ import base64
 import re
 from slapos.recipe.librecipe import generateHashFromFiles
 import xml.etree.ElementTree as ET
+import urlparse
+import socket
 
 
 try:
@@ -77,6 +77,24 @@ HTTPS_PORT = '11443'
 CAUCASE_PORT = '15090'
 KEDIFA_PORT = '15080'
 
+# IP to originate requests from
+# has to be not partition one
+SOURCE_IP = '127.0.0.1'
+
+# "--resolve" inspired from https://stackoverflow.com/a/44378047/9256748
+DNS_CACHE = {}
+
+
+def add_custom_dns(domain, port, ip):
+  port = int(port)
+  key = (domain, port)
+  value = (socket.AF_INET, 1, 6, '', (ip, port))
+  DNS_CACHE[key] = [value]
+
+
+def new_getaddrinfo(*args):
+  return DNS_CACHE[args[:2]]
+
 
 # for development: debugging logs and install Ctrl+C handler
 if os.environ.get('SLAPOS_TEST_DEBUG'):
@@ -225,17 +243,6 @@ def isHTTP2(domain, ip):
   return 'Using HTTP2, server supports multi-use' in err
 
 
-def getQUIC(url, ip, port):
-  quic_client_command = 'quic_client --disable-certificate-verification '\
-    '--port=%(port)s --host=%(host)s %(url)s' % dict(
-      port=port, host=ip, url=url)
-  try:
-    return True, subprocess.check_output(
-      quic_client_command.split(), stderr=subprocess.STDOUT)
-  except subprocess.CalledProcessError as e:
-    return False, e.output
-
-
 def getPluginParameterDict(software_path, filepath):
   """Load the slapos monitor plugin and returns the configuration used by this plugin.
 
@@ -328,7 +335,7 @@ class TestDataMixin(object):
       )
     except AssertionError:
       if os.environ.get('SAVE_TEST_DATA', '0') == '1':
-        open(test_data_file, 'w').write(runtime_data.strip())
+        open(test_data_file, 'w').write(runtime_data.strip() + '\n')
       raise
     finally:
       self.maxDiff = maxDiff
@@ -413,39 +420,55 @@ class TestDataMixin(object):
 
 
 def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
-                    headers=None, cookies=None, source_ip=None):
+                    headers=None, cookies=None, source_ip=SOURCE_IP):
   if headers is None:
     headers = {}
   # workaround request problem of setting Accept-Encoding
   # https://github.com/requests/requests/issues/2234
   headers.setdefault('Accept-Encoding', 'dummy')
+  # Headers to tricks the whole system, like rouge user would do
+  headers.setdefault('X-Forwarded-For', '192.168.0.1')
+  headers.setdefault('X-Forwarded-Proto', 'irc')
+  headers.setdefault('X-Forwarded-Port', '17')
+
   session = requests.Session()
-  session.mount(
-    'https://%s:%s' % (domain, port),
-    ForcedIPHTTPSAdapter(
-      dest_ip=real_ip))
   if source_ip is not None:
     new_source = source.SourceAddressAdapter(source_ip)
     session.mount('http://', new_source)
     session.mount('https://', new_source)
-  return session.get(
-    'https://%s:%s/%s' % (domain, port, path),
-    verify=False,
-    allow_redirects=False,
-    headers=headers,
-    cookies=cookies
-  )
+  socket_getaddrinfo = socket.getaddrinfo
+  try:
+    add_custom_dns(domain, port, real_ip)
+    socket.getaddrinfo = new_getaddrinfo
+    return session.get(
+      'https://%s:%s/%s' % (domain, port, path),
+      verify=False,
+      allow_redirects=False,
+      headers=headers,
+      cookies=cookies
+    )
+  finally:
+    socket.getaddrinfo = socket_getaddrinfo
 
 
 def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT,
-                   headers=None):
+                   headers=None, source_ip=SOURCE_IP):
   if headers is None:
     headers = {}
   # workaround request problem of setting Accept-Encoding
   # https://github.com/requests/requests/issues/2234
   headers.setdefault('Accept-Encoding', 'dummy')
-  headers['Host'] = domain
-  return requests.get(
+  # Headers to tricks the whole system, like rouge user would do
+  headers.setdefault('X-Forwarded-For', '192.168.0.1')
+  headers.setdefault('X-Forwarded-Proto', 'irc')
+  headers.setdefault('X-Forwarded-Port', '17')
+  headers['Host'] = '%s:%s' % (domain, port)
+  session = requests.Session()
+  if source_ip is not None:
+    new_source = source.SourceAddressAdapter(source_ip)
+    session.mount('http://', new_source)
+    session.mount('https://', new_source)
+  return session.get(
     'http://%s:%s/%s' % (real_ip, port, path),
     headers=headers,
     allow_redirects=False,
@@ -1044,73 +1067,11 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
 
 
 class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
-  caddy_custom_https = '''# caddy_custom_https_filled_in_accepted
-https://caddycustomhttpsaccepted.example.com:%%(https_port)s {
-  bind %%(local_ipv4)s
-  tls %%(certificate)s %%(certificate)s
-
-  log / %%(access_log)s {combined}
-  errors %%(error_log)s
-
-  proxy / %(url)s {
-    transparent
-    timeout 600s
-    insecure_skip_verify
-  }
-}
-'''
-
-  caddy_custom_http = '''# caddy_custom_http_filled_in_accepted
-http://caddycustomhttpsaccepted.example.com:%%(http_port)s {
-  bind %%(local_ipv4)s
-  log / %%(access_log)s {combined}
-  errors %%(error_log)s
-
-  proxy / %(url)s {
-    transparent
-    timeout 600s
-    insecure_skip_verify
-  }
-}
-'''
-
-  apache_custom_https = '''# apache_custom_https_filled_in_accepted
-https://apachecustomhttpsaccepted.example.com:%%(https_port)s {
-  bind %%(local_ipv4)s
-  tls %%(certificate)s %%(certificate)s
-
-  log / %%(access_log)s {combined}
-  errors %%(error_log)s
-
-  proxy / %(url)s {
-    transparent
-    timeout 600s
-    insecure_skip_verify
-  }
-}
-'''
-
-  apache_custom_http = '''# apache_custom_http_filled_in_accepted
-http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
-  bind %%(local_ipv4)s
-  log / %%(access_log)s {combined}
-  errors %%(error_log)s
-
-  proxy / %(url)s {
-    transparent
-    timeout 600s
-    insecure_skip_verify
-  }
-}
-'''
-
   @classmethod
   def getInstanceParameterDict(cls):
     return {
       'domain': 'example.com',
       'public-ipv4': cls._ipv4_address,
-      '-frontend-authorized-slave-string':
-      '_apache_custom_http_s-accepted _caddy_custom_http_s-accepted',
       'port': HTTPS_PORT,
       'plain_http_port': HTTP_PORT,
       'kedifa_port': KEDIFA_PORT,
@@ -1344,36 +1305,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       'enable-http2-default': {
         'url': cls.backend_url,
       },
-      # 'apache_custom_http_s-rejected': {
-      #   'url': cls.backend_url,
-      #   'apache_custom_https': '# apache_custom_https_filled_in_rejected',
-      #   'apache_custom_http': '# apache_custom_http_filled_in_rejected',
-      # },
-      'apache_custom_http_s-accepted': {
-        'url': cls.backend_url,
-        'apache_custom_https': cls.apache_custom_https % dict(
-          url=cls.backend_url),
-        'apache_custom_http': cls.apache_custom_http % dict(
-          url=cls.backend_url),
-      },
-      # 'caddy_custom_http_s-rejected': {
-      #   'url': cls.backend_url,
-      #   'caddy_custom_https': '# caddy_custom_https_filled_in_rejected',
-      #   'caddy_custom_http': '# caddy_custom_http_filled_in_rejected',
-      # },
-      'caddy_custom_http_s-accepted': {
-        'url': cls.backend_url,
-        'caddy_custom_https': cls.caddy_custom_https % dict(
-          url=cls.backend_url),
-        'caddy_custom_http': cls.caddy_custom_http % dict(
-          url=cls.backend_url),
-      },
-      # # this has to be rejected
-      # 'caddy_custom_http_s': {
-      #   'url': cls.backend_url,
-      #   'caddy_custom_https': '# caddy_custom_https_filled_in_rejected_2',
-      #   'caddy_custom_http': '# caddy_custom_http_filled_in_rejected_2',
-      # },
       'prefer-gzip-encoding-to-backend': {
         'url': cls.backend_url,
         'prefer-gzip-encoding-to-backend': 'true',
@@ -1393,9 +1324,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       'monitor-ipv6-test': {
         'monitor-ipv6-test': 'monitor-ipv6-test',
       },
-      're6st-optimal-test': {
-        're6st-optimal-test': 'ipv6,ipv4',
-      },
       'ciphers': {
         'ciphers': 'RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA',
       }
@@ -1572,9 +1500,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     expected_parameter_dict = {
       'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
       'domain': 'example.com',
-      'accepted-slave-amount': '54',
+      'accepted-slave-amount': '51',
       'rejected-slave-amount': '0',
-      'slave-amount': '54',
+      'slave-amount': '51',
       'rejected-slave-dict': {
       }
     }
@@ -1647,7 +1575,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://empty.example.com/test-path',
+      'https://empty.example.com:%s/test-path' % (HTTP_PORT,),
       result_http.headers['Location']
     )
 
@@ -1682,6 +1610,33 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       self.assertFalse('connection-parameter-hash' in line)
       self.assertFalse('timestamp' in line)
 
+  def assertBackendHeaders(
+    self, backend_header_dict, domain, source_ip=SOURCE_IP, port=HTTPS_PORT,
+    proto='https', ignore_header_list=None):
+    if ignore_header_list is None:
+      ignore_header_list = []
+    self.assertFalse('remote_user' in backend_header_dict.keys())
+    self.assertFalse('x-forwarded-for-real' in backend_header_dict.keys())
+    if 'Host' not in ignore_header_list:
+      self.assertEqual(
+        backend_header_dict['host'],
+        '%s:%s' % (domain, port))
+    # XXX It's really hard to play with Caddy headers, thus we have to keep
+    #     some of them. As other solutions will come in future, more control
+    #     over sent X-Forwarded-For will be possible
+    self.assertEqual(
+      backend_header_dict['x-forwarded-for'].split(',')[0],
+      source_ip
+    )
+    self.assertEqual(
+      backend_header_dict['x-forwarded-port'],
+      port
+    )
+    self.assertEqual(
+      backend_header_dict['x-forwarded-proto'],
+      proto
+    )
+
   def test_url(self):
     parameter_dict = self.assertSlaveBase('Url')
 
@@ -1704,11 +1659,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
 
     self.assertEqual(j['Incoming Headers']['timeout'], '10')
-
     self.assertFalse('Content-Encoding' in result.headers)
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
 
     self.assertEqual(
       'secured=value;secure, nonsecured=value',
@@ -1725,7 +1679,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://url.example.com/test-path/deeper',
+      'https://url.example.com:%s/test-path/deeper' % (HTTP_PORT,),
       result_http.headers['Location']
     )
 
@@ -2350,7 +2304,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
 
     self.assertEqualResultJson(
       result,
@@ -2369,7 +2323,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://typezope.example.com/test-path/deep/.././deeper',
+      'https://typezope.example.com:%s/test-path/deep/.././deeper' % (
+        HTTP_PORT,),
       result.headers['Location']
     )
 
@@ -2389,7 +2344,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
 
     self.assertEqualResultJson(
       result,
@@ -2424,7 +2379,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
 
     self.assertEqualResultJson(
       result,
@@ -2467,7 +2422,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
 
     self.assertEqualResultJson(
       result,
@@ -2487,7 +2442,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://%s/test-path/deep/.././deeper' % (parameter_dict['domain'],),
+      'https://%s:%s/test-path/deep/.././deeper' % (
+        parameter_dict['domain'], HTTP_PORT),
       result.headers['Location']
     )
 
@@ -2504,7 +2460,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
 
     self.assertEqualResultJson(
       result,
@@ -2527,7 +2483,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://%s/test-path/deep/.././deeper' % (parameter_dict['domain'],),
+      'https://%s:%s/test-path/deep/.././deeper' % (
+        parameter_dict['domain'], HTTP_PORT),
       result.headers['Location']
     )
 
@@ -2626,6 +2583,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
     self.assertEqual(
       'Upgrade',
       j['Incoming Headers']['connection']
@@ -2655,6 +2613,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    parsed = urlparse.urlparse(self.backend_url)
+    self.assertBackendHeaders(
+      j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
+      ignore_header_list=['Host'])
     self.assertEqual(
       'Upgrade',
       j['Incoming Headers']['connection']
@@ -2686,6 +2648,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
     self.assertFalse('connection' in j['Incoming Headers'].keys())
     self.assertTrue('x-real-ip' in j['Incoming Headers'])
 
@@ -2704,6 +2667,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
     self.assertEqual(
       'Upgrade',
       j['Incoming Headers']['connection']
@@ -2725,6 +2689,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
     self.assertEqual(
       'Upgrade',
       j['Incoming Headers']['connection']
@@ -2755,6 +2720,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    parsed = urlparse.urlparse(self.backend_url)
+    self.assertBackendHeaders(
+      j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
+      ignore_header_list=['Host'])
     self.assertFalse('connection' in j['Incoming Headers'].keys())
     self.assertFalse('x-real-ip' in j['Incoming Headers'])
 
@@ -2773,6 +2742,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    self.assertBackendHeaders(
+      j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
+      ignore_header_list=['Host'])
     self.assertEqual(
       'Upgrade',
       j['Incoming Headers']['connection']
@@ -2794,6 +2766,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    self.assertBackendHeaders(
+      j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
+      ignore_header_list=['Host'])
     self.assertEqual(
       'Upgrade',
       j['Incoming Headers']['connection']
@@ -2910,7 +2885,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://sslproxyverifysslproxycacrtunverified.example.com/test-path',
+      'https://sslproxyverifysslproxycacrtunverified.example.com:%s/'
+      'test-path' % (HTTP_PORT,),
       result_http.headers['Location']
     )
 
@@ -2930,7 +2906,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
 
     self.assertFalse('Content-Encoding' in result.headers)
 
@@ -2948,7 +2924,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://sslproxyverifysslproxycacrt.example.com/test-path',
+      'https://sslproxyverifysslproxycacrt.example.com:%s/test-path' % (
+        HTTP_PORT,),
       result_http.headers['Location']
     )
 
@@ -3021,8 +2998,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://enablecachesslproxyverifysslproxycacrtunverified.example.com/'
-      'test-path/deeper',
+      'https://enablecachesslproxyverifysslproxycacrtunverified.example.com'
+      ':%s/test-path/deeper' % (HTTP_PORT,),
       result_http.headers['Location']
     )
 
@@ -3159,8 +3136,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://typezopesslproxyverifysslproxycacrtunverified.example.com/'
-      'test-path',
+      'https://typezopesslproxyverifysslproxycacrtunverified.example.com:%s/'
+      'test-path' % (HTTP_PORT,),
       result_http.headers['Location']
     )
 
@@ -3179,7 +3156,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       j = result.json()
     except Exception:
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
 
     self.assertEqualResultJson(
       result,
@@ -3198,7 +3175,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://typezopesslproxyverifysslproxycacrt.example.com/test-path',
+      'https://typezopesslproxyverifysslproxycacrt.example.com:'
+      '%s/test-path' % (HTTP_PORT,),
       result.headers['Location']
     )
 
@@ -3238,7 +3216,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://monitoripv6test.example.com/test-path',
+      'https://monitoripv6test.example.com:%s/test-path' % (HTTP_PORT,),
       result_http.headers['Location']
     )
 
@@ -3275,7 +3253,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://monitoripv4test.example.com/test-path',
+      'https://monitoripv4test.example.com:%s/test-path' % (HTTP_PORT,),
       result_http.headers['Location']
     )
 
@@ -3293,44 +3271,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       }
     )
 
-  def test_re6st_optimal_test(self):
-    parameter_dict = self.assertSlaveBase('re6st-optimal-test')
-
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
-
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-
-    self.assertEqual(httplib.NOT_FOUND, result.status_code)
-
-    result_http = fakeHTTPResult(
-      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
-    self.assertEqual(
-      httplib.FOUND,
-      result_http.status_code
-    )
-
-    self.assertEqual(
-      'https://re6stoptimaltest.example.com/test-path',
-      result_http.headers['Location']
-    )
-
-    monitor_file = glob.glob(
-      os.path.join(
-        self.instance_path, '*', 'etc', 'plugin',
-        'check-_re6st-optimal-test-re6st-optimal-test.py'))[0]
-    # get promise module and check that parameters are ok
-    self.assertEqual(
-      getPluginParameterDict(self.software_path, monitor_file),
-      {
-        'frequency': '720',
-        'ipv4': 'ipv4',
-        'ipv6': 'ipv6'
-      }
-    )
-
   def test_ciphers(self):
     parameter_dict = self.assertSlaveBase('ciphers')
 
@@ -3352,7 +3292,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://ciphers.example.com/test-path',
+      'https://ciphers.example.com:%s/test-path' % (HTTP_PORT,),
       result_http.headers['Location']
     )
 
@@ -3414,6 +3354,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     backend_headers = result.json()['Incoming Headers']
+    self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
     via = backend_headers.pop('via', None)
     self.assertNotEqual(via, None)
     self.assertRegexpMatches(
@@ -3455,6 +3396,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     backend_headers = result.json()['Incoming Headers']
+    self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
     via = backend_headers.pop('via', None)
     self.assertNotEqual(via, None)
     self.assertRegexpMatches(
@@ -3473,18 +3415,23 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://enablecacheserveralias1.example.com/test-path/deeper',
+      'https://enablecacheserveralias1.example.com:%s/test-path/deeper' % (
+        HTTP_PORT,),
       result.headers['Location']
     )
 
   def test_enable_cache(self):
     parameter_dict = self.assertSlaveBase('enable_cache')
 
+    source_ip = '127.0.0.1'
     result = fakeHTTPSResult(
       parameter_dict['domain'], parameter_dict['public-ipv4'],
       'test-path/deep/.././deeper', headers={
         'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
-        'revalidate=3600, stale-if-error=3600'})
+        'revalidate=3600, stale-if-error=3600',
+      },
+      source_ip=source_ip
+    )
 
     self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
 
@@ -3511,6 +3458,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     backend_headers = result.json()['Incoming Headers']
+    self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
     via = backend_headers.pop('via', None)
     self.assertNotEqual(via, None)
     self.assertRegexpMatches(
@@ -3576,6 +3524,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       )
 
       backend_headers = result.json()['Incoming Headers']
+      self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
       via = backend_headers.pop('via', None)
       self.assertNotEqual(via, None)
       self.assertRegexpMatches(
@@ -3743,6 +3692,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     backend_headers = result.json()['Incoming Headers']
+    self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
     via = backend_headers.pop('via', None)
     self.assertNotEqual(via, None)
     self.assertRegexpMatches(
@@ -3789,6 +3739,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     backend_headers = result.json()['Incoming Headers']
+    self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
     via = backend_headers.pop('via', None)
     self.assertNotEqual(via, None)
     self.assertRegexpMatches(
@@ -3879,6 +3830,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
 
     self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
 
+    self.assertBackendHeaders(
+      result.json()['Incoming Headers'], parameter_dict['domain'])
     self.assertEqual(
       'gzip', result.json()['Incoming Headers']['accept-encoding'])
 
@@ -3889,6 +3842,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
 
     self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
 
+    self.assertBackendHeaders(
+      result.json()['Incoming Headers'], parameter_dict['domain'])
     self.assertEqual(
       'deflate', result.json()['Incoming Headers']['accept-encoding'])
 
@@ -3915,6 +3870,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
 
     self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
 
+    self.assertBackendHeaders(
+      result.json()['Incoming Headers'], parameter_dict['domain'],
+      port=HTTP_PORT, proto='http')
     self.assertEqual(
       'gzip', result.json()['Incoming Headers']['accept-encoding'])
 
@@ -3925,6 +3883,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
 
     self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
 
+    self.assertBackendHeaders(
+      result.json()['Incoming Headers'], parameter_dict['domain'],
+      port=HTTP_PORT, proto='http')
     self.assertEqual(
       'deflate', result.json()['Incoming Headers']['accept-encoding'])
 
@@ -3955,6 +3916,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
 
     self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
 
+    self.assertBackendHeaders(
+      result.json()['Incoming Headers'], parameter_dict['domain'])
     self.assertEqual(
       'gzip', result.json()['Incoming Headers']['accept-encoding'])
 
@@ -3965,6 +3928,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
 
     self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
 
+    self.assertBackendHeaders(
+      result.json()['Incoming Headers'], parameter_dict['domain'])
     self.assertEqual(
       'deflate', result.json()['Incoming Headers']['accept-encoding'])
 
@@ -3995,7 +3960,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://%s/test-path/deeper' % (parameter_dict['domain'],),
+      'https://%s:%s/test-path/deeper' % (parameter_dict['domain'], HTTP_PORT),
       result.headers['Location']
     )
 
@@ -4010,7 +3975,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://%s/test-path/deeper' % (parameter_dict['domain'],),
+      'https://%s:%s/test-path/deeper' % (parameter_dict['domain'], HTTP_PORT),
       result.headers['Location']
     )
 
@@ -4024,7 +3989,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://%s/test-path/deeper' % (parameter_dict['domain'],),
+      'https://%s:%s/test-path/deeper' % (parameter_dict['domain'], HTTP_PORT),
       result.headers['Location']
     )
 
@@ -4038,7 +4003,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://%s/test-path/deeper' % (parameter_dict['domain'],),
+      'https://%s:%s/test-path/deeper' % (parameter_dict['domain'], HTTP_PORT),
       result.headers['Location']
     )
 
@@ -4059,189 +4024,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
 
     self.assertEqualResultJson(result, 'Path', '/test-path')
 
+    self.assertBackendHeaders(
+      result.json()['Incoming Headers'], parameter_dict['domain'])
     self.assertEqual(
       'Coffee=present', result.json()['Incoming Headers']['cookie'])
 
-  @skip('Not implemented in new test system')
-  def test_apache_custom_http_s_rejected(self):
-    parameter_dict = self.parseSlaveParameterDict(
-      'apache_custom_http_s-rejected')
-    self.assertEqual(
-      {
-        'request-error-list': ["slave not authorized"]
-      },
-      parameter_dict)
-    slave_configuration_file_list = glob.glob(os.path.join(
-      self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
-    # no configuration file contains provided custom http
-    configuration_file_with_custom_https_list = [
-      q for q in slave_configuration_file_list
-      if 'apache_custom_https_filled_in_rejected' in open(q).read()]
-    self.assertEqual([], configuration_file_with_custom_https_list)
-
-    configuration_file_with_custom_http_list = [
-      q for q in slave_configuration_file_list
-      if 'apache_custom_http_filled_in_rejected' in open(q).read()]
-    self.assertEqual([], configuration_file_with_custom_http_list)
-
-  def test_apache_custom_http_s_accepted(self):
-    parameter_dict = self.parseSlaveParameterDict(
-      'apache_custom_http_s-accepted')
-    self.assertLogAccessUrlWithPop(parameter_dict)
-    self.assertKedifaKeysWithPop(parameter_dict)
-    self.assertEqual(
-      {'replication_number': '1', 'public-ipv4': self._ipv4_address},
-      parameter_dict
-    )
-
-    result = fakeHTTPSResult(
-      'apachecustomhttpsaccepted.example.com',
-      parameter_dict['public-ipv4'], 'test-path')
-
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-
-    headers = result.headers.copy()
-
-    self.assertKeyWithPop('Server', headers)
-    self.assertKeyWithPop('Date', headers)
-
-    # drop vary-keys
-    headers.pop('Content-Length', None)
-    headers.pop('Transfer-Encoding', None)
-    headers.pop('Connection', None)
-    headers.pop('Keep-Alive', None)
-
-    self.assertEqual(
-      {
-        'Content-type': 'application/json',
-        'Set-Cookie': 'secured=value;secure, nonsecured=value'
-      },
-      headers
-    )
-
-    result_http = fakeHTTPResult(
-      'apachecustomhttpsaccepted.example.com',
-      parameter_dict['public-ipv4'], 'test-path')
-    self.assertEqualResultJson(result_http, 'Path', '/test-path')
-
-    slave_configuration_file_list = glob.glob(os.path.join(
-      self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
-    # no configuration file contains provided custom http
-    configuration_file_with_custom_https_list = [
-      q for q in slave_configuration_file_list
-      if 'apache_custom_https_filled_in_accepted' in open(q).read()]
-    self.assertEqual(1, len(configuration_file_with_custom_https_list))
-
-    configuration_file_with_custom_http_list = [
-      q for q in slave_configuration_file_list
-      if 'apache_custom_http_filled_in_accepted' in open(q).read()]
-    self.assertEqual(1, len(configuration_file_with_custom_http_list))
-
-  @skip('Not implemented in new test system')
-  def test_caddy_custom_http_s_rejected(self):
-    parameter_dict = self.parseSlaveParameterDict(
-      'caddy_custom_http_s-rejected')
-    self.assertEqual(
-      {
-        'request-error-list': ["slave not authorized"]
-      },
-      parameter_dict)
-    slave_configuration_file_list = glob.glob(os.path.join(
-      self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
-    # no configuration file contains provided custom http
-    configuration_file_with_custom_https_list = [
-      q for q in slave_configuration_file_list
-      if 'caddy_custom_https_filled_in_rejected' in open(q).read()]
-    self.assertEqual([], configuration_file_with_custom_https_list)
-
-    configuration_file_with_custom_http_list = [
-      q for q in slave_configuration_file_list
-      if 'caddy_custom_http_filled_in_rejected' in open(q).read()]
-    self.assertEqual([], configuration_file_with_custom_http_list)
-
-  @skip('Not implemented in new test system')
-  def test_caddy_custom_http_s(self):
-    parameter_dict = self.parseSlaveParameterDict(
-      'caddy_custom_http_s')
-    self.assertEqual(
-      {
-        'request-error-list': ["slave not authorized"]
-      },
-      parameter_dict)
-    slave_configuration_file_list = glob.glob(os.path.join(
-      self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
-    # no configuration file contains provided custom http
-    configuration_file_with_custom_https_list = [
-      q for q in slave_configuration_file_list
-      if 'caddy_custom_https_filled_in_rejected_2' in open(q).read()]
-    self.assertEqual([], configuration_file_with_custom_https_list)
-
-    configuration_file_with_custom_http_list = [
-      q for q in slave_configuration_file_list
-      if 'caddy_custom_http_filled_in_rejected_2' in open(q).read()]
-    self.assertEqual([], configuration_file_with_custom_http_list)
-
-  def test_caddy_custom_http_s_accepted(self):
-    parameter_dict = self.parseSlaveParameterDict(
-      'caddy_custom_http_s-accepted')
-    self.assertLogAccessUrlWithPop(parameter_dict)
-    self.assertKedifaKeysWithPop(parameter_dict)
-    self.assertEqual(
-      {'replication_number': '1', 'public-ipv4': self._ipv4_address},
-      parameter_dict
-    )
-
-    result = fakeHTTPSResult(
-      'caddycustomhttpsaccepted.example.com',
-      parameter_dict['public-ipv4'], 'test-path')
-
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-
-    headers = result.headers.copy()
-
-    self.assertKeyWithPop('Server', headers)
-    self.assertKeyWithPop('Date', headers)
-
-    # drop vary-keys
-    headers.pop('Content-Length', None)
-    headers.pop('Transfer-Encoding', None)
-    headers.pop('Connection', None)
-    headers.pop('Keep-Alive', None)
-
-    self.assertEqual(
-      {
-        'Content-type': 'application/json',
-        'Set-Cookie': 'secured=value;secure, nonsecured=value'
-      },
-      headers
-    )
-
-    result_http = fakeHTTPResult(
-      'caddycustomhttpsaccepted.example.com',
-      parameter_dict['public-ipv4'], 'test-path')
-    self.assertEqualResultJson(result_http, 'Path', '/test-path')
-
-    slave_configuration_file_list = glob.glob(os.path.join(
-      self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
-    # no configuration file contains provided custom http
-    configuration_file_with_custom_https_list = [
-      q for q in slave_configuration_file_list
-      if 'caddy_custom_https_filled_in_accepted' in open(q).read()]
-    self.assertEqual(1, len(configuration_file_with_custom_https_list))
-
-    configuration_file_with_custom_http_list = [
-      q for q in slave_configuration_file_list
-      if 'caddy_custom_http_filled_in_accepted' in open(q).read()]
-    self.assertEqual(1, len(configuration_file_with_custom_http_list))
-
   def test_https_url(self):
     parameter_dict = self.assertSlaveBase('url_https-url')
 
@@ -4265,7 +4052,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     )
 
     self.assertEqual(
-      'https://urlhttpsurl.example.com/test-path/deeper',
+      'https://urlhttpsurl.example.com:%s/test-path/deeper' % (HTTP_PORT,),
       result_http.headers['Location']
     )
 
@@ -4822,104 +4609,6 @@ class TestDefaultMonitorHttpdPort(SlaveHttpFrontendTestCase, TestDataMixin):
       'Listen [%s]:8072' % (self._ipv6_address,) in slave_monitor_conf)
 
 
-class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
-  @classmethod
-  def getInstanceParameterDict(cls):
-    return {
-      'domain': 'example.com',
-      'public-ipv4': cls._ipv4_address,
-      'enable-quic': 'true',
-      'port': HTTPS_PORT,
-      'plain_http_port': HTTP_PORT,
-      'mpm-graceful-shutdown-timeout': 2,
-      'kedifa_port': KEDIFA_PORT,
-      'caucase_port': CAUCASE_PORT,
-    }
-
-  @classmethod
-  def getSlaveParameterDictDict(cls):
-    return {
-      'url': {
-        'url': cls.backend_url,
-        'enable_cache': True,
-      },
-    }
-
-  # It is known problem that QUIC does not work after sending reload signal,
-  # SIGUSR1, see https://github.com/mholt/caddy/issues/2394
-  @expectedFailure
-  def test_url(self):
-    parameter_dict = self.parseSlaveParameterDict('url')
-    self.assertLogAccessUrlWithPop(parameter_dict)
-    self.assertKedifaKeysWithPop(parameter_dict)
-    self.assertEqual(
-      {
-        'domain': 'url.example.com',
-        'replication_number': '1',
-        'url': 'http://url.example.com',
-        'site_url': 'http://url.example.com',
-        'secure_access': 'https://url.example.com',
-        'public-ipv4': self._ipv4_address,
-      },
-      parameter_dict
-    )
-
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
-
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-
-    try:
-      j = result.json()
-    except Exception:
-      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
-
-    self.assertKeyWithPop('Date', result.headers)
-    self.assertKeyWithPop('Content-Length', result.headers)
-
-    def assertQUIC():
-      quic_status, quic_result = getQUIC(
-        'https://%s/%s' % (parameter_dict['domain'], 'test-path'),
-        parameter_dict['public-ipv4'],
-        HTTPS_PORT
-      )
-
-      self.assertTrue(quic_status, quic_result)
-
-      try:
-        quic_jsoned = quic_result.split('body: ')[2].split('trailers')[0]
-      except Exception:
-        raise ValueError('JSON not found at all in QUIC result:\n%s' % (
-          quic_result,))
-      try:
-        j = json.loads(quic_jsoned)
-      except Exception:
-        raise ValueError('JSON decode problem in:\n%s' % (quic_jsoned,))
-      key = 'Path'
-      self.assertTrue(key in j, 'No key %r in %s' % (key, j))
-      self.assertEqual('/test-path', j[key])
-
-    assertQUIC()
-    # https://github.com/mholt/caddy/issues/2394
-    # after sending USR1 to Caddy QUIC does not work, check current behaviour
-    caddy_pid = [
-      q['pid'] for q
-      in self.callSupervisorMethod('getAllProcessInfo')
-      if 'frontend_caddy' in q['name']][0]
-    os.kill(caddy_pid, signal.SIGUSR1)
-
-    # give caddy a moment to refresh its config, as sending signal does not
-    # block until caddy is refreshed
-    time.sleep(2)
-
-    assertQUIC()
-
-
 @skip('New test system cannot be used with failing promises')
 class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
   @classmethod
@@ -4937,13 +4626,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
   @classmethod
   def getSlaveParameterDictDict(cls):
     return {
-      're6st-optimal-test-nocomma': {
-        're6st-optimal-test': 'nocomma',
-      },
-      're6st-optimal-test-unsafe': {
-        're6st-optimal-test':
-        'new\nline;rm -fr ~;,new line\n[s${esection:eoption}',
-      },
       'custom_domain-unsafe': {
         'custom_domain': '${section:option} afterspace\nafternewline',
       },
@@ -4989,9 +4671,9 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
     expected_parameter_dict = {
       'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
       'domain': 'example.com',
-      'accepted-slave-amount': '8',
+      'accepted-slave-amount': '6',
       'rejected-slave-amount': '3',
-      'slave-amount': '11',
+      'slave-amount': '9',
       'rejected-slave-dict': {
         '_bad-ciphers': [
           "Cipher 'bad' is not supported.",
@@ -5037,83 +4719,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
 
     self.assertEqualResultJson(result, 'Path', '/test-path')
 
-  def test_re6st_optimal_test_unsafe(self):
-    parameter_dict = self.parseSlaveParameterDict('re6st-optimal-test-unsafe')
-    self.assertLogAccessUrlWithPop(parameter_dict)
-    self.assertKedifaKeysWithPop(parameter_dict)
-    self.assertEqual(
-      {
-        'domain': 're6stoptimaltestunsafe.example.com',
-        'replication_number': '1',
-        'url': 'http://re6stoptimaltestunsafe.example.com',
-        'site_url': 'http://re6stoptimaltestunsafe.example.com',
-        'secure_access': 'https://re6stoptimaltestunsafe.example.com',
-        'public-ipv4': self._ipv4_address,
-      },
-      parameter_dict
-    )
-
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
-
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-
-    self.assertEqual(httplib.NOT_FOUND, result.status_code)
-
-    monitor_file = glob.glob(
-      os.path.join(
-        self.instance_path, '*', 'etc', 'plugin',
-        'check-_re6st-optimal-test-unsafe-re6st-optimal-test.py'))[0]
-
-    # Note: The result is a bit differnt from the request (newlines stripped),
-    #       but good enough to prove, that ${esection:eoption} has been
-    #       correctly passed to the script.
-    self.assertEqual(
-      getPluginParameterDict(self.software_path, monitor_file),
-      {
-        'frequency': '720',
-        'ipv4': 'new line\n[s${esection:eoption}',
-        'ipv6': 'new\nline;rm -fr ~;',
-      }
-    )
-
-  def test_re6st_optimal_test_nocomma(self):
-    parameter_dict = self.parseSlaveParameterDict('re6st-optimal-test-nocomma')
-    self.assertLogAccessUrlWithPop(parameter_dict)
-    self.assertKedifaKeysWithPop(parameter_dict)
-    self.assertEqual(
-      {
-        'domain': 're6stoptimaltestnocomma.example.com',
-        'replication_number': '1',
-        'url': 'http://re6stoptimaltestnocomma.example.com',
-        'site_url': 'http://re6stoptimaltestnocomma.example.com',
-        'secure_access': 'https://re6stoptimaltestnocomma.example.com',
-        'public-ipv4': self._ipv4_address,
-      },
-      parameter_dict
-    )
-
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
-
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-
-    self.assertEqual(httplib.NOT_FOUND, result.status_code)
-
-    # assert that there is no nocomma file
-    monitor_file_list = glob.glob(
-      os.path.join(
-        self.instance_path, '*', 'etc', 'plugin',
-        'check-_re6st-optimal-test-nocomma-re6st-optimal-test.py'))
-    self.assertEqual(
-      [],
-      monitor_file_list
-    )
-
   def test_custom_domain_unsafe(self):
     parameter_dict = self.parseSlaveParameterDict('custom_domain-unsafe')
     self.assertEqual(
@@ -6585,8 +6190,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
     return {
       'domain': 'example.com',
       'public-ipv4': cls._ipv4_address,
-      '-frontend-authorized-slave-string':
-      '_apache_custom_http_s-accepted _caddy_custom_http_s-accepted',
       'port': HTTPS_PORT,
       'plain_http_port': HTTP_PORT,
       'kedifa_port': KEDIFA_PORT,

software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestDefaultMonitorHttpdPort.test_file_list_log-CADDY.txt

 T-0/var/log/slapgrid-T-0-error.log
 T-1/var/log/expose-csr_id.log
-T-1/var/log/kedifa.log
+T-1/var/log/kedifa.log
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestDuplicateSiteKeyProtection.test_file_list_log-CADDY.txt

@@ -11,4 +11,4 @@ T-2/var/log/httpd/_site_1_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_log-CADDY.txt

@@ -21,4 +21,4 @@ T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -21,4 +21,4 @@ T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_log-CADDY.txt

@@ -21,4 +21,4 @@ T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -21,4 +21,4 @@ T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMalformedBackenUrlSlave.test_file_list_log-CADDY.txt

@@ -11,4 +11,4 @@ T-2/var/log/httpd/_empty_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_log-CADDY.txt

@@ -11,4 +11,4 @@ T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_log-CADDY.txt

@@ -11,4 +11,4 @@ T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_file_list_log-CADDY.txt

@@ -15,4 +15,4 @@ T-2/var/log/httpd/_url_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestQuicEnabled.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_log-CADDY.txt

@@ -15,4 +15,4 @@ T-2/var/log/httpd/_default_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_log-CADDY.txt

@@ -11,4 +11,4 @@ T-2/var/log/httpd/_default_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_etc_cron_d-CADDY.txt

@@ -15,4 +15,4 @@ T-3/etc/cron.d/logrotate
 T-3/etc/cron.d/monitor-configurator
 T-3/etc/cron.d/monitor-globalstate
 T-3/etc/cron.d/monitor_collect
-T-3/etc/cron.d/trafficserver-logrotate
+T-3/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_log-CADDY.txt

@@ -13,4 +13,4 @@ T-2/var/log/httpd/_replicate_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt

@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_Url_access_log
 T-2/var/log/httpd/_Url_error_log
-T-2/var/log/httpd/_apache_custom_http_s-accepted_access_log
-T-2/var/log/httpd/_apache_custom_http_s-accepted_error_log
-T-2/var/log/httpd/_caddy_custom_http_s-accepted_access_log
-T-2/var/log/httpd/_caddy_custom_http_s-accepted_error_log
 T-2/var/log/httpd/_ciphers_access_log
 T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
@@ -76,8 +72,6 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
-T-2/var/log/httpd/_re6st-optimal-test_access_log
-T-2/var/log/httpd/_re6st-optimal-test_error_log
 T-2/var/log/httpd/_server-alias-duplicated_access_log
 T-2/var/log/httpd/_server-alias-duplicated_error_log
 T-2/var/log/httpd/_server-alias-wildcard_access_log
@@ -135,4 +129,4 @@ T-2/var/log/httpd/_url_https-url_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_plugin-CADDY.txt

@@ -27,7 +27,6 @@ T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
 T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
-T-2/etc/plugin/check-_re6st-optimal-test-re6st-optimal-test.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
@@ -36,4 +35,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlave.test_master_partition_state-CADDY.txt

@@ -2,4 +2,4 @@ SetEnvIf Origin "^http(s)?://(.+\.)?(monitor\.app\.officejs\.com)$" ORIGIN_DOMAI
 Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
 Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
 Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
-Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlave.test_monitor_promise_list-CADDY.txt

 T-2/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test
 T-2/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test
-T-2/etc/monitor-promise/check-_re6st-optimal-test-re6st-optimal-test

software/caddy-frontend/test/test_data/test.TestSlave.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_file_list_log-CADDY.txt

@@ -12,10 +12,6 @@ T-2/var/log/httpd/_monitor-ipv4-test-unsafe_access_log
 T-2/var/log/httpd/_monitor-ipv4-test-unsafe_error_log
 T-2/var/log/httpd/_monitor-ipv6-test-unsafe_access_log
 T-2/var/log/httpd/_monitor-ipv6-test-unsafe_error_log
-T-2/var/log/httpd/_re6st-optimal-test-nocomma_access_log
-T-2/var/log/httpd/_re6st-optimal-test-nocomma_error_log
-T-2/var/log/httpd/_re6st-optimal-test-unsafe_access_log
-T-2/var/log/httpd/_re6st-optimal-test-unsafe_error_log
 T-2/var/log/httpd/_server-alias-same_access_log
 T-2/var/log/httpd/_server-alias-same_error_log
 T-2/var/log/httpd/_virtualhostroot-http-port-unsafe_access_log
@@ -25,4 +21,4 @@ T-2/var/log/httpd/_virtualhostroot-https-port-unsafe_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_monitor_promise_list-CADDY.txt

 T-2/etc/monitor-promise/check-_monitor-ipv4-test-unsafe-ipv4-packet-list-test
 T-2/etc/monitor-promise/check-_monitor-ipv6-test-unsafe-ipv6-packet-list-test
-T-2/etc/monitor-promise/check-_re6st-optimal-test-unsafe-re6st-optimal-test

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_log-CADDY.txt

@@ -19,4 +19,4 @@ T-2/var/log/httpd/_own_ciphers_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_Url_access_log
 T-2/var/log/httpd/_Url_error_log
-T-2/var/log/httpd/_apache_custom_http_s-accepted_access_log
-T-2/var/log/httpd/_apache_custom_http_s-accepted_error_log
-T-2/var/log/httpd/_caddy_custom_http_s-accepted_access_log
-T-2/var/log/httpd/_caddy_custom_http_s-accepted_error_log
 T-2/var/log/httpd/_ciphers_access_log
 T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
@@ -76,8 +72,6 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
-T-2/var/log/httpd/_re6st-optimal-test_access_log
-T-2/var/log/httpd/_re6st-optimal-test_error_log
 T-2/var/log/httpd/_server-alias-duplicated_access_log
 T-2/var/log/httpd/_server-alias-duplicated_error_log
 T-2/var/log/httpd/_server-alias-wildcard_access_log
@@ -135,4 +129,4 @@ T-2/var/log/httpd/_url_https-url_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

@@ -27,7 +27,6 @@ T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
 T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
-T-2/etc/plugin/check-_re6st-optimal-test-re6st-optimal-test.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
@@ -36,4 +35,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_master_partition_state-CADDY.txt

@@ -2,4 +2,4 @@ SetEnvIf Origin "^http(s)?://(.+\.)?(monitor\.app\.officejs\.com)$" ORIGIN_DOMAI
 Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
 Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
 Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
-Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_monitor_promise_list-CADDY.txt

 T-1/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test
 T-1/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test
-T-1/etc/monitor-promise/check-_re6st-optimal-test-re6st-optimal-test

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_log-CADDY.txt

@@ -37,4 +37,4 @@ T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_log-CADDY.txt

@@ -15,4 +15,4 @@ T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_etc_cron_d-CADDY.txt

@@ -10,4 +10,4 @@ T-2/etc/cron.d/logrotate
 T-2/etc/cron.d/monitor-configurator
 T-2/etc/cron.d/monitor-globalstate
 T-2/etc/cron.d/monitor_collect
-T-2/etc/cron.d/trafficserver-logrotate
+T-2/etc/cron.d/trafficserver-logrotate
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_log-CADDY.txt

@@ -15,4 +15,4 @@ T-2/var/log/httpd/_ssl_from_master_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/trafficserver/manager.log
-T-2/var/log/trafficserver/traffic.out
+T-2/var/log/trafficserver/traffic.out
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin-CADDY.txt

@@ -33,4 +33,4 @@ T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/re6st-connectivity.py
 T-2/etc/plugin/trafficserver-cache-availability.py
-T-2/etc/plugin/trafficserver-port-listening.py
+T-2/etc/plugin/trafficserver-port-listening.py
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_run-CADDY.txt

@@ -3,4 +3,4 @@ T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
-T-2/var/run/monitor-httpd.pid
+T-2/var/run/monitor-httpd.pid
\ No newline at end of file

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_supervisor_state-CADDY.txt

@@ -30,4 +30,4 @@ T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
-T-2:trafficserver-reload EXITED
+T-2:trafficserver-reload EXITED
\ No newline at end of file

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
+T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_dummy-cached_access_log
+T-2/var/log/httpd/_dummy-cached_error_log
+T-2/var/log/httpd/_enable-http2-default_access_log
+T-2/var/log/httpd/_enable-http2-default_error_log
+T-2/var/log/httpd/_enable-http2-false_access_log
+T-2/var/log/httpd/_enable-http2-false_error_log
+T-2/var/log/httpd/_enable-http2-true_access_log
+T-2/var/log/httpd/_enable-http2-true_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultDefaultSlave.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
+T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_dummy-cached_access_log
+T-2/var/log/httpd/_dummy-cached_error_log
+T-2/var/log/httpd/_enable-http2-default_access_log
+T-2/var/log/httpd/_enable-http2-default_error_log
+T-2/var/log/httpd/_enable-http2-false_access_log
+T-2/var/log/httpd/_enable-http2-false_error_log
+T-2/var/log/httpd/_enable-http2-true_access_log
+T-2/var/log/httpd/_enable-http2-true_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
+T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_dummy-cached_access_log
+T-2/var/log/httpd/_dummy-cached_error_log
+T-2/var/log/httpd/_enable-http2-default_access_log
+T-2/var/log/httpd/_enable-http2-default_error_log
+T-2/var/log/httpd/_enable-http2-false_access_log
+T-2/var/log/httpd/_enable-http2-false_error_log
+T-2/var/log/httpd/_enable-http2-true_access_log
+T-2/var/log/httpd/_enable-http2-true_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultFalseSlave.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
+T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_dummy-cached_access_log
+T-2/var/log/httpd/_dummy-cached_error_log
+T-2/var/log/httpd/_enable-http2-default_access_log
+T-2/var/log/httpd/_enable-http2-default_error_log
+T-2/var/log/httpd/_enable-http2-false_access_log
+T-2/var/log/httpd/_enable-http2-false_error_log
+T-2/var/log/httpd/_enable-http2-true_access_log
+T-2/var/log/httpd/_enable-http2-true_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestMasterRequest.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestMasterRequest.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestMasterRequest.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestMasterRequest.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestMasterRequest.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestMasterRequestDomain.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestMasterRequestDomain.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestMasterRequestDomain.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestMasterRequestDomain.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestMasterRequestDomain.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestQuicEnabled.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestQuicEnabled.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_url_access_log
+T-2/var/log/httpd-cache-direct/_url_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_url_access_log
+T-2/var/log/httpd/_url_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestQuicEnabled.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestQuicEnabled.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestQuicEnabled.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestRe6stVerificationUrlDefaultSlave.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestRe6stVerificationUrlDefaultSlave.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_default_access_log
+T-2/var/log/httpd-cache-direct/_default_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_default_access_log
+T-2/var/log/httpd/_default_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestRe6stVerificationUrlDefaultSlave.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestRe6stVerificationUrlDefaultSlave.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestRe6stVerificationUrlDefaultSlave.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestSlave.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestSlave.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_Url_access_log
+T-2/var/log/httpd/_Url_error_log
+T-2/var/log/httpd/_ciphers_access_log
+T-2/var/log/httpd/_ciphers_error_log
+T-2/var/log/httpd/_custom_domain_access_log
+T-2/var/log/httpd/_custom_domain_error_log
+T-2/var/log/httpd/_custom_domain_server_alias_access_log
+T-2/var/log/httpd/_custom_domain_server_alias_error_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
+T-2/var/log/httpd/_custom_domain_wildcard_access_log
+T-2/var/log/httpd/_custom_domain_wildcard_error_log
+T-2/var/log/httpd/_disabled-cookie-list_access_log
+T-2/var/log/httpd/_disabled-cookie-list_error_log
+T-2/var/log/httpd/_empty_access_log
+T-2/var/log/httpd/_empty_error_log
+T-2/var/log/httpd/_enable-http2-default_access_log
+T-2/var/log/httpd/_enable-http2-default_error_log
+T-2/var/log/httpd/_enable-http2-false_access_log
+T-2/var/log/httpd/_enable-http2-false_error_log
+T-2/var/log/httpd/_enable_cache-disable-no-cache-request_access_log
+T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
+T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
+T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_access_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_error_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+T-2/var/log/httpd/_enable_cache_access_log
+T-2/var/log/httpd/_enable_cache_custom_domain_access_log
+T-2/var/log/httpd/_enable_cache_custom_domain_error_log
+T-2/var/log/httpd/_enable_cache_error_log
+T-2/var/log/httpd/_enable_cache_server_alias_access_log
+T-2/var/log/httpd/_enable_cache_server_alias_error_log
+T-2/var/log/httpd/_https-only_access_log
+T-2/var/log/httpd/_https-only_error_log
+T-2/var/log/httpd/_monitor-ipv4-test_access_log
+T-2/var/log/httpd/_monitor-ipv4-test_error_log
+T-2/var/log/httpd/_monitor-ipv6-test_access_log
+T-2/var/log/httpd/_monitor-ipv6-test_error_log
+T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
+T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
+T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
+T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
+T-2/var/log/httpd/_server-alias-duplicated_access_log
+T-2/var/log/httpd/_server-alias-duplicated_error_log
+T-2/var/log/httpd/_server-alias-wildcard_access_log
+T-2/var/log/httpd/_server-alias-wildcard_error_log
+T-2/var/log/httpd/_server-alias_access_log
+T-2/var/log/httpd/_server-alias_custom_domain-duplicated_access_log
+T-2/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
+T-2/var/log/httpd/_server-alias_error_log
+T-2/var/log/httpd/_ssl-proxy-verify-unverified_access_log
+T-2/var/log/httpd/_ssl-proxy-verify-unverified_error_log
+T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
+T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
+T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
+T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
+T-2/var/log/httpd/_ssl_ca_crt_only_access_log
+T-2/var/log/httpd/_ssl_ca_crt_only_error_log
+T-2/var/log/httpd/_type-notebook_access_log
+T-2/var/log/httpd/_type-notebook_error_log
+T-2/var/log/httpd/_type-redirect_access_log
+T-2/var/log/httpd/_type-redirect_error_log
+T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_access_log
+T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_error_log
+T-2/var/log/httpd/_type-websocket-websocket-path-list_access_log
+T-2/var/log/httpd/_type-websocket-websocket-path-list_error_log
+T-2/var/log/httpd/_type-websocket-websocket-transparent-false_access_log
+T-2/var/log/httpd/_type-websocket-websocket-transparent-false_error_log
+T-2/var/log/httpd/_type-websocket_access_log
+T-2/var/log/httpd/_type-websocket_error_log
+T-2/var/log/httpd/_type-zope-default-path_access_log
+T-2/var/log/httpd/_type-zope-default-path_error_log
+T-2/var/log/httpd/_type-zope-path_access_log
+T-2/var/log/httpd/_type-zope-path_error_log
+T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_access_log
+T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_error_log
+T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
+T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_error_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log
+T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_error_log
+T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_access_log
+T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_error_log
+T-2/var/log/httpd/_type-zope_access_log
+T-2/var/log/httpd/_type-zope_error_log
+T-2/var/log/httpd/_url_https-url_access_log
+T-2/var/log/httpd/_url_https-url_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestSlave.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
+T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestSlave.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestSlave.test_master_partition_state-CADDY.txt

+SetEnvIf Origin "^http(s)?://(.+\.)?(monitor\.app\.officejs\.com)$" ORIGIN_DOMAIN=$0
+Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN

software/caddy-frontend/test/test_data/test.test.TestSlave.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestSlaveCiphers.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestSlaveCiphers.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_default_ciphers_access_log
+T-2/var/log/httpd-cache-direct/_default_ciphers_error_log
+T-2/var/log/httpd-cache-direct/_own_ciphers_access_log
+T-2/var/log/httpd-cache-direct/_own_ciphers_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_default_ciphers_access_log
+T-2/var/log/httpd/_default_ciphers_error_log
+T-2/var/log/httpd/_own_ciphers_access_log
+T-2/var/log/httpd/_own_ciphers_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestSlaveCiphers.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestSlaveCiphers.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestSlaveCiphers.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestSlaveGlobalDisableHttp2.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache_error_log
+T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_access_log
+T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_Url_access_log
+T-2/var/log/httpd/_Url_error_log
+T-2/var/log/httpd/_ciphers_access_log
+T-2/var/log/httpd/_ciphers_error_log
+T-2/var/log/httpd/_custom_domain_access_log
+T-2/var/log/httpd/_custom_domain_error_log
+T-2/var/log/httpd/_custom_domain_server_alias_access_log
+T-2/var/log/httpd/_custom_domain_server_alias_error_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
+T-2/var/log/httpd/_custom_domain_wildcard_access_log
+T-2/var/log/httpd/_custom_domain_wildcard_error_log
+T-2/var/log/httpd/_disabled-cookie-list_access_log
+T-2/var/log/httpd/_disabled-cookie-list_error_log
+T-2/var/log/httpd/_empty_access_log
+T-2/var/log/httpd/_empty_error_log
+T-2/var/log/httpd/_enable-http2-default_access_log
+T-2/var/log/httpd/_enable-http2-default_error_log
+T-2/var/log/httpd/_enable-http2-false_access_log
+T-2/var/log/httpd/_enable-http2-false_error_log
+T-2/var/log/httpd/_enable_cache-disable-no-cache-request_access_log
+T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
+T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
+T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_access_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_error_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+T-2/var/log/httpd/_enable_cache_access_log
+T-2/var/log/httpd/_enable_cache_custom_domain_access_log
+T-2/var/log/httpd/_enable_cache_custom_domain_error_log
+T-2/var/log/httpd/_enable_cache_error_log
+T-2/var/log/httpd/_enable_cache_server_alias_access_log
+T-2/var/log/httpd/_enable_cache_server_alias_error_log
+T-2/var/log/httpd/_https-only_access_log
+T-2/var/log/httpd/_https-only_error_log
+T-2/var/log/httpd/_monitor-ipv4-test_access_log
+T-2/var/log/httpd/_monitor-ipv4-test_error_log
+T-2/var/log/httpd/_monitor-ipv6-test_access_log
+T-2/var/log/httpd/_monitor-ipv6-test_error_log
+T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
+T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
+T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
+T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
+T-2/var/log/httpd/_server-alias-duplicated_access_log
+T-2/var/log/httpd/_server-alias-duplicated_error_log
+T-2/var/log/httpd/_server-alias-wildcard_access_log
+T-2/var/log/httpd/_server-alias-wildcard_error_log
+T-2/var/log/httpd/_server-alias_access_log
+T-2/var/log/httpd/_server-alias_custom_domain-duplicated_access_log
+T-2/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
+T-2/var/log/httpd/_server-alias_error_log
+T-2/var/log/httpd/_ssl-proxy-verify-unverified_access_log
+T-2/var/log/httpd/_ssl-proxy-verify-unverified_error_log
+T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
+T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
+T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
+T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
+T-2/var/log/httpd/_ssl_ca_crt_only_access_log
+T-2/var/log/httpd/_ssl_ca_crt_only_error_log
+T-2/var/log/httpd/_type-notebook_access_log
+T-2/var/log/httpd/_type-notebook_error_log
+T-2/var/log/httpd/_type-redirect_access_log
+T-2/var/log/httpd/_type-redirect_error_log
+T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_access_log
+T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_error_log
+T-2/var/log/httpd/_type-websocket-websocket-path-list_access_log
+T-2/var/log/httpd/_type-websocket-websocket-path-list_error_log
+T-2/var/log/httpd/_type-websocket-websocket-transparent-false_access_log
+T-2/var/log/httpd/_type-websocket-websocket-transparent-false_error_log
+T-2/var/log/httpd/_type-websocket_access_log
+T-2/var/log/httpd/_type-websocket_error_log
+T-2/var/log/httpd/_type-zope-default-path_access_log
+T-2/var/log/httpd/_type-zope-default-path_error_log
+T-2/var/log/httpd/_type-zope-path_access_log
+T-2/var/log/httpd/_type-zope-path_error_log
+T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_access_log
+T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_error_log
+T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
+T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_error_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log
+T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_error_log
+T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_access_log
+T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_error_log
+T-2/var/log/httpd/_type-zope_access_log
+T-2/var/log/httpd/_type-zope_error_log
+T-2/var/log/httpd/_url_https-url_access_log
+T-2/var/log/httpd/_url_https-url_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
+T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestSlaveGlobalDisableHttp2.test_master_partition_state-CADDY.txt

+SetEnvIf Origin "^http(s)?://(.+\.)?(monitor\.app\.officejs\.com)$" ORIGIN_DOMAIN=$0
+Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN

software/caddy-frontend/test/test_data/test.test.TestSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_ssl_from_master_access_log
+T-2/var/log/httpd-cache-direct/_ssl_from_master_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
+T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
+T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
+T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
+T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
+T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
+T-2/var/log/httpd/_ssl_from_master_access_log
+T-2/var/log/httpd/_ssl_from_master_error_log
+T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_access_log
+T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_error_log
+T-2/var/log/httpd/_ssl_from_slave_access_log
+T-2/var/log/httpd/_ssl_from_slave_error_log
+T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_access_log
+T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_error_log
+T-2/var/log/httpd/_type-notebook-ssl_from_master_access_log
+T-2/var/log/httpd/_type-notebook-ssl_from_master_error_log
+T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_access_log
+T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_error_log
+T-2/var/log/httpd/_type-notebook-ssl_from_slave_access_log
+T-2/var/log/httpd/_type-notebook-ssl_from_slave_error_log
+T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_access_log
+T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibility.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_ssl_from_master_kedifa_overrides_master_certificate_access_log
+T-2/var/log/httpd-cache-direct/_ssl_from_master_kedifa_overrides_master_certificate_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log
+T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr_id.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/httpd-cache-direct/_ssl_from_master_access_log
+T-2/var/log/httpd-cache-direct/_ssl_from_master_error_log
+T-2/var/log/httpd-csr_id/expose-csr_id.log
+T-2/var/log/httpd/_ssl_from_master_access_log
+T-2/var/log/httpd/_ssl_from_master_error_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/trafficserver/manager.log
+T-2/var/log/trafficserver/traffic.out

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_cached.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caddy_ssl_cached.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_supervisor_state-CADDY.txt

+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/cloudooo/buildout.hash.cfg

@@ -18,4 +18,4 @@ md5sum = 6e4431cf4b0a0d034402604b1e2844c0
 
 [template-cloudooo-instance]
 filename = instance-cloudooo.cfg.in
-md5sum = e01ee969a45d44d386653a9eb699cc59
+md5sum = e49ee3e309a19f9a3a9590789690c611

software/cloudooo/instance-cloudooo-input-schema.json

@@ -18,27 +18,6 @@
       "default": 1,
       "type": "integer"
     },
-    "ssl": {
-      "description": "Custom ssl certificate, key and optionaly client ca-cert and crl",
-      "properties": {
-        "cert": {
-          "description": "The content of the certificate file",
-          "type": "string"
-        },
-        "key": {
-          "description": "The content of the ssl key file",
-          "type": "string"
-        },
-        "ca-cert": {
-          "description": "The content of the ca-certificate file",
-          "type": "string"
-        },
-        "crl": {
-          "description": "The content of the revocation file",
-          "type": "string"
-        }
-      }
-    },
     "timeout": {
       "description": "Configure apache with this timeout",
       "type": "integer"

software/cloudooo/instance-cloudooo.cfg.in

@@ -24,11 +24,6 @@
 {% endif -%}
 {% do assert(timeout > 0) -%}
 
-{% set ssl_parameter_dict = instance_parameter_dict.get('ssl', {}) %}
-{% if instance_parameter_dict.get('ssl-dict-parameter-name') -%}
-{%   set ssl_parameter_dict = slapparameter_dict.get(instance_parameter_dict['ssl-dict-parameter-name'], ssl_parameter_dict) -%}
-{% endif -%}
-
 {% set mimetype_entry_addition = instance_parameter_dict.get('mimetype-entry-addition', '') -%}
 {% if instance_parameter_dict.get('mimetype-entry-addition-parameter-name') -%}
 {%   set mimetype_entry_addition = mimetype_entry_addition ~ "\n" ~ slapparameter_dict.get(instance_parameter_dict['mimetype-entry-addition-parameter-name'], '') -%}
@@ -110,9 +105,6 @@ cert = ${apache-ssl:cert}
 key = ${apache-ssl:key}
 cipher =
 ssl-session-cache = ${directory:log}/apache-ssl-session-cache
-# Client x509 auth
-ca-cert = ${apache-ssl-client:cert}
-crl = ${apache-ssl-client:crl}
 
 [apache-promise]
 # Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
@@ -131,28 +123,10 @@ ca-cert =  ${directory:apache-conf}/ca.crt
 crl = ${directory:apache-conf}/crl.pem
 
 [apache-ssl]
-{% if ssl_parameter_dict.get('key') -%}
-key = ${apache-ssl-key:rendered}
-cert = ${apache-ssl-cert:rendered}
-{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
-{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
-{% else %}
 recipe = plone.recipe.command
 command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
 key = ${apache-conf-ssl:key}
 cert = ${apache-conf-ssl:cert}
-{%- endif %}
-
-[apache-ssl-client]
-{% if ssl_parameter_dict.get('ca-cert') -%}
-cert = ${apache-ssl-ca:rendered}
-crl = ${apache-ssl-crl:rendered}
-{{ simplefile('apache-ssl-ca', '${apache-conf-ssl:ca-cert}', ssl_parameter_dict['ca-cert']) }}
-{{ simplefile('apache-ssl-crl', '${apache-conf-ssl:crl}', ssl_parameter_dict['crl']) }}
-{% else %}
-cert =
-crl =
-{%- endif %}
 
 [apache-logrotate]
 < = logrotate-entry-base
@@ -189,9 +163,8 @@ includes =
 recipe = slapos.cookbook:generic.cloudooo
 ip = {{ ipv4 }}
 environment =
-  LD_LIBRARY_PATH = {{ parameter_dict['cairo'] }}/lib:{{ parameter_dict['cups'] }}/lib:{{ parameter_dict['cups'] }}/lib64:{{ parameter_dict['dbus'] }}/lib:{{ parameter_dict['dbus-glib'] }}/lib:{{ parameter_dict['file'] }}/lib:{{ parameter_dict['fontconfig'] }}/lib:{{ parameter_dict['freetype'] }}/lib:{{ parameter_dict['glib'] }}/lib:{{ parameter_dict['glu'] }}/lib:{{ parameter_dict['libICE'] }}/lib:{{ parameter_dict['libSM'] }}/lib:{{ parameter_dict['libX11'] }}/lib:{{ parameter_dict['libXau'] }}/lib:{{ parameter_dict['libXdmcp'] }}/lib:{{ parameter_dict['libXext'] }}/lib:{{ parameter_dict['libXrender'] }}/lib:{{ parameter_dict['libexpat'] }}/lib:{{ parameter_dict['libffi'] }}/lib:{{ parameter_dict['libffi'] }}/lib64:{{ parameter_dict['libpng12'] }}/lib:{{ parameter_dict['libxcb'] }}/lib:{{ parameter_dict['mesa'] }}/lib:{{ parameter_dict['pixman'] }}/lib:{{ parameter_dict['xdamage'] }}/lib:{{ parameter_dict['xfixes'] }}/lib:{{ parameter_dict['zlib'] }}/lib
+  LD_LIBRARY_PATH = {{ parameter_dict['cairo'] }}/lib:{{ parameter_dict['cups'] }}/lib:{{ parameter_dict['cups'] }}/lib64:{{ parameter_dict['dbus'] }}/lib:{{ parameter_dict['dbus-glib'] }}/lib:{{ parameter_dict['file'] }}/lib:{{ parameter_dict['fontconfig'] }}/lib:{{ parameter_dict['freetype'] }}/lib:{{ parameter_dict['gcc'] }}/lib:{{ parameter_dict['gcc'] }}/lib64:{{ parameter_dict['glib'] }}/lib:{{ parameter_dict['glu'] }}/lib:{{ parameter_dict['libICE'] }}/lib:{{ parameter_dict['libSM'] }}/lib:{{ parameter_dict['libX11'] }}/lib:{{ parameter_dict['libXau'] }}/lib:{{ parameter_dict['libXdmcp'] }}/lib:{{ parameter_dict['libXext'] }}/lib:{{ parameter_dict['libXrender'] }}/lib:{{ parameter_dict['libexpat'] }}/lib:{{ parameter_dict['libffi'] }}/lib:{{ parameter_dict['libffi'] }}/lib64:{{ parameter_dict['libpng12'] }}/lib:{{ parameter_dict['libxcb'] }}/lib:{{ parameter_dict['mesa'] }}/lib:{{ parameter_dict['pixman'] }}/lib:{{ parameter_dict['xdamage'] }}/lib:{{ parameter_dict['xfixes'] }}/lib:{{ parameter_dict['zlib'] }}/lib
   FONTCONFIG_FILE = ${fontconfig-conf:rendered}
-
   PATH = ${binary-link:target-directory}
 mimetype_entry_addition =
 {% for entry in mimetype_entry_addition.splitlines() -%}

software/cloudooo/software-common.cfg

@@ -4,6 +4,7 @@ extends =
   ../../stack/cloudooo.cfg
   ../../stack/logrotate/buildout.cfg
   ../../stack/monitor/buildout.cfg
+  ../../component/defaults.cfg
 parts =
   ${cloudooo-buildout:parts}
 
@@ -62,6 +63,7 @@ fontconfig-includes =
   ${fontconfig:location}/etc/fonts/conf.d
 
 freetype = ${freetype:location}
+gcc = ${gcc:prefix}
 glib = ${glib:location}
 glu = ${glu:location}
 haproxy = ${haproxy:location}

software/erp5/instance-erp5-input-schema.json

@@ -84,7 +84,8 @@
         "software-url": {
           "description": "Front-end's software type. If this parameter is empty, no front-end instance is requested. Else, sla-dict must specify 'frontend' which is a special value matching all frontends (e.g. {\"instance_guid=bar\": [\"frontend\"]}).",
           "default": "",
-          "type": "string"
+          "type": "string",
+          "format": "uri"
         },
         "domain": {
           "description": "The domain name to request front-end to respond as.",
@@ -225,7 +226,8 @@
     "cloudooo-url": {
       "description": "Format conversion service URL",
       "pattern": "^https?://",
-      "type": "string"
+      "type": "string",
+      "format": "uri"
     },
     "cloudooo-retry-count": {
       "description": "Define retry count for cloudooo in network error case in test",
@@ -453,10 +455,21 @@
         "ssl": {
           "description": "HTTPS certificate generation parameters",
           "properties": {
+            "frontend-caucase-url-list": {
+              "title": "Frontend Caucase URL List",
+              "description": "List of URLs of caucase service of frontend groups to authenticate access from them.",
+              "type": "array",
+              "items": {
+                "type": "string",
+                "format": "uri"
+              },
+              "uniqueItems": true
+            },
             "caucase-url": {
               "title": "Caucase URL",
               "description": "URL of caucase service to use. If not set, global setting will be used.",
-              "type": "string"
+              "type": "string",
+              "format": "uri"
             },
             "csr": {
               "title": "csr",

software/erp5/test/test/test_balancer.py

+from . import ERP5InstanceTestCase
+from . import setUpModule
+from slapos.testing.utils import findFreeTCPPort
+
+from BaseHTTPServer import HTTPServer
+from BaseHTTPServer import BaseHTTPRequestHandler
+import OpenSSL.SSL
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography import x509
+from cryptography.x509.oid import NameOID
+import hashlib
+import json
+import multiprocessing
+import os
+import requests
+import shutil
+import subprocess
+import tempfile
+import time
+
+setUpModule  # pyflakes
+
+class TestHandler(BaseHTTPRequestHandler):
+  def do_GET(self):
+    self.send_response(200)
+    self.send_header("Content-Type", "application/json")
+    response = {
+      'Path': self.path,
+      'Incoming Headers': self.headers.dict
+    }
+    response = json.dumps(response, indent=2)
+    self.end_headers()
+    self.wfile.write(response)
+
+class TestFrontendXForwardedFor(ERP5InstanceTestCase):
+  __partition_reference__ = 'xff'
+  http_server_process = None
+  frontend_caucase_dir = None
+  frontend_caucased_process = None
+  backend_caucase_dir = None
+  backend_caucased_process = None
+
+  @classmethod
+  def getInstanceSoftwareType(cls):
+    return 'balancer'
+
+  @classmethod
+  def setUpClass(cls):
+    # start a dummy web server echoing headers.
+    http_server_port = findFreeTCPPort(cls._ipv4_address)
+    server = HTTPServer(
+      (cls._ipv4_address, http_server_port),
+      TestHandler)
+    cls.http_server_process = multiprocessing.Process(
+      target=server.serve_forever, name='HTTPServer')
+    cls.http_server_process.start()
+    cls.http_server_netloc = '%s:%s' % (cls._ipv4_address, http_server_port)
+
+    # start a caucased and generate a valid client certificate.
+    cls.computer_partition_root_path = os.path.abspath(os.curdir)
+    cls.frontend_caucase_dir = tempfile.mkdtemp()
+    frontend_caucased_dir = os.path.join(cls.frontend_caucase_dir, 'caucased')
+    os.mkdir(frontend_caucased_dir)
+    frontend_user_dir = os.path.join(cls.frontend_caucase_dir, 'user')
+    os.mkdir(frontend_user_dir)
+    frontend_service_dir = os.path.join(cls.frontend_caucase_dir, 'service')
+    os.mkdir(frontend_service_dir)
+    frontend_caucased_netloc = '%s:%s' % (cls._ipv4_address, findFreeTCPPort(cls._ipv4_address))
+    cls.frontend_caucased_url = 'http://' + frontend_caucased_netloc
+
+    cls.user_certificate = frontend_user_key = os.path.join(frontend_user_dir, 'client.key.pem')
+    frontend_user_csr = os.path.join(frontend_user_dir, 'client.csr.pem')
+
+    key = rsa.generate_private_key(
+      public_exponent=65537,
+      key_size=2048,
+      backend=default_backend()
+    )
+    with open(frontend_user_key, 'wb') as f:
+      f.write(key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.TraditionalOpenSSL,
+        encryption_algorithm=serialization.NoEncryption(),
+      ))
+
+    csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
+      x509.NameAttribute(NameOID.COMMON_NAME, u'user'),
+    ])).sign(key, hashes.SHA256(), default_backend())
+    with open(frontend_user_csr, 'wb') as f:
+      f.write(csr.public_bytes(serialization.Encoding.PEM))
+
+    cls.software_release_root_path = os.path.join(
+       cls.slap._software_root,
+       hashlib.md5(cls.getSoftwareURL()).hexdigest(),
+    )
+    caucased_path = os.path.join(cls.software_release_root_path, 'bin', 'caucased')
+    caucase_path = os.path.join(cls.software_release_root_path, 'bin', 'caucase')
+    cls.frontend_caucased_process = subprocess.Popen(
+      [
+        caucased_path,
+        '--db', os.path.join(frontend_caucased_dir, 'caucase.sqlite'),
+        '--server-key', os.path.join(frontend_caucased_dir, 'server.key.pem'),
+        '--netloc', frontend_caucased_netloc,
+        '--service-auto-approve-count', '1',
+      ],
+      stdout=subprocess.PIPE,
+      stderr=subprocess.STDOUT,
+    )
+    for _ in range(10):
+      try:
+        if requests.get(cls.frontend_caucased_url).status_code == 200:
+          break
+      except Exception:
+        pass
+      time.sleep(1)
+    else:
+      raise RuntimeError, 'caucased failed to start.'
+
+    cau_args = [
+      caucase_path,
+      '--ca-url', cls.frontend_caucased_url,
+      '--ca-crt', os.path.join(frontend_user_dir, 'service-ca-crt.pem'),
+      '--crl', os.path.join(frontend_user_dir, 'service.crl'),
+      '--user-ca-crt', os.path.join(frontend_user_dir, 'user-ca-crt.pem'),
+      '--user-crl', os.path.join(frontend_user_dir, 'user.crl'),
+    ]
+
+    cas_args = [
+      caucase_path,
+      '--ca-url', cls.frontend_caucased_url,
+      '--ca-crt', os.path.join(frontend_service_dir, 'service-ca-crt.pem'),
+      '--crl', os.path.join(frontend_service_dir, 'service.crl'),
+      '--user-ca-crt', os.path.join(frontend_service_dir, 'user-ca-crt.pem'),
+      '--user-crl', os.path.join(frontend_service_dir, 'user.crl'),
+    ]
+
+    caucase_process = subprocess.Popen(
+      cau_args + [
+        '--mode', 'user',
+        '--send-csr', frontend_user_csr,
+      ],
+      stdout=subprocess.PIPE,
+      stderr=subprocess.STDOUT,
+    )
+    result = caucase_process.communicate()
+    print result
+    csr_id = result[0].split()[0]
+
+    subprocess.check_call(
+      cau_args + [
+        '--mode', 'user',
+        '--get-crt', csr_id, frontend_user_key,
+      ],
+    )
+
+    cls.client_certificate = frontend_service_key = os.path.join(frontend_service_dir, 'crt.pem')
+    frontend_service_csr = os.path.join(frontend_service_dir, 'csr.pem')
+
+    key = rsa.generate_private_key(
+      public_exponent=65537,
+      key_size=2048,
+      backend=default_backend()
+    )
+    with open(frontend_service_key, 'wb') as f:
+      f.write(key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.TraditionalOpenSSL,
+        encryption_algorithm=serialization.NoEncryption(),
+      ))
+
+    csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
+      x509.NameAttribute(NameOID.COMMON_NAME, u'service'),
+    ])).sign(key, hashes.SHA256(), default_backend())
+    with open(frontend_service_csr, 'wb') as f:
+      f.write(csr.public_bytes(serialization.Encoding.PEM))
+
+    caucase_process = subprocess.Popen(
+      cas_args + [
+        '--send-csr', frontend_service_csr,
+      ],
+      stdout=subprocess.PIPE,
+      stderr=subprocess.STDOUT,
+    )
+    result = caucase_process.communicate()
+    csr_id = result[0].split()[0]
+
+    for _ in range(10):
+      if not subprocess.call(
+        cas_args + [
+          '--get-crt', csr_id, frontend_service_key,
+        ],
+      ) == 0:
+        break
+      else:
+        time.sleep(1)
+    else:
+      raise RuntimeError, 'getting service certificate failed.'
+
+    # start a caucased and server certificate.
+    cls.backend_caucase_dir = tempfile.mkdtemp()
+    backend_caucased_dir = os.path.join(cls.backend_caucase_dir, 'caucased')
+    os.mkdir(backend_caucased_dir)
+    backend_caucased_netloc = '%s:%s' % (cls._ipv4_address, findFreeTCPPort(cls._ipv4_address))
+    cls.backend_caucased_url = 'http://' + backend_caucased_netloc
+    cls.backend_caucased_process = subprocess.Popen(
+      [
+        caucased_path,
+        '--db', os.path.join(backend_caucased_dir, 'caucase.sqlite'),
+        '--server-key', os.path.join(backend_caucased_dir, 'server.key.pem'),
+        '--netloc', backend_caucased_netloc,
+        '--service-auto-approve-count', '1',
+      ],
+      stdout=subprocess.PIPE,
+      stderr=subprocess.STDOUT,
+    )
+    for _ in range(10):
+      try:
+        if requests.get(cls.backend_caucased_url).status_code == 200:
+          break
+      except Exception:
+        pass
+      time.sleep(1)
+    else:
+      raise RuntimeError, 'caucased failed to start.'
+
+    super(TestFrontendXForwardedFor, cls).setUpClass()
+
+  @classmethod
+  def getInstanceParameterDict(cls):
+    return {
+      '_': json.dumps({
+        'tcpv4-port': 3306,
+        'computer-memory-percent-threshold': 100,
+        # XXX what is this ? should probably not be needed here
+        'name': cls.__name__,
+        'monitor-passwd': 'secret',
+        'apachedex-configuration': '',
+        'apachedex-promise-threshold': 100,
+        'haproxy-server-check-path': '/',
+        'zope-family-dict': {
+          'default': ['dummy_http_server'],
+          'default-auth': ['dummy_http_server'],
+        },
+        'dummy_http_server': [[cls.http_server_netloc, 1, False]],
+        'backend-path-dict': {
+          'default': '/',
+          'default-auth': '/',
+        },
+        'ssl-authentication-dict': {
+          'default': False,
+          'default-auth': True,
+        },
+        'ssl': {
+          'caucase-url': cls.backend_caucased_url,
+          'frontend-caucase-url-list': [cls.frontend_caucased_url],
+        },
+      })
+    }
+
+  @classmethod
+  def _cleanup(cls, snapshot_name):
+    if cls.http_server_process:
+      cls.http_server_process.terminate()
+    if cls.frontend_caucased_process:
+      cls.frontend_caucased_process.terminate()
+    if cls.frontend_caucase_dir:
+      shutil.rmtree(cls.frontend_caucase_dir)
+    if cls.backend_caucased_process:
+      cls.backend_caucased_process.terminate()
+    if cls.backend_caucase_dir:
+      shutil.rmtree(cls.backend_caucase_dir)
+
+    super(TestFrontendXForwardedFor, cls)._cleanup(snapshot_name)
+
+  def test_x_forwarded_for_added_when_verified_connection(self):
+    for backend in ('default', 'default-auth'):
+      balancer_url = json.loads(self.computer_partition.getConnectionParameterDict()['_'])[backend]
+      result = requests.get(
+        balancer_url,
+        headers={'X-Forwarded-For': '1.2.3.4'},
+        cert=self.client_certificate,
+        verify=False,
+      ).json()
+      self.assertEqual(result['Incoming Headers'].get('x-forwarded-for').split(', ')[0], '1.2.3.4')
+
+  def test_x_forwarded_for_stripped_when_not_verified_connection(self):
+    balancer_url = json.loads(self.computer_partition.getConnectionParameterDict()['_'])['default']
+    result = requests.get(
+      balancer_url,
+      headers={'X-Forwarded-For': '1.2.3.4'},
+      verify=False,
+    ).json()
+    self.assertNotEqual(result['Incoming Headers'].get('x-forwarded-for').split(', ')[0], '1.2.3.4')
+    balancer_url = json.loads(self.computer_partition.getConnectionParameterDict()['_'])['default-auth']
+    with self.assertRaises(OpenSSL.SSL.Error):
+      requests.get(
+        balancer_url,
+        headers={'X-Forwarded-For': '1.2.3.4'},
+        verify=False,
+      )

software/gitlab/buildout.hash.cfg

@@ -62,7 +62,7 @@ md5sum = 2af7dcf63f74e5edc53a3ff11fa4989b
 
 [instance-gitlab-test.cfg.in]
 _update_hash_filename_ = instance-gitlab-test.cfg.in
-md5sum = a4ad76856db98e508af7e773d9ff78f9
+md5sum = 60714fb4e6c869c41bd5e9fada1b6e40
 
 [macrolib.cfg.in]
 _update_hash_filename_ = macrolib.cfg.in

software/gitlab/instance-gitlab-test.cfg.in

 [buildout]
 extends = 
-  {{ instance_gitlab_cfg }}
   {{ instance_gitlab_export_cfg }}
 
 parts +=

software/jupyter/software.cfg

@@ -101,7 +101,7 @@ numpy = 1.13.1
 
 # Required by:
 # tornado==4.4.2
-certifi = 2017.1.23
+certifi = 2020.6.20
 
 # Required by:
 # notebook==4.3.2

software/kvm/test/test.py

@@ -40,6 +40,7 @@ from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
 
 has_kvm = os.access('/dev/kvm', os.R_OK|os.W_OK)
 skipUnlessKvm = unittest.skipUnless(has_kvm, 'kvm not loaded or not allowed')
+skipIfPython3 = unittest.skipIf(six.PY3, 'rdiff-backup is not compatible with Python 3 yet')
 
 if has_kvm:
   setUpModule, InstanceTestCase = makeModuleSetUpAndTestCaseClass(
@@ -327,6 +328,7 @@ class TestAccessKvmClusterAdditional(MonitorAccessMixin, InstanceTestCase):
     )
     self.assertIn('<title>noVNC</title>', result.text)
 
+@skipIfPython3
 @skipUnlessKvm
 class TestAccessKvmClusterBootstrap(MonitorAccessMixin, InstanceTestCase):
   __partition_reference__ = 'akcb'
@@ -365,6 +367,7 @@ class TestAccessKvmClusterBootstrap(MonitorAccessMixin, InstanceTestCase):
     )
     self.assertIn('<title>noVNC</title>', result.text)
 
+@skipIfPython3
 @skipUnlessKvm
 class TestInstanceResilient(InstanceTestCase):
   __partition_reference__ = 'ir'
@@ -392,6 +395,7 @@ class TestInstanceResilient(InstanceTestCase):
         'takeover-kvm-1-url',
         'url']))
 
+@skipIfPython3
 @skipUnlessKvm
 class TestAccessResilientAdditional(InstanceTestCase):
   __partition_reference__ = 'ara'

software/neoppod/buildout.hash.cfg

@@ -14,7 +14,7 @@
 # not need these here).
 [instance-common]
 filename = instance-common.cfg.in
-md5sum = 80599fcc6e5d07270d7900aebfd62139
+md5sum = 6da513940e5bf7d06b3fb0aeb39c8ad5
 
 [root-common]
 filename = root-common.cfg.in
@@ -30,7 +30,7 @@ md5sum = 9f27195d770b2f57461c60a82c851ab9
 
 [instance-neo]
 filename = instance-neo.cfg.in
-md5sum = 7642c760a2c5af3e3e81c2c54486d1a8
+md5sum = 74e0361f3ec3424c905acc4cd55fd8bf
 
 [template-neo-my-cnf]
 filename = my.cnf.in
@@ -46,4 +46,4 @@ md5sum = 5afd326de385563b5aeac81039f23341
 
 [runTestSuite.in]
 _update_hash_filename_ = runTestSuite.in
-md5sum = 7a0d5d259eb7f90fc0421d1264fbe7b5
+md5sum = 4e7f5b5230800a65c71310a518225119

software/neoppod/instance-common.cfg.in

@@ -47,3 +47,6 @@ extra-context =
     raw template_mysqld_wrapper {{ template_mysqld_wrapper }}
     raw template_neo_my_cnf {{ template_neo_my_cnf }}
 {%- endif %}
+{%- if pypy_location is defined %}
+    raw pypy_location {{ pypy_location }}
+{%- endif %}

software/neoppod/instance-neo.cfg.in

@@ -184,6 +184,9 @@ context =
     section my_cnf_parameters my-cnf-parameters
     raw     bin_directory     {{ bin_directory }}
     raw     prepend_path      {{ mariadb_location }}/bin
+{%- if pypy_location is defined %}
+    raw     pypy_location     {{ pypy_location }}/bin/pypy
+{%- endif %}
 {%- if private_tmpfs %}
     key     datadir           my-cnf-parameters:data-directory
     key     results_directory directory:results

software/neoppod/runTestSuite.in

@@ -115,10 +115,19 @@ def main():
       shutil.rmtree(temp)
     os.mkdir(temp)
 
-    args = [RUN_NEO_TESTS_COMMAND, '-ufz']
+    args = [RUN_NEO_TESTS_COMMAND,
+{%- if pypy_location is defined -%}
+            '-fz'
+{%- else -%}
+            '-ufz'
+{%- endif -%}
+            ]
     command = ' '.join(args)
     env = {'PATH': PATH,
            'TEMP': temp,
+{%- if pypy_location is defined %}
+           'NEO_PYPY': {{ repr(pypy_location) }},
+{%- endif %}
            'NEO_TESTS_ADAPTER': adapter,
            'NEO_TEST_ZODB_FUNCTIONAL': '1',
            'NEO_DB_USER': 'root'}

software/neoppod/software-common.cfg

@@ -144,8 +144,6 @@ ZODB = 4.4.5
 coverage = 4.5.1
 mock = 3.0.5
 ecdsa = 0.13
-msgpack = 0.5.6
-msgpack-python = 0.5.6
 mysqlclient = 1.3.12
 persistent = 4.5.0
 pycrypto = 2.6.1

software/neoppod/software-pypy.cfg

+[buildout]
+extends =
+    ../../component/pypy/buildout.cfg
+    software.cfg
+
+[instance-common]
+context +=
+    key pypy_location pypy2:location

software/neoppod/software-zodb5.cfg

@@ -10,6 +10,9 @@ ZODB = 5.6.0
 ZEO = 5.2.0
 transaction = 2.4.0
 
+# BBB: ZEO
+msgpack = 0.5.6
+
 # Required by:
 # ZEO==5.2.0
 # trollius==2.2.post1

software/plantuml/software.cfg

@@ -27,8 +27,9 @@ output = ${buildout:directory}/${:_buildout_section_name_}
 
 [plantuml.war]
 recipe = slapos.recipe.build:download
-url = https://downloads.sourceforge.net/project/plantuml/1.2018.13/plantuml.1.2018.13.war
-md5sum = cda05c8163237de039d777c197b3d282
+url = https://sourceforge.net/projects/plantuml/files/1.2020.15/plantuml.1.2020.15.war
+md5sum = ed203cb3b90df8f77492fa36ea6490a5
+
 
 [versions]
 slapos.recipe.template = 4.4

software/plantuml/test/test.py

@@ -87,6 +87,27 @@ class TestSimpleDiagram(PlantUMLTestCase, ImageComparisonTestCase):
     reference = Image.open(os.path.join(os.path.dirname(__file__), "data", "test_class_diagram.png"))
     self.assertImagesSimilar(Image.open(BytesIO(png)), reference)
 
+  def test_timing_diagram(self):
+    png = self.plantuml.processes(textwrap.dedent("""\
+    @startuml
+    robust "Web Browser" as WB
+    concise "Web User" as WU
+
+    @0
+    WU is Idle
+    WB is Idle
+
+    @100
+    WU is Waiting
+    WB is Processing
+
+    @300
+    WB is Waiting
+    @enduml
+    """))
+    reference = Image.open(os.path.join(os.path.dirname(__file__), "data", "test_timing_diagram.png"))
+    self.assertImagesSimilar(Image.open(BytesIO(png)), reference)
+
   def test_fonts(self):
     """Test slapos provided fonts are used"""
     png = self.plantuml.processes(textwrap.dedent("""\

software/powerdns/buildout.hash.cfg

@@ -14,24 +14,24 @@
 # not need these here).
 [template]
 filename = instance.cfg
-md5sum = da8be58db4255c07750f7a7583eab3ca
+md5sum = fddea033e1aa9d6147a1a47bd7cc4b62
 
 [template-powerdns]
 filename = instance-powerdns.cfg
-md5sum = 681cd9564e491d1f7b7ccb810f8ca7df
+md5sum = 2adb91323d60fc350f52910a3257d4a7
 
 [template-pdns-configuration]
 _update_hash_filename_ = template/pdns.conf.jinja2
-md5sum = 7934b7037344678eff3031e1e73e0bb2
+md5sum = e45d72de87b4adb89c195ba463be4077
 
 [template-dns-replicate]
 _update_hash_filename_ = instance-powerdns-replicate.cfg.jinja2
-md5sum = 46acd4ed071df8d7139dcd0434be42eb
+md5sum = a23e241a236f90ae1afbb5bd5ba0b32d
 
 [iso-list]
 _update_hash_filename_ = template/zz.countries.nexedi.dk.rbldnsd
 md5sum = c4dc8c141d81b92d92cdb82ca67a13ee
 
-[template-cdn-conf]
-_update_hash_filename_ = template/cdn.conf.in
-md5sum = 29c29f93b3b0bd2f71f86f7b337e4543
+[template-zones-file]
+_update_hash_filename_ = template/zones-file.yml.jinja2
+md5sum = c820a4f53c3e7706f51a5e0be3a8cf74

software/powerdns/instance-powerdns-replicate.cfg.jinja2

@@ -60,7 +60,7 @@ context =
 <= replicate
 name = {{dns_name}}
 {%   set state_key = "-dns-%s-state" % i %}
-{%   if slapparameter_dict.has_key(state_key) %}
+{%   if state_key in slapparameter_dict %}
 state = {{ slapparameter_dict.pop(state_key) }}
 {%   endif%}
 config-zone = {{ zone }}
@@ -95,7 +95,7 @@ monitor-url-list +=
 <= slap-connection
 recipe = slapos.cookbook:requestoptional
 {% set dns_software_url_key = "-dns-software-release-url" %}
-{% if slapparameter_dict.has_key(dns_software_url_key) %}
+{% if dns_software_url_key in slapparameter_dict %}
 software-url = {{ slapparameter_dict.pop(dns_software_url_key) }}
 {% else %}
 software-url = ${slap-connection:software-release-url}
@@ -104,7 +104,7 @@ software-type = {{dns_type}}
 return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url
 config-server-admin = {{ server_admin }}
 config-ns-record = {{ ns_record }}
-{% for parameter, value in slapparameter_dict.iteritems() -%}
+{% for parameter, value in slapparameter_dict.items() -%}
 config-{{parameter}} = {{ value }}
 {% endfor -%}
 config-{{ slave_list_name }} = {{ json_module.dumps(slave_instance_list) }}
@@ -151,7 +151,7 @@ key_file = ${slap-connection:key-file}
 cert_file = ${slap-connection:cert-file}
 
 [slap-parameter]
-slave_instance_list =
--dns-quantity = 1
--dns-type = single-default
+{% for k, v in slapparameter_dict.items() -%}
+{{ k }} = {{ v }}
+{% endfor -%}
 {%- endif %}

software/powerdns/instance-powerdns.cfg

 {% if slap_software_type in software_type -%}
-{% set part_list =  [] %}
 
 # Create all needed directories
 [directory]
@@ -63,13 +62,12 @@ socket-directory = $${pdns-directory:socket}
 webserver-port = 8088
 
 [geo]
-ip-map-zonefile = ${iso-list:target}
-geo-maps = $${pdns-directory:geo-maps}
+zones-file = $${zones-file-template:rendered}
+database = ${geolite2-country:location}/GeoLite2-Country.mmdb
 
 [pdns-directory]
 recipe = slapos.cookbook:mkdirectory
 configuration = $${directory:etc}/pdns
-geo-maps = $${:configuration}/geo-maps
 socket = $${directory:run}/pdns-socket
 
 [pdns-configuration-template]
@@ -80,6 +78,39 @@ extra-context =
   section pdns pdns
   section geo geo
 
+[asia]
+japan = jp
+hong-kong = hk
+china-telecom = cn-t
+china-unicom = cn-u
+china-mobile = cn-m
+west-asia = ae af am az bh cc cy ge il iq ir jo kg kw kz lb om pk qa ru sa sy tj tm tr uz ye
+east-asia = bn bt cx id in io kh kp kr la lk mm mn mo mv my np ph sg th to tw vn
+
+[china]
+recipe = slapos.recipe.build
+iso-list = ${iso-list:target}
+init =
+  import re
+  ip_split = []
+  match = re.compile(r"(.*) :.*:(cn-\w)\n").fullmatch
+  with open(options["iso-list"]) as f:
+    for line in f:
+      m = match(line)
+      if m is None:
+        continue
+      ip_split.append(m.groups())
+  options["ip-split"] = ip_split
+
+[zones-file-template]
+< = jinja2-template-base
+template = ${template-zones-file:target}
+extensions = jinja2.ext.do
+rendered = $${pdns-directory:configuration}/zones-file.yml
+extra-context =
+  section asia asia
+  key china china:ip-split
+
 # Executables
 [pdns-server]
 recipe = slapos.cookbook:wrapper
@@ -117,29 +148,6 @@ monitor-url = $${monitor-publish-parameters:monitor-url}
 monitor-user = $${monitor-publish-parameters:monitor-user}
 monitor-password = $${monitor-publish-parameters:monitor-password}
 
-#####################
-# Power DNS Slave configuration
-#
-{% set slave_instance_list = json_module.loads(slapparameter_dict.get('extra_slave_instance_list', '[]')) %}
-
-# Iter through slave list to prepare configuration
-{% for slave in slave_instance_list %}
-{%   if 'record' in slave and 'origin' in slave and 'default' in slave %}
-{%     set slave_reference = slave.get('slave_reference') %}
-{%     set slave_section_name = 'map-configuration-%s' % slave_reference  %}
-{%     do part_list.append(slave_section_name) %}
-[{{ slave_section_name }}]
-< = jinja2-template-base
-template = ${template-cdn-conf:target}
-rendered = $${geo:geo-maps}/{{ slave_reference }}
-configuration = {{ json_module.dumps(slave) }}
-extra-context =
-  key json_cdn :configuration
-{%   endif %}
-{% endfor %}
-
-####################
-
 [buildout]
 parts =
   pdns-configuration-template
@@ -149,9 +157,6 @@ parts =
   pdns-promise-listen-port
   monitor-base
   publish-connection-informations
-{% for part in part_list %}
-{{ '  %s' % part }}
-{% endfor %}
 
 extends = ${monitor-template:output}
 

software/powerdns/instance.cfg

@@ -8,10 +8,12 @@ offline = true
 
 
 [switch-softwaretype]
-recipe = slapos.cookbook:softwaretype
-default = $${dynamic-powerdns-replicate:rendered}
-single-default = $${dynamic-template-powerdns:rendered}
+recipe = slapos.cookbook:switch-softwaretype
+default = dynamic-powerdns-replicate:rendered
+single-default = dynamic-template-powerdns:rendered
 
+# BBB
+RootSoftwareInstance = $${:default}
 
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
@@ -21,9 +23,9 @@ context =
     import json_module json
     key eggs_directory buildout:eggs-directory
     key develop_eggs_directory buildout:develop-eggs-directory
-    key slap_software_type slap-parameters:slap-software-type
-    key slapparameter_dict slap-parameters:configuration
-    key slave_instance_list slap-parameters:slave-instance-list
+    key slap_software_type slap-configuration:slap-software-type
+    key slapparameter_dict slap-configuration:configuration
+    key slave_instance_list slap-configuration:slave-instance-list
     $${:extra-context}
 
 [dynamic-template-powerdns]
@@ -38,14 +40,14 @@ extra-context =
 [dynamic-powerdns-replicate]
 < = jinja2-template-base
 template = ${template-dns-replicate:target}
-filename = instance-apache-replicate.cfg
+filename = instance-powerdns-replicate.cfg
 extensions = jinja2.ext.do
 extra-context =
 # Must match the key id in [switch-softwaretype] which uses this section.
     raw software_type RootSoftwareInstance-default
     raw template_monitor ${monitor2-template:rendered}
 
-[slap-parameters]
+[slap-configuration]
 recipe = slapos.cookbook:slapconfiguration
 computer = $${slap-connection:computer-id}
 partition = $${slap-connection:partition-id}

software/powerdns/slave-instance-powerdns-input-schema.json

@@ -10,12 +10,12 @@
     },
     "origin": {
       "title": "Origin",
-      "description": "Used to qualify RR in the configuration. i.e.: if your origin is a.example.com and the RR for Europe is 'eu' the european clients will use eu.a.exmple.com",
+      "description": "Used to qualify RR in the configuration. i.e.: if your origin is a.example.com and the RR for Europe is 'eu' the european clients will use eu.a.example.com",
       "type": "string"
     },
     "default": {
       "title": "Default RR",
-      "description": "Defautl record to use when the ip is not regognized",
+      "description": "Default record to use when the ip is not recognized",
       "type": "string"
     },
     "europe": {

software/powerdns/software.cfg

@@ -10,10 +10,8 @@ parts =
   slapos-cookbook
   eggs
 
-[gcc]
-# For old version of PowerDNS and Ragel.
-part = gcc-5.5
-max_version = 6
+[python]
+part = python3
 
 [eggs]
 recipe = zc.recipe.egg
@@ -47,7 +45,7 @@ recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/${:_update_hash_filename_}
 mode = 0644
 
-[template-cdn-conf]
+[template-zones-file]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/${:_update_hash_filename_}
 mode = 0644

software/powerdns/template/cdn.conf.in

-{% set cdn = json_module.loads(json_cdn) %}
-
-$RECORD {{ cdn.get('record') }}
-$ORIGIN {{ cdn.get('origin') }}
-
-0 {{ cdn.get('default')}}
-
-# Andorra
-20 {{ cdn.get('europe', 'eu') }}
-# United Arab Emirates
-784 {{ cdn.get('west-asia', 'as') }}
-# Afghanistan
-4 {{ cdn.get('west-asia', 'as') }}
-# Antigua and Barbuda
-28 {{ cdn.get('south-america', 'sa') }}
-# Anguilla
-660 {{ cdn.get('south-america', 'sa') }}
-# Albania
-8 {{ cdn.get('europe', 'eu') }}
-# Armenia
-51 {{ cdn.get('west-asia', 'as') }}
-# Netherlands Antilles
-530 {{ cdn.get('south-america', 'sa') }}
-# Angola
-24 {{ cdn.get('africa', 'af') }}
-# Antarctica
-10 {{ cdn.get('europe', 'eu') }}
-# Argentina
-32 {{ cdn.get('south-america', 'sa') }}
-# American Samoa
-16 {{ cdn.get('oceania', 'oc') }}
-# Austria
-40 {{ cdn.get('europe', 'eu') }}
-# Australia
-36 {{ cdn.get('oceania', 'oc') }}
-# Aruba
-533 {{ cdn.get('south-america', 'sa') }}
-# Azerbaijan
-31 {{ cdn.get('west-asia', 'as') }}
-# Bosnia and Herzegovina
-70 {{ cdn.get('europe', 'eu') }}
-# Barbados
-52 {{ cdn.get('south-america', 'sa') }}
-# Bangladesh
-50 {{ cdn.get('east-asia', 'as') }}
-# Belgium
-56 {{ cdn.get('europe', 'eu') }}
-# Burkina Faso
-854 {{ cdn.get('africa', 'af') }}
-# Bulgaria
-100 {{ cdn.get('europe', 'eu') }}
-# Bahrain
-48 {{ cdn.get('west-asia', 'as') }}
-# Burundi
-108 {{ cdn.get('africa', 'af') }}
-# Benin
-204 {{ cdn.get('africa', 'af') }}
-# Bermuda
-60 {{ cdn.get('south-america', 'sa') }}
-# Brunei Darussalam
-96 {{ cdn.get('east-asia', 'as') }}
-# Bolivia
-68 {{ cdn.get('south-america', 'sa') }}
-# Brazil
-76 {{ cdn.get('south-america', 'sa') }}
-# Bahamas
-44 {{ cdn.get('south-america', 'sa') }}
-# Bhutan
-64 {{ cdn.get('east-asia', 'as') }}
-# Bouvet Island
-74 {{ cdn.get('africa', 'af') }}
-# Botswana
-72 {{ cdn.get('africa', 'af') }}
-# Belarus
-112 {{ cdn.get('europe', 'eu') }}
-# Belize
-84 {{ cdn.get('south-america', 'sa') }}
-# Canada
-124 {{ cdn.get('north-america', 'na') }}
-# Cocos (Keeling) Islands
-166 {{ cdn.get('west-asia', 'as') }}
-# Congo, The Democratic Republic of the
-178 {{ cdn.get('africa', 'af') }}
-# Central African Republic
-140 {{ cdn.get('africa', 'af') }}
-# Switzerland
-756 {{ cdn.get('europe', 'eu') }}
-# Cote D'Ivoire
-384 {{ cdn.get('africa', 'af') }}
-# Cook Islands
-184 {{ cdn.get('oceania', 'oc') }}
-# Chile
-152 {{ cdn.get('south-america', 'sa') }}
-# Cameroon
-120 {{ cdn.get('africa', 'af') }}
-# China telecom
-155 {{ cdn.get('china-telecom', 'cn-t') }}
-#china unicom
-156 {{ cdn.get('china-unicom', 'cn-u') }}
-#china mobile
-157 {{ cdn.get('china-mobile', 'cn-m') }}
-# Colombia
-170 {{ cdn.get('south-america', 'sa') }}
-# Costa Rica
-188 {{ cdn.get('south-america', 'sa') }}
-# Cuba
-192 {{ cdn.get('south-america', 'sa') }}
-# Cape Verde
-132 {{ cdn.get('africa', 'af') }}
-# Christmas Island
-162 {{ cdn.get('east-asia', 'as') }}
-# Cyprus
-196 {{ cdn.get('west-asia', 'as') }}
-# Czech Republic
-203 {{ cdn.get('europe', 'eu') }}
-# Germany
-276 {{ cdn.get('europe', 'eu') }}
-# Djibouti
-262 {{ cdn.get('africa', 'af') }}
-# Denmark
-208 {{ cdn.get('europe', 'eu') }}
-# Dominica
-212 {{ cdn.get('south-america', 'sa') }}
-# Dominican Republic
-214 {{ cdn.get('south-america', 'sa') }}
-# Algeria
-12 {{ cdn.get('africa', 'af') }}
-# Ecuador
-218 {{ cdn.get('south-america', 'sa') }}
-# Estonia
-233 {{ cdn.get('europe', 'eu') }}
-# Egypt
-818 {{ cdn.get('africa', 'af') }}
-# Western Sahara
-732 {{ cdn.get('africa', 'af') }}
-# Eritrea
-232 {{ cdn.get('africa', 'af') }}
-# Spain
-724 {{ cdn.get('europe', 'eu') }}
-# Ethiopia
-210 {{ cdn.get('africa', 'af') }}
-# Finland
-246 {{ cdn.get('europe', 'eu') }}
-# Fiji
-242 {{ cdn.get('oceania', 'oc') }}
-# Falkland Islands (Malvinas)
-238 {{ cdn.get('south-america', 'sa') }}
-# Micronesia, Federated States of
-583 {{ cdn.get('oceania', 'oc') }}
-# Faroe Islands
-234 {{ cdn.get('europe', 'eu') }}
-# France
-250 {{ cdn.get('europe', 'eu') }}
-# France, Metropolitan
-249 {{ cdn.get('europe', 'eu') }}
-# Gabon
-266 {{ cdn.get('africa', 'af') }}
-# United Kingdom
-826 {{ cdn.get('europe', 'eu') }}
-# Grenada
-308 {{ cdn.get('south-america', 'sa') }}
-# Georgia
-268 {{ cdn.get('west-asia', 'as') }}
-# French Guiana
-254 {{ cdn.get('south-america', 'sa') }}
-# Ghana
-288 {{ cdn.get('africa', 'af') }}
-# Gibraltar
-292 {{ cdn.get('europe', 'eu') }}
-# Greenland
-304 {{ cdn.get('south-america', 'sa') }}
-# Gambia
-270 {{ cdn.get('africa', 'af') }}
-# Guinea
-324 {{ cdn.get('africa', 'af') }}
-# Guadeloupe
-312 {{ cdn.get('south-america', 'sa') }}
-# Equatorial Guinea
-226 {{ cdn.get('africa', 'af') }}
-# Greece
-300 {{ cdn.get('europe', 'eu') }}
-# Guatemala
-320 {{ cdn.get('south-america', 'sa') }}
-# Guam
-316 {{ cdn.get('oceania', 'oc') }}
-# Guinea-Bissau
-624 {{ cdn.get('africa', 'af') }}
-# Guyana
-328 {{ cdn.get('south-america', 'sa') }}
-# Hong Kong
-344 {{ cdn.get('hong-kong', 'hk') }}
-# Heard Island and McDonald Islands
-334 {{ cdn.get('africa', 'af') }}
-# Honduras
-340 {{ cdn.get('south-america', 'sa') }}
-# Croatia
-191 {{ cdn.get('europe', 'eu') }}
-# Haiti
-332 {{ cdn.get('south-america', 'sa') }}
-# Hungary
-348 {{ cdn.get('europe', 'eu') }}
-# Indonesia
-360 {{ cdn.get('east-asia', 'as') }}
-# Ireland
-372 {{ cdn.get('europe', 'eu') }}
-# Israel
-376 {{ cdn.get('west-asia', 'as') }}
-# India
-356 {{ cdn.get('east-asia', 'as') }}
-# British Indian Ocean Territory
-86 {{ cdn.get('east-asia', 'as') }}
-# Iraq
-368 {{ cdn.get('west-asia', 'as') }}
-# Iran, Islamic Republic of
-364 {{ cdn.get('west-asia', 'as') }}
-# Iceland
-352 {{ cdn.get('europe', 'eu') }}
-# Italy
-380 {{ cdn.get('europe', 'eu') }}
-# Jamaica
-388 {{ cdn.get('south-america', 'sa') }}
-# Jordan
-400 {{ cdn.get('west-asia', 'as') }}
-# Japan
-392 {{ cdn.get('japan', 'jp') }}
-# Kenya
-404 {{ cdn.get('africa', 'af') }}
-# Kyrgyzstan
-417 {{ cdn.get('west-asia', 'as') }}
-# Cambodia
-116 {{ cdn.get('east-asia', 'as') }}
-# Kiribati
-296 {{ cdn.get('oceania', 'oc') }}
-# Comoros
-174 {{ cdn.get('africa', 'af') }}
-# Saint Kitts and Nevis
-659 {{ cdn.get('south-america', 'sa') }}
-# Korea, Democratic People's Republic of
-408 {{ cdn.get('east-asia', 'as') }}
-# Korea, Republic of
-410 {{ cdn.get('east-asia', 'as') }}
-# Kuwait
-414 {{ cdn.get('west-asia', 'as') }}
-# Cayman Islands
-136 {{ cdn.get('south-america', 'sa') }}
-# Kazakhstan
-398 {{ cdn.get('west-asia', 'as') }}
-# Lao People's Democratic Republic
-418 {{ cdn.get('east-asia', 'as') }}
-# Lebanon
-422 {{ cdn.get('west-asia', 'as') }}
-# Saint Lucia
-662 {{ cdn.get('south-america', 'sa') }}
-# Liechtenstein
-438 {{ cdn.get('europe', 'eu') }}
-# Sri Lanka
-144 {{ cdn.get('east-asia', 'as') }}
-# Liberia
-430 {{ cdn.get('africa', 'af') }}
-# Lesotho
-426 {{ cdn.get('africa', 'af') }}
-# Lithuania
-440 {{ cdn.get('europe', 'eu') }}
-# Luxembourg
-442 {{ cdn.get('europe', 'eu') }}
-# Latvia
-428 {{ cdn.get('europe', 'eu') }}
-# Libyan Arab Jamahiriya
-434 {{ cdn.get('africa', 'af') }}
-# Morocco
-504 {{ cdn.get('africa', 'af') }}
-# Monaco
-492 {{ cdn.get('europe', 'eu') }}
-# Moldova, Republic of
-498 {{ cdn.get('europe', 'eu') }}
-# Madagascar
-450 {{ cdn.get('africa', 'af') }}
-# Marshall Islands
-584 {{ cdn.get('oceania', 'oc') }}
-# Macedonia, the Former Yugoslav Republic of
-807 {{ cdn.get('europe', 'eu') }}
-# Mali
-466 {{ cdn.get('africa', 'af') }}
-# Myanmar
-104 {{ cdn.get('east-asia', 'as') }}
-# Mongolia
-496 {{ cdn.get('east-asia', 'as') }}
-# Macao
-446 {{ cdn.get('east-asia', 'as') }}
-# Northern Mariana Islands
-580 {{ cdn.get('oceania', 'oc') }}
-# Martinique
-474 {{ cdn.get('south-america', 'sa') }}
-# Mauritania
-478 {{ cdn.get('africa', 'af') }}
-# Montserrat
-500 {{ cdn.get('south-america', 'sa') }}
-# Malta
-470 {{ cdn.get('europe', 'eu') }}
-# Mauritius
-480 {{ cdn.get('africa', 'af') }}
-# Maldives
-462 {{ cdn.get('east-asia', 'as') }}
-# Malawi
-454 {{ cdn.get('africa', 'af') }}
-# Mexico
-484 {{ cdn.get('north-america', 'na') }}
-# Malaysia
-458 {{ cdn.get('east-asia', 'as') }}
-# Mozambique
-508 {{ cdn.get('africa', 'af') }}
-# Namibia
-516 {{ cdn.get('africa', 'af') }}
-# New Caledonia
-540 {{ cdn.get('oceania', 'oc') }}
-# Niger
-562 {{ cdn.get('africa', 'af') }}
-# Norfolk Island
-574 {{ cdn.get('oceania', 'oc') }}
-# Nigeria
-566 {{ cdn.get('africa', 'af') }}
-# Nicaragua
-558 {{ cdn.get('south-america', 'sa') }}
-# Netherlands
-528 {{ cdn.get('europe', 'eu') }}
-# Norway
-578 {{ cdn.get('europe', 'eu') }}
-# Nepal
-524 {{ cdn.get('east-asia', 'as') }}
-# Nauru
-520 {{ cdn.get('oceania', 'oc') }}
-# Niue
-570 {{ cdn.get('oceania', 'oc') }}
-# New Zealand
-554 {{ cdn.get('oceania', 'oc') }}
-# Oman
-512 {{ cdn.get('west-asia', 'as') }}
-# Panama
-591 {{ cdn.get('south-america', 'sa') }}
-# Peru
-604 {{ cdn.get('south-america', 'sa') }}
-# French Polynesia
-258 {{ cdn.get('oceania', 'oc') }}
-# Papua New Guinea
-598 {{ cdn.get('oceania', 'oc') }}
-# Philippines
-608 {{ cdn.get('east-asia', 'as') }}
-# Pakistan
-586 {{ cdn.get('west-asia', 'as') }}
-# Poland
-616 {{ cdn.get('europe', 'eu') }}
-# Saint Pierre and Miquelon
-666 {{ cdn.get('south-america', 'sa') }}
-# Pitcairn
-612 {{ cdn.get('oceania', 'oc') }}
-# Puerto Rico
-630 {{ cdn.get('south-america', 'sa') }}
-# Portugal
-620 {{ cdn.get('europe', 'eu') }}
-# Palau
-585 {{ cdn.get('oceania', 'oc') }}
-# Paraguay
-600 {{ cdn.get('south-america', 'sa') }}
-# Qatar
-634 {{ cdn.get('west-asia', 'as') }}
-# Reunion
-638 {{ cdn.get('africa', 'af') }}
-# Romania
-642 {{ cdn.get('europe', 'eu') }}
-# Russian Federation
-643 {{ cdn.get('west-asia', 'as') }}
-# Rwanda
-646 {{ cdn.get('africa', 'af') }}
-# Saudi Arabia
-682 {{ cdn.get('west-asia', 'as') }}
-# Solomon Islands
-90 {{ cdn.get('oceania', 'oc') }}
-# Seychelles
-690 {{ cdn.get('africa', 'af') }}
-# Sudan
-736 {{ cdn.get('africa', 'af') }}
-# Sweden
-752 {{ cdn.get('europe', 'eu') }}
-# Singapore
-702 {{ cdn.get('east-asia', 'as') }}
-# Saint Helena
-654 {{ cdn.get('africa', 'af') }}
-# Slovenia
-705 {{ cdn.get('europe', 'eu') }}
-# Svalbard and Jan Mayen
-744 {{ cdn.get('europe', 'eu') }}
-# Slovakia
-703 {{ cdn.get('europe', 'eu') }}
-# Sierra Leone
-694 {{ cdn.get('africa', 'af') }}
-# San Marino
-674 {{ cdn.get('europe', 'eu') }}
-# Senegal
-686 {{ cdn.get('africa', 'af') }}
-# Somalia
-706 {{ cdn.get('africa', 'af') }}
-# Suriname
-740 {{ cdn.get('south-america', 'sa') }}
-# Sao Tome and Principe
-678 {{ cdn.get('africa', 'af') }}
-# El Salvador
-222 {{ cdn.get('south-america', 'sa') }}
-# Syrian Arab Republic
-760 {{ cdn.get('west-asia', 'as') }}
-# Swaziland
-748 {{ cdn.get('africa', 'af') }}
-# Turks and Caicos Islands
-796 {{ cdn.get('south-america', 'sa') }}
-# Chad
-148 {{ cdn.get('africa', 'af') }}
-# French Southern Territories
-260 {{ cdn.get('africa', 'af') }}
-# Togo
-768 {{ cdn.get('africa', 'af') }}
-# Thailand
-764 {{ cdn.get('east-asia', 'as') }}
-# Tajikistan
-762 {{ cdn.get('west-asia', 'as') }}
-# Tokelau
-772 {{ cdn.get('oceania', 'oc') }}
-# Turkmenistan
-795 {{ cdn.get('west-asia', 'as') }}
-# Tonga
-788 {{ cdn.get('oceania', 'oc') }}
-# East Timor
-776 {{ cdn.get('east-asia', 'as') }}
-# Turkey
-792 {{ cdn.get('west-asia', 'as') }}
-# Trinidad and Tobago
-780 {{ cdn.get('south-america', 'sa') }}
-# Tuvalu
-798 {{ cdn.get('oceania', 'oc') }}
-# Taiwan
-158 {{ cdn.get('east-asia', 'as') }}
-# Tanzania, United Republic of
-834 {{ cdn.get('africa', 'af') }}
-# Ukraine
-804 {{ cdn.get('europe', 'eu') }}
-# Uganda
-800 {{ cdn.get('africa', 'af') }}
-# United States Minor Outlying Islands
-581 {{ cdn.get('oceania', 'oc') }}
-# United States
-840 {{ cdn.get('north-america', 'na') }}
-# Uruguay
-858 {{ cdn.get('south-america', 'sa') }}
-# Uzbekistan
-860 {{ cdn.get('west-asia', 'as') }}
-# Holy See (Vatican City State)
-336 {{ cdn.get('europe', 'eu') }}
-# Saint Vincent and the Grenadines
-670 {{ cdn.get('south-america', 'sa') }}
-# Venezuela
-862 {{ cdn.get('south-america', 'sa') }}
-# Virgin Islands, British
-92 {{ cdn.get('south-america', 'sa') }}
-# Virgin Islands, U.S.
-850 {{ cdn.get('south-america', 'sa') }}
-# Vietnam
-704 {{ cdn.get('east-asia', 'as') }}
-# Vanuatu
-548 {{ cdn.get('oceania', 'oc') }}
-# Wallis and Futuna
-876 {{ cdn.get('oceania', 'oc') }}
-# Samoa
-882 {{ cdn.get('oceania', 'oc') }}
-# Yemen
-887 {{ cdn.get('west-asia', 'as') }}
-# Mayotte
-175 {{ cdn.get('africa', 'af') }}
-# Yugoslavia
-891 {{ cdn.get('europe', 'eu') }}
-# South Africa
-710 {{ cdn.get('africa', 'af') }}
-# Zambia
-894 {{ cdn.get('africa', 'af') }}
-# Zaire
-180 {{ cdn.get('africa', 'af') }}
-# Zimbabwe
-716 {{ cdn.get('africa', 'af') }}

software/powerdns/template/pdns.conf.jinja2

@@ -31,7 +31,8 @@ cache-ttl=0
 # things are working. :)
 log-dns-details=yes
 log-dns-queries=yes
-log-failed-updates=yes
+# https://github.com/PowerDNS/pdns/commit/df9d980
+# log-failed-updates=yes
 loglevel=4
 
 # This disables wildcards which is more efficient.  geobackend doesn't use
@@ -40,52 +41,11 @@ loglevel=4
 # wildcards=no
 
 # The geobackend
-launch=geo
+launch=geoip
 
-# The zone that your geo-balanced RR is inside of.  The whole zone has to be
-# delegated to the PowerDNS backend, so you will generally want to make up some
-# subzone of your main zone.  We chose "geo.blitzed.org".
-#
-geo-zone={{ slapparameter_dict.get('zone', 'example.com') }}
-
-# The only parts of the SOA for "geo.blitzed.org" that apply here are the
-# master server name and the contact address.
-geo-soa-values={{ slapparameter_dict.get('soa', 'ns0.example.com,admin@example.com') }}
-
-# List of NS records of the PowerDNS servers that are authoritative for your
-# GLB zone.
-geo-ns-records={{ slapparameter_dict.get('ns-record', 'ns0.example.com,ns1.example.com') }}
-
-# The TTL of the CNAME records that geobackend will return.  Since the same
-# resolver will always get the same CNAME (apart from if the director-map
-# changes) it is safe to return a reasonable TTL, so if you leave this
-# commented then a sane default will be chosen.
-#geo-ttl=3600
-
-# The TTL of the NS records that will be returned.  Leave this commented if you
-# don't understand.
-#geo-ns-ttl=86400
-
-# This is the real guts of the data that drives this backend.  This is a DNS
-# zone file for RBLDNSD, a nameserver specialised for running large DNS zones
-# typical of DNSBLs and such.  We choose it for our data because it is easier
-# to parse than the BIND-format one.
-#
-# Anyway, it comes from http://countries.nerd.dk/more.html - there are details
-# there for how to rsync your own copy.  You'll want to do that regularly,
-# every couple of days maybe.  We believe the nerd.dk guys take the netblock
-# info from Regional Internet Registries (RIRs) like RIPE, ARIN, APNIC.  From
-# that they build a big zonefile of IP/prefixlen -> ISO-country-code mappings.
-geo-ip-map-zonefile={{  geo.get('ip-map-zonefile') }}
+edns-subnet-processing=yes
 
-# And finally this last directive tells the geobackend where to find the map
-# files that say a) which RR to answer for, and b) what actual resource record
-# to return for each ISO country code.  The setting here is a comma-separated
-# list of paths, each of which may either be a single map file or a directory
-# that will contain map files.  If you are only ever going to serve one RR then
-# a single file is probably better, but if you're going to serve many then a
-# directory would probably be better.  The rest of this documentation will
-# assume you chose a directory.
-geo-maps={{  geo.get('geo-maps') }}
+geoip-database-files={{ geo['database'] }}
+geoip-zones-file={{ geo['zones-file'] }}
 
 # -------------------------------------------------------------------------
\ No newline at end of file

software/powerdns/template/zones-file.yml.jinja2

+# See https://doc.powerdns.com/authoritative/backends/geoip.html
+
+{%- set slave_instance_list = json_module.loads(slapparameter_dict.get('extra_slave_instance_list', '[]')) %}
+{%- set zone = slapparameter_dict.get('zone', 'example.com') %}
+
+{%- macro disambiguate_domain_name(a, b) %}
+{#- See http://www.dns-sd.org/trailingdotsindomainnames.html #}
+{%- if a.endswith('.') %}
+{{- a[:-1] }}
+{%- else %}
+{{- a }}.{{ b }}
+{%- endif %}
+{%- endmacro %}
+
+domains:
+- domain: {{ zone }}
+  # TODO: what value for ttl?
+  ttl: 300
+
+  # Note: For each domain, one record of the domain name MUST exist with a soa record.
+  records:
+    {{ zone }}:
+      - soa: {{ slapparameter_dict.get('soa', 'ns0.example.com,admin@example.com').replace(',', ' ') }}
+      {%- for ns in slapparameter_dict.get('ns-record', 'ns0.example.com,ns1.example.com').split(',') %}
+      - ns: {{ ns }}
+      {%- endfor %}
+
+    {#- Split the world the way we prefer. 'GeoLite2-Country.mmdb' divides the
+        world into 7 continents: Oceania, Asia, Europe, South America,
+        North America, Africa and Antarctica. However, we also want a more
+        fine-grained division for Asia, i.e. West/East, China, Hong-Kong and
+        Japan. #}
+    {%- set world_split = {
+          "continent": {
+            "eu": "europe",
+            "af": "africa",
+            "sa": "south-america",
+            "na": "north-america",
+            "oc": "oceania",
+          },
+          "country": {}} %}
+
+    {%- for region, codes in asia.items() %}
+    {%-   for country_code in codes.split() %}
+    {%-     do world_split["country"].__setitem__(country_code, region) %}
+    {%-   endfor %}
+    {%- endfor %}
+
+    {%- for slave in slave_instance_list %}
+
+    {#-   Set the RR to use for each region, as described in
+          'slave-instance-powerdns-input-schema.json' #}
+    {%-   set rr_dict = {} %}
+    {%-   for region, default_rr in {"europe": "eu",
+                                     "africa": "af",
+                                     "south-america": "sa",
+                                     "north-america": "na",
+                                     "china-telecom": "cn-t",
+                                     "china-unicom": "cn-u",
+                                     "china-mobile": "cn-m",
+                                     "japan": "jp",
+                                     "hong-kong": "hk",
+                                     "east-asia": "as",
+                                     "west-asia": "eu",
+                                     "oceania": "oc"}.items() %}
+    {%-     do rr_dict.__setitem__(region, slave.get(region, default_rr)) %}
+    {%-   endfor %}
+
+    {#-   'code2region' maps an ISO3166 country/continent code (i.e. the client
+          origin) to a geographical region. The latter is then used to find the
+          right RR (thanks to 'rr_dict') #}
+    {%-   for placeholder, code2region in world_split.items() %}
+    {%-     for code, region in code2region.items() %}
+    {%-       set origin = slave['origin'] %}
+    {{ code }}.{{ placeholder }}.{{ origin }}:
+      - cname: {{ disambiguate_domain_name(rr_dict[region], origin) }}
+    {%-     endfor %}
+    {%-   endfor %}
+    {%- endfor %}
+
+  services:
+    {%- for slave in slave_instance_list %}
+    {%-   set origin = slave['origin'] %}
+    {{ disambiguate_domain_name(slave['record'], zone) }}:
+      {#- Note: Placeholders (i.e. "country." and "continent.") are used to avoid
+          possible name collisions, e.g.:
+          - %cc for American Samoa is 'as'
+          - %cn for Asia is also 'as' #}
+      default: ['%cc.country.{{ origin }}', '%cn.continent.{{ origin }}', '{{ disambiguate_domain_name(slave['default'], origin) }}']
+
+      # Split China's ip addresses according to ISP
+      {%- for ip_range, country_code in china %}
+      {{ ip_range }}: {{ country_code }}.country.{{ origin }}
+      {%- endfor %}
+    {%- endfor %}

software/repman/buildout.hash.cfg

@@ -18,15 +18,15 @@ md5sum = b41f521b5f7980c64260ed0e5c494450
 
 [instance-repman.cfg]
 _update_hash_filename_ = instance-repman.cfg.jinja2.in
-md5sum = 7dbaace0d7db0e26d582ad17f36ac9cd
+md5sum = 657ecdb1dfbbcf53e4e7932b3b5708c4
 
 [config-toml.in]
 _update_hash_filename_ = templates/config.toml.in
-md5sum = 5cfa75ca5a0048a050c0041dfe541f3d
+md5sum = 19fe38a342a5c9857e29f78eedb3c46e
 
 [config-cluster-toml.in]
 _update_hash_filename_ = templates/cluster-config.toml.in
-md5sum = d2e79a9435082d9420281b4f59a5d464
+md5sum = 079599a2841b5a0d5178bb12c4a30ae8
 
 [nginx.conf.in]
 _update_hash_filename_ = templates/nginx.conf.in

software/repman/instance-repman-input-schema.json

 {
-	"type": "object",
-	"$schema": "http://json-schema.org/draft-04/schema",
-	"title": "Input Parameters",
-	"properties": {
-		"slave-frontend": {
-			"title": "Web frontend",
-			"description": "Front end used to provide web access for internal services at the kvm.",
-			"properties": {
-				"slave-domain": {
-					"title": "Slave frontend domain",
-					"description": "Unique domain name for this slave frontend.",
-					"type": "string",
-					"default": ""
-				},
-				"instance-guid": {
-					"title": "Main Frontend Instance ID",
-					"description": "Unique identifier of the frontend instance, like \"SOFTINST-11031\".",
-					"type": "string",
-					"default": ""
-				},
-				"frontend-software-type": {
-					"title": "Frontend Software Type",
-					"description": "Type of the frontend instance, like \"frontend\".",
-					"type": "string"
-				},
-				"frontend-software-url": {
-					"title": "Frontend Software URL",
-					"description": "Software Release URL of the frontend instance, like \"http://example.com/path/to/software.cfg\".",
-					"type": "string",
-					"format": "uri",
-					"default": "http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg"
-				}
-			},
-			"type": "object"
-		},
-		"computer-memory-percent-threshold": {
-			"title": "Computer memory percent threshold.",
-			"description": "Computer memory percent threshold.",
-			"type": "int",
-			"default": 80
-		},
-		"monitor-interface-url": {
-			"title": "Monitor Web Interface URL",
-			"description": "Give Url of HTML web interface that will be used to render this monitor instance.",
-			"type": "string",
-			"format": "uri",
-			"default": "https://monitor.app.officejs.com"
-		},
-		"monitor-cors-domains": {
-			"title": "Monitor CORS domains",
-			"description": "List of cors domains separated with space. Needed for ajax query on this monitor instance from a different domain.",
-			"type": "string",
-			"default": "monitor.app.officejs.com"
-		},
-		"mail-from": {
-			"title": "Mail From",
-			"description": "Mail From address",
-			"type": "string",
-			"default": ""
-		},
-		"mail-smtp-addr": {
-			"title": "Mail SMTP address",
-			"description": "Mail SMTP address. Default: localhost:25",
-			"type": "string",
-			"default": "localhost:25"
-		},
-		"mail-smtp-password": {
-			"title": "Mail SMTP password",
-			"description": "Mail SMTP password",
-			"type": "string",
-			"default": ""
-		},
-		"mail-smtp-user": {
-			"title": "Mail SMTP User",
-			"description": "Mail SMTP User",
-			"type": "string",
-			"default": ""
-		},
-		"mail-to": {
-			"title": "Mail To",
-			"description": "",
-			"type": "string",
-			"default": ""
-		},
-		"tags": {
-			"title": "Provisioning db tags",
-			"description": "Provisioning db tags",
-			"type": "string",
-			"default": "gtidstrict,bind,pkg,innodb,noquerycache,slow,pfs,linux,readonly,diskmonitor,sqlerror,compressbinlog,bm4ci,mroonga,utctime,readcommitted,nohandshake"
-		},
-		"http-session-lifetime": {
-			"title": "Web Session life time in s",
-			"description": "Web interface Session life time in seconds. Default 86400",
-			"type": "integer",
-			"default": 86400
-		},
-		"http-refresh-interval": {
-			"title": "Web refresh interval in s",
-			"description": "Web interface refresh interval in s. Default 4s.",
-			"type": "integer",
-			"default": 4
-		},
-		"autorejoin": {
-			"title": "Automatic rejoin a failed master",
-			"description": "Automatic rejoin a failed master (default true)",
-			"type": "boolean",
-			"default": true
-		},
-		"autoseed": {
-			"title": "Automatic join a standalone node",
-			"description": "Automatic join a standalone node",
-			"type": "boolean",
-			"default": true
-		},
-		"repman-cluster-dict": {
-			"title": "Replication Manager clusters definition",
-			"description": "Replication Manager clusters definition",
-			"patternProperties": {
-				".*": {
-					"properties": {
-						"name": {
-							"title": "Name of the cluster",
-							"description": "Name of the cluster: Should not contains spaces or any special characters.",
-							"type": "string",
-							"default": ""
-						},
-						"database-amount": {
-							"title": "Amount of databases for cluster",
-							"description": "Database amount to deploy with this cluster. Minimal amount is 2 required to enable replication.",
-							"type": "integer",
-							"default": 2,
-							"minimum": 2
-						},
-						"-sla-0-computer_guid": {
-							"title": "Prefered Master Computer Guid",
-							"description": "Computer Guid for prefered Master database.",
-							"type": "string",
-							"default": ""
-						},
-						"-sla-1-computer_guid": {
-							"title": "Slave 1 Computer Guid",
-							"description": "Computer Guid for the first slave database.",
-							"type": "string",
-							"default": ""
-						},
-						"-sla-2-computer_guid": {
-							"title": "Slave 2 Computer Guid",
-							"description": "Computer Guid for the second slave database.",
-							"type": "string",
-							"default": ""
-						},
-						"-sla-3-computer_guid": {
-							"title": "Slave 3 Computer Guid",
-							"description": "Computer Guid for the third slave database.",
-							"type": "string",
-							"default": ""
-						},
-						"-sla-4-computer_guid": {
-							"title": "Slave 4 Computer Guid",
-							"description": "Computer Guid for the fourth slave database.",
-							"type": "string",
-							"default": ""
-						},
-						"proxysql-user": {
-							"title": "Proxysql username",
-							"description": "Proxysql external user, default is 'external'.",
-							"type": "string",
-							"default": "external"
-						},
-						"proxy-tags": {
-							"title": "Proxy tags",
-							"description": "playbook configuration tags. Default: pkg,masterslave,linux,noreadwritesplit",
-							"type": "string",
-							"default": "pkg,masterslave,linux,noreadwritesplit"
-						},
-						"logical-backup-cron": {
-							"title": "Mysqldump backup cron definition.",
-							"description": "Logical backup cron expression represents a set of times, using cron format.",
-							"type": "string",
-							"default": "0 21 * * *"
-						},
-						"physical-backup-cron": {
-							"title": "Mariabackup cron definition",
-							"description": "Physical backup cron expression represents a set of times, using cron format.",
-							"type": "string",
-							"default": "0 1 * * *"
-						},
-						"proxy-cpu-cores": {
-							"title": "Proxy Cpu cores",
-							"description": "Proxy Cpu cores. Default: 2",
-							"type": "integer",
-							"default": 2,
-							"minimum": 1
-						},
-						"proxy-memory": {
-							"title": "Proxy Memory usage in giga bytes",
-							"description": "Proxy Memory usage in giga bytes. Default: 1G",
-							"type": "integer",
-							"default": 1,
-							"minimum": 1
-						},
-						"db-cpu-cores": {
-							"title": "Database Cpu cores",
-							"description": "Database Cpu cores. Default: 2",
-							"type": "integer",
-							"default": 2,
-							"minimum": 1
-						},
-						"db-disk-iops": {
-							"title": "Database Rnd IO/s",
-							"description": "Rnd IO/s in seconds for micro service VM (default 300).",
-							"type": "integer",
-							"default": 300
-						},
-						"db-memory": {
-							"title": "Database memory in M",
-							"description": "Memory in M for micro service VM (default 256)",
-							"type": "integer",
-							"default": 256,
-							"minimum": 256,
-							"multipleOf": 256
-						},
-						"db-memory-shared-pct": {
-							"title": "Percent memory shared per buffer",
-							"description": "Percent memory shared per buffer (default \"threads:16,innodb:60,myisam:10,aria:10,rocksdb:1,tokudb:1,s3:1,archive:1,querycache:0\")",
-							"type": "string",
-							"default": "threads:16,innodb:60,myisam:10,aria:10,rocksdb:1,tokudb:1,s3:1,archive:1,querycache:0"
-						},
-						"db-memory-threaded-pct": {
-							"title": "Percent memory allocted per threads",
-							"description": "Percent memory allocted per threads. (default \"tmp:70,join:20,sort:10\")",
-							"type": "string",
-							"default": "tmp:70,join:20,sort:10"
-						},
-						"innodb-file-per-table": {
-							"title": "enable Innodb file per table",
-							"description": "enable Innodb file per table. Possible value: 0=disabled, 1=enabled",
-							"type": "integer",
-							"default": 1,
-							"minimum": 0,
-							"maximum": 1
-						},
-						"use-ipv6": {
-							"title": "Mariadb server listen on IPv6",
-							"description": "Listen on IPv6 instead of IPv4.",
-							"type": "boolean",
-							"default": true
-						},
-						"failover-mode": {
-							"title": "Failover mode",
-							"description": "Failover is manual or automatic (default \"manual\").",
-							"type": "string",
-							"default": "manual",
+  "type": "object",
+  "$schema": "http://json-schema.org/draft-04/schema",
+  "title": "Input Parameters",
+  "properties": {
+    "slave-frontend": {
+      "title": "Web frontend",
+      "description": "Front end used to provide web access for internal services at the kvm.",
+      "properties": {
+        "slave-domain": {
+          "title": "Slave frontend domain",
+          "description": "Unique domain name for this slave frontend.",
+          "type": "string",
+          "default": ""
+        },
+        "instance-guid": {
+          "title": "Main Frontend Instance ID",
+          "description": "Unique identifier of the frontend instance, like \"SOFTINST-11031\".",
+          "type": "string",
+          "default": ""
+        },
+        "frontend-software-type": {
+          "title": "Frontend Software Type",
+          "description": "Type of the frontend instance, like \"frontend\".",
+          "type": "string"
+        },
+        "frontend-software-url": {
+          "title": "Frontend Software URL",
+          "description": "Software Release URL of the frontend instance, like \"http://example.com/path/to/software.cfg\".",
+          "type": "string",
+          "format": "uri",
+          "default": "http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg"
+        }
+      },
+      "type": "object"
+    },
+    "computer-memory-percent-threshold": {
+      "title": "Computer memory percent threshold.",
+      "description": "Computer memory percent threshold.",
+      "type": "integer",
+      "default": 80
+    },
+    "monitor-interface-url": {
+      "title": "Monitor Web Interface URL",
+      "description": "Give Url of HTML web interface that will be used to render this monitor instance.",
+      "type": "string",
+      "format": "uri",
+      "default": "https://monitor.app.officejs.com"
+    },
+    "monitor-cors-domains": {
+      "title": "Monitor CORS domains",
+      "description": "List of cors domains separated with space. Needed for ajax query on this monitor instance from a different domain.",
+      "type": "string",
+      "default": "monitor.app.officejs.com"
+    },
+    "mail-from": {
+      "title": "Mail From",
+      "description": "Mail From address",
+      "type": "string",
+      "default": ""
+    },
+    "mail-smtp-addr": {
+      "title": "Mail SMTP address",
+      "description": "Mail SMTP address. Default: localhost",
+      "type": "string",
+      "default": "localhost"
+    },
+    "mail-smtp-port": {
+      "title": "Mail SMTP port",
+      "description": "Mail SMTP port. Default: 25",
+      "type": "integer",
+      "default": "25"
+    },
+    "mail-smtp-password": {
+      "title": "Mail SMTP password",
+      "description": "Mail SMTP password",
+      "type": "string",
+      "default": ""
+    },
+    "mail-smtp-user": {
+      "title": "Mail SMTP User",
+      "description": "Mail SMTP User",
+      "type": "string",
+      "default": ""
+    },
+    "mail-to": {
+      "title": "Mail To",
+      "description": "",
+      "type": "string",
+      "default": ""
+    },
+    "tags": {
+      "title": "Provisioning db tag list",
+      "description": "Provisioning db tags. Set one tag per line.",
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "default": [
+        "gtidstrict",
+        "bind",
+        "pkg",
+        "innodb",
+        "noquerycache",
+        "slow",
+        "pfs",
+        "linux",
+        "readonly",
+        "diskmonitor",
+        "sqlerror",
+        "compressbinlog",
+        "bm4ci",
+        "mroonga",
+        "utctime",
+        "readcommitted",
+        "nohandshake"
+      ]
+    },
+    "http-session-lifetime": {
+      "title": "Web Session life time in s",
+      "description": "Web interface Session life time in seconds. Default 86400",
+      "type": "integer",
+      "default": 86400
+    },
+    "http-refresh-interval": {
+      "title": "Web refresh interval in s",
+      "description": "Web interface refresh interval in s. Default 4s.",
+      "type": "integer",
+      "default": 4
+    },
+    "autorejoin": {
+      "title": "Automatic rejoin a failed master",
+      "description": "Automatic rejoin a failed master (default true)",
+      "type": "boolean",
+      "default": true
+    },
+    "autoseed": {
+      "title": "Automatic join a standalone node",
+      "description": "Automatic join a standalone node",
+      "type": "boolean",
+      "default": true
+    },
+    "repman-cluster-dict": {
+      "title": "Replication Manager clusters definition",
+      "description": "Replication Manager clusters definition",
+      "patternProperties": {
+        ".*": {
+          "properties": {
+            "name": {
+              "title": "Name of the cluster",
+              "description": "Name of the cluster: Should not contains spaces or any special characters.",
+              "type": "string",
+              "default": ""
+            },
+            "database-amount": {
+              "title": "Amount of databases for cluster",
+              "description": "Database amount to deploy with this cluster. Minimal amount is 2 required to enable replication.",
+              "type": "integer",
+              "default": 2,
+              "minimum": 2
+            },
+            "-sla-0-computer_guid": {
+              "title": "Prefered Master Computer Guid",
+              "description": "Computer Guid for prefered Master database.",
+              "type": "string",
+              "default": ""
+            },
+            "-sla-1-computer_guid": {
+              "title": "Slave 1 Computer Guid",
+              "description": "Computer Guid for the first slave database.",
+              "type": "string",
+              "default": ""
+            },
+            "-sla-2-computer_guid": {
+              "title": "Slave 2 Computer Guid",
+              "description": "Computer Guid for the second slave database.",
+              "type": "string",
+              "default": ""
+            },
+            "-sla-3-computer_guid": {
+              "title": "Slave 3 Computer Guid",
+              "description": "Computer Guid for the third slave database.",
+              "type": "string",
+              "default": ""
+            },
+            "-sla-4-computer_guid": {
+              "title": "Slave 4 Computer Guid",
+              "description": "Computer Guid for the fourth slave database.",
+              "type": "string",
+              "default": ""
+            },
+            "proxysql-user": {
+              "title": "Proxysql username",
+              "description": "Proxysql external user, default is 'external'.",
+              "type": "string",
+              "default": "external"
+            },
+            "proxy-tags": {
+              "title": "Proxy tag list",
+              "description": "playbook configuration tags. Default: [\"pkg\", \"masterslave\", \"linux\", \"noreadwritesplit\"]",
+              "type": "array",
+              "items": {
+                "type": "string"
+              },
+              "default": [
+                "pkg",
+                "masterslave",
+                "linux",
+                "noreadwritesplit"
+              ]
+            },
+            "logical-backup-cron": {
+              "title": "Mysqldump backup cron definition.",
+              "description": "Logical backup cron expression represents a set of times, using cron format.",
+              "type": "string",
+              "default": "0 21 * * *"
+            },
+            "physical-backup-cron": {
+              "title": "Mariabackup cron definition",
+              "description": "Physical backup cron expression represents a set of times, using cron format.",
+              "type": "string",
+              "default": "0 1 * * *"
+            },
+            "proxy-cpu-cores": {
+              "title": "Proxy Cpu cores",
+              "description": "Proxy Cpu cores. Default: 2",
+              "type": "integer",
+              "default": 2,
+              "minimum": 1
+            },
+            "proxy-memory": {
+              "title": "Proxy Memory usage in giga bytes",
+              "description": "Proxy Memory usage in giga bytes. Default: 1G",
+              "type": "integer",
+              "default": 1,
+              "minimum": 1
+            },
+            "db-cpu-cores": {
+              "title": "Database Cpu cores",
+              "description": "Database Cpu cores. Default: 2",
+              "type": "integer",
+              "default": 2,
+              "minimum": 1
+            },
+            "db-disk-iops": {
+              "title": "Database Rnd IO/s",
+              "description": "Rnd IO/s in seconds for micro service VM (default 300).",
+              "type": "integer",
+              "default": 300
+            },
+            "db-memory": {
+              "title": "Database memory in M",
+              "description": "Memory in M for micro service VM (default 256)",
+              "type": "integer",
+              "default": 256,
+              "minimum": 256,
+              "multipleOf": 256
+            },
+            "db-memory-shared-pct": {
+              "title": "Percent memory list shared per buffer",
+              "description": "Percent memory shared per buffer. Default: [\"threads:16\", \"innodb:60\", \"myisam:10\", \"aria:10\", \"rocksdb:1\", \"tokudb:1\", \"s3:1\", \"archive:1\", \"querycache:0\"]",
+              "type": "array",
+              "items": {
+                "type": "string"
+              },
+              "default": [
+                "threads:16",
+                "innodb:60",
+                "myisam:10",
+                "aria:10",
+                "rocksdb:1",
+                "tokudb:1",
+                "s3:1",
+                "archive:1",
+                "querycache:0"
+              ]
+            },
+            "db-memory-threaded-pct": {
+              "title": "Percent memory allocted per threads",
+              "description": "Percent memory allocted per threads. Default: [\"tmp:70\", \"join:20\", \"sort:10\"]",
+              "type": "array",
+              "items": {
+                "type": "string"
+              },
+              "default": [
+                "tmp:70",
+                "join:20",
+                "sort:10"
+              ]
+            },
+            "innodb-file-per-table": {
+              "title": "enable Innodb file per table",
+              "description": "enable Innodb file per table. Possible value: 0=disabled, 1=enabled",
+              "type": "integer",
+              "default": 1,
+              "minimum": 0,
+              "maximum": 1
+            },
+            "use-ipv6": {
+              "title": "Mariadb server listen on IPv6",
+              "description": "Listen on IPv6 instead of IPv4.",
+              "type": "boolean",
+              "default": true
+            },
+            "failover-mode": {
+              "title": "Failover mode",
+              "description": "Failover is manual or automatic (default \"manual\").",
+              "type": "string",
+              "default": "manual",
               "enum": [
                 "manual",
                 "automatic"
               ]
-
-						},
-						"failover-limit": {
-							"title": "Failover amount limit",
-							"description": "Failover is canceld if already failover this number of time (0: unlimited) (default 5).",
-							"type": "integer",
-							"default": 5
-						},
-						"failover-falsepositive-heartbeat": {
-							"title": "Failover check slaves do not receive heartbeat",
-							"description": "Failover checks that slaves do not receive heartbeat (default true).",
-							"type": "boolean",
-							"default": true
-						},
-						"failover-falsepositive-heartbeat-timeout": {
-							"title": "Failover check slaves do not receive heartbeat timeout",
-							"description": "Failover checks that slaves do not receive heartbeat detection timeout  (default 3).",
-							"type": "integer",
-							"default": 3
-						},
-						"failover-falsepositive-ping-counter": {
-							"title": "Failover amount of ping failures",
-							"description": "Failover after this number of ping failures (interval 1s) (default 5).",
-							"type": "integer",
-							"default": 5
-						},
-						"failover-max-slave-delay": {
-							"title": "Failover election ignore slave with replication delay",
-							"description": "Election ignore slave with replication delay over this time in sec (default 30).",
-							"type": "integer",
-							"default": 30
-						},
-						"failover-readonly-state": {
-							"title": "Failover Switchover set slaves as read-only",
-							"description": "Failover Switchover set slaves as read-only (default true).",
-							"type": "boolean",
-							"default": true
-						},
-						"failover-restart-unsafe": {
-							"title": "Failover when cluster down if a slave is start first",
-							"description": "Failover when cluster down if a slave is start first.",
-							"type": "boolean",
-							"default": false
-						},
-						"failover-time-limit": {
-							"title": "Cancel failover if time in sec not passed after previous failover",
-							"description": "Failover is canceled if timer in sec is not passed with previous failover (0: do not wait).",
-							"type": "integer",
-							"default": 0
-						},
-						"switchover-at-equal-gtid": {
-							"title": "Switchover only when slaves are fully in sync",
-							"description": "Switchover only when slaves are fully in sync.",
-							"type": "boolean",
-							"default": false
-						},
-						"switchover-slave-wait-catch": {
-							"title": "Switchover wait for slave to catch with replication",
-							"description": "Switchover wait for slave to catch with replication, not needed in GTID mode but enable to detect possible issues like witing on old master (default true).",
-							"type": "boolean",
-							"default": true
-						},
-						"switchover-wait-kill": {
-							"title": "Switchover wait ms before killing threads on demoted master",
-							"description": "Switchover wait this many milliseconds before killing threads on demoted master (default 5000).",
-							"type": "integer",
-							"default": 5000
-						},
-						"switchover-wait-trx": {
-							"title": "Cancel switchover after timeout seconds if can't aquire FTWRL",
-							"description": "Switchover is cancel after this timeout in second if can't aquire FTWRL (default 10).",
-							"type": "integer",
-							"default": 10
-						},
-						"switchover-wait-write-query": {
-							"title": "Cancel switchover after timeout if a write query is running",
-							"description": "Switchover is canceled if a write query is running for this time (default 10).",
-							"type": "integer",
-							"default": 10
-						}
-					},
-					"type": "object"
-				}
-			},
-			"type": "object"
-		}
-	}
+            },
+            "failover-limit": {
+              "title": "Failover amount limit",
+              "description": "Failover is canceld if already failover this number of time (0: unlimited) (default 5).",
+              "type": "integer",
+              "default": 5
+            },
+            "failover-falsepositive-heartbeat": {
+              "title": "Failover check slaves do not receive heartbeat",
+              "description": "Failover checks that slaves do not receive heartbeat (default true).",
+              "type": "boolean",
+              "default": true
+            },
+            "failover-falsepositive-heartbeat-timeout": {
+              "title": "Failover check slaves do not receive heartbeat timeout",
+              "description": "Failover checks that slaves do not receive heartbeat detection timeout  (default 3).",
+              "type": "integer",
+              "default": 3
+            },
+            "failover-falsepositive-ping-counter": {
+              "title": "Failover amount of ping failures",
+              "description": "Failover after this number of ping failures (interval 1s) (default 5).",
+              "type": "integer",
+              "default": 5
+            },
+            "failover-max-slave-delay": {
+              "title": "Failover election ignore slave with replication delay",
+              "description": "Election ignore slave with replication delay over this time in sec (default 30).",
+              "type": "integer",
+              "default": 30
+            },
+            "failover-readonly-state": {
+              "title": "Failover Switchover set slaves as read-only",
+              "description": "Failover Switchover set slaves as read-only (default true).",
+              "type": "boolean",
+              "default": true
+            },
+            "failover-restart-unsafe": {
+              "title": "Failover when cluster down if a slave is start first",
+              "description": "Failover when cluster down if a slave is start first.",
+              "type": "boolean",
+              "default": false
+            },
+            "failover-time-limit": {
+              "title": "Cancel failover if time in sec not passed after previous failover",
+              "description": "Failover is canceled if timer in sec is not passed with previous failover (0: do not wait).",
+              "type": "integer",
+              "default": 0
+            },
+            "switchover-at-equal-gtid": {
+              "title": "Switchover only when slaves are fully in sync",
+              "description": "Switchover only when slaves are fully in sync.",
+              "type": "boolean",
+              "default": false
+            },
+            "switchover-slave-wait-catch": {
+              "title": "Switchover wait for slave to catch with replication",
+              "description": "Switchover wait for slave to catch with replication, not needed in GTID mode but enable to detect possible issues like witing on old master (default true).",
+              "type": "boolean",
+              "default": true
+            },
+            "switchover-wait-kill": {
+              "title": "Switchover wait ms before killing threads on demoted master",
+              "description": "Switchover wait this many milliseconds before killing threads on demoted master (default 5000).",
+              "type": "integer",
+              "default": 5000
+            },
+            "switchover-wait-trx": {
+              "title": "Cancel switchover after timeout seconds if can't aquire FTWRL",
+              "description": "Switchover is cancel after this timeout in second if can't aquire FTWRL (default 10).",
+              "type": "integer",
+              "default": 10
+            },
+            "switchover-wait-write-query": {
+              "title": "Cancel switchover after timeout if a write query is running",
+              "description": "Switchover is canceled if a write query is running for this time (default 10).",
+              "type": "integer",
+              "default": 10
+            }
+          },
+          "type": "object"
+        }
+      },
+      "type": "object"
+    }
+  }
 }
\ No newline at end of file

software/repman/instance-repman.cfg.jinja2.in

@@ -8,7 +8,7 @@
 {% set ip = (ipv6_set | list)[0] -%}
 {% set ipv4 = (ipv4_set | list)[0] -%}
 {% set cluster_list = [] -%}
-{% set tags = "gtidstrict,bind,pkg,innodb,noquerycache,slow,pfs,linux,readonly,diskmonitor,sqlerror,compressbinlog,bm4ci,mroonga,utctime,readcommitted,nohandshake" -%}
+{% set tag_list = ["gtidstrict", "bind", "pkg", "innodb", "noquerycache", "slow", "pfs", "linux", "readonly", "diskmonitor", "sqlerror", "compressbinlog", "bm4ci", "mroonga", "utctime", "readcommitted", "nohandshake"] -%}
 {% set frontend_parameter_dict = slapparameter_dict.get('slave-frontend', {}) -%}
 
 [directory]
@@ -60,7 +60,7 @@ mode = 755
 
 {% do mariadb_dict.__setitem__('computer-memory-percent-threshold', 80) -%}
 {% set default_parameter_dict = {"cluster1": {"name": "cluster1", "db-prefered-master": "",
-  "database-amount": 2, "proxysql-user": "external", "proxy-tags": "pkg,masterslave,linux,noreadwritesplit",
+  "database-amount": 2, "proxysql-user": "external",
   "logical-backup-cron": "0 21 * * *", "physical-backup-cron": "0 1 * * *"}} -%}
 {% for name, parameter_dict in slapparameter_dict.get('repman-cluster-dict', default_parameter_dict).items() -%}
 
@@ -150,7 +150,8 @@ proxysql-servers-ipv6 = [{{ ip }}]
 password = ${repman-parameter:password}
 proxysql-partition = ${buildout:directory}
 receiver-port-list = {{ receiver_port_list | join(',') }}
-proxy-tags = {{ parameter_dict.get("proxy-tags", "pkg,masterslave,linux,noreadwritesplit") }}
+enabled-tags = {{ slapparameter_dict.get("tag-list", tag_list) | join(',') }}
+proxy-tags = {{ parameter_dict.get("proxy-tags", ["pkg", "masterslave", "linux", "noreadwritesplit"]) | join(',') }}
 logical-backup-cron = {{ parameter_dict.get("logical-backup-cron", "0 22 * * *") }}
 physical-backup-cron = {{ parameter_dict.get("physical-backup-cron", "0 0 * * *") }}
 proxy-cpu-cores = {{ parameter_dict.get("proxy-cpu-cores", 2) }}
@@ -158,8 +159,8 @@ proxy-memory = {{ parameter_dict.get("proxy-memory", 1) }}
 db-cpu-cores = {{ parameter_dict.get("db-cpu-cores", 2) }}
 db-disk-iops = {{ parameter_dict.get("db-disk-iops", 300) }}
 db-memory = {{ parameter_dict.get("db-memory", 256) }}
-db-memory-shared-pct = {{ parameter_dict.get("db-memory-shared-pct", "threads:16,innodb:60,myisam:10,aria:10,rocksdb:1,tokudb:1,s3:1,archive:1,querycache:0") }}
-db-memory-threaded-pct = {{ parameter_dict.get("db-memory-threaded-pct", "tmp:70,join:20,sort:10") }}
+db-memory-shared-pct = {{ parameter_dict.get("db-memory-shared-pct", ["threads:16", "innodb:60", "myisam:10", "aria:10", "rocksdb:1", "tokudb:1", "s3:1", "archive:1", "querycache:0"]) | join(',') }}
+db-memory-threaded-pct = {{ parameter_dict.get("db-memory-threaded-pct", ["tmp:70", "join:20", "sort:10"]) | join(',') }}
 # failover
 failover-mode = {{ parameter_dict.get('failover-mode', 'manual') }}
 failover-limit = {{ parameter_dict.get('failover-limit', 5) }}
@@ -336,11 +337,11 @@ sysbench-bin  = {{ sysbench_location }}/bin/sysbench
 restic-bin    = {{ restic_bin_location }}
 
 mail-from = {{ slapparameter_dict.get("mail-from", "mrm@localhost") }}
-mail-smtp-addr = {{ slapparameter_dict.get("mail-smtp-addr", "localhost:25") }}
+mail-smtp-addr = {{ slapparameter_dict.get("mail-smtp-addr", "localhost") }}
+mail-smtp-port = {{ slapparameter_dict.get("mail-smtp-port", "25") }}
 mail-smtp-password = {{ slapparameter_dict.get("mail-smtp-password", "") }}
 mail-smtp-user = {{ slapparameter_dict.get("mail-smtp-user", "") }}
 mail-to = {{ slapparameter_dict.get("mail-to", "") }}
-enabled-tags = {{ slapparameter_dict.get("tags", tags) }}
 
 http-session-lifetime = {{ slapparameter_dict.get("http-session-lifetime", 86400) }}
 http-refresh-interval = {{ slapparameter_dict.get("http-refresh-interval", 4) }}
@@ -354,7 +355,7 @@ command =
   {{ rsync_location }}/bin/rsync -av  dashboard ${repman:root-dir}/
 
 update-command = ${:command}
-  
+
 [replication-manager-reload]
 recipe = slapos.recipe.template:jinja2
 template = {{ template_repman_manager_sh }}

software/repman/templates/cluster-config.toml.in

@@ -22,6 +22,7 @@ proxysql-bootstrap = true
 proxysql-admin-port = {{ parameter_dict['proxy-admin-port'] }}
 proxysql-password = "{{ parameter_dict['password'] }}"
 
+prov-db-tags = "{{ parameter_dict['enabled-tags'] }}"
 prov-proxy-tags = "{{ parameter_dict['proxy-tags'] }}"
 
 monitoring-scheduler = true

software/repman/templates/config.toml.in

@@ -53,14 +53,13 @@ backup-mysqldump-path = "{{ parameter_dict['mysqldump-path'] }}"
 # Alert email sender (default "mrm@localhost")
 mail-from = "{{ parameter_dict['mail-from'] }}"
 # Alert email SMTP server address, in host:[port] format (default "localhost:25")
-mail-smtp-addr = "{{ parameter_dict['mail-smtp-addr'] }}"
+mail-smtp-addr = "{{ parameter_dict['mail-smtp-addr'] }}:{{ parameter_dict['mail-smtp-port'] }}"
 mail-smtp-password = "{{ parameter_dict['mail-smtp-password'] }}"
 mail-smtp-user = "{{ parameter_dict['mail-smtp-user'] }}"
 # Alert email recipients, separated by commas
 mail-to = "{{ parameter_dict['mail-to'] }}"
 
 prov-orchestrator = "slapos"
-prov-db-tags = "{{ parameter_dict['enabled-tags'] }}"
 
 sysbench-binary-path = "{{ parameter_dict['sysbench-bin'] }}"
 # Number of threads to run benchmark (default 4)

software/slapos-master/apache-backend.conf.in

@@ -23,14 +23,14 @@
  #       #  The path given to "SSLSessionCache shmcb:<folder_path>(512000)"
  #       "ssl-session-cache": "<folder_path>",
  #
- #       #  The path given to "SSLCACertificateFile" (can be empty)
+ #       #  The path given to "SSLCACertificatePath" (can be empty)
  #       #  If this value is not empty, it enables client certificate check.
  #       #  (Enabling "SSLVerifyClient require")
- #       "ca-cert": "<file_path>",
+ #       "ca-cert-dir": "<directory_path>",
  #
- #       #  The path given to "SSLCARevocationFile" (used if ca-cert is not
+ #       #  The path given to "SSLCARevocationPath" (used if ca-cert-dir is not
  #       #  empty)
- #       "crl": "<file_path>",
+ #       "crl-dir": "<directory_path>",
  #
  #       #  The path given to "ErrorLog"
  #       "error-log": "<file_path>",
@@ -69,7 +69,7 @@
  #  From to `backend-list`:
  #   - 0.0.0.0:8000 redirecting internaly to http://10.0.0.10:8001 and
  #   - [::1]:8000 redirecting internaly to http://10.0.0.10:8001
- #  only accepting requests from clients who provide a valid SSL certificate trusted in `ca-cert`.
+ #  only accepting requests from clients who provide a valid SSL certificate trusted in `ca-cert-dir`.
  #   - 0.0.0.0:8002 redirecting internaly to http://10.0.0.10:8003
  #   - [::1]:8002 redirecting internaly to http://10.0.0.10:8003
  #  accepting requests from any client.
@@ -83,6 +83,8 @@
  #  For more details, refer to
  #  https://docs.zope.org/zope2/zope2book/VirtualHosting.html#using-virtualhostroot-and-virtualhostbase-together
 -#}
+{% set ca_cert_dir = parameter_dict.get('ca-cert-dir') -%}
+{% set crl_dir = parameter_dict.get('crl-dir') -%}
 LoadModule unixd_module modules/mod_unixd.so
 LoadModule access_compat_module modules/mod_access_compat.so
 LoadModule authz_core_module modules/mod_authz_core.so
@@ -103,7 +105,7 @@ LoadModule headers_module modules/mod_headers.so
 LoadModule deflate_module modules/mod_deflate.so
 LoadModule filter_module modules/mod_filter.so
 
-AddOutputFilterByType DEFLATE text/cache-manifest text/html text/plain text/css application/hal+json application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/x-font-ttf application/font-woff application/font-woff2 application/x-font-opentype application/wasm
+AddOutputFilterByType DEFLATE text/cache-manifest text/html text/plain text/css application/hal+json application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript application/javascript image/svg+xml application/x-font-ttf application/font-woff application/font-woff2 application/x-font-opentype application/wasm
 
 PidFile "{{ parameter_dict['pid-file'] }}"
 ServerAdmin admin@
@@ -133,17 +135,16 @@ SSLProxyEngine On
 
 # As backend is trusting Remote-User header unset it always
 RequestHeader unset Remote-User
-{% if parameter_dict['ca-cert'] -%}
+{% if ca_cert_dir -%}
 SSLVerifyClient optional
 RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
-SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
-{%   if not parameter_dict['shared-ca-cert'] %}
-{%     if parameter_dict['crl'] -%}
+RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
+SSLCACertificatePath {{ ca_cert_dir }}
+{%   if crl_dir -%}
 SSLCARevocationCheck chain
-SSLCARevocationFile {{ parameter_dict['crl'] }}
-{%-     endif %}
-{%-   endif %}
-{%- endif %}
+SSLCARevocationPath {{ crl_dir }}
+{%   endif -%}
+{% endif -%}
 
 ErrorLog "{{ parameter_dict['error-log'] }}"
 # Default apache log format with request time in microsecond at the end
@@ -163,12 +164,8 @@ Listen {{ ip }}:{{ port }}
 {%   endfor -%}
 <VirtualHost *:{{ port }}>
   SSLEngine on
-{% if enable_authentication and parameter_dict['shared-ca-cert'] and parameter_dict['shared-crl'] -%}
+{% if enable_authentication and ca_cert_dir -%}
   SSLVerifyClient require
-  # Custom block we use for now different parameters.
-  RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
-  SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
-  SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
 
   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
 
@@ -186,11 +183,8 @@ Listen {{ ip }}:{{ port }}
 <VirtualHost {{ ip }}:{{ port }}>
   SSLEngine on
   Timeout 3600
-{%   if enable_authentication and parameter_dict['ca-cert'] and parameter_dict['crl'] -%}
+{%   if enable_authentication and ca_cert_dir -%}
   SSLVerifyClient require
-  SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
-  SSLCARevocationCheck chain
-  SSLCARevocationFile {{ parameter_dict['crl'] }}
 
   LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
 
@@ -204,4 +198,4 @@ Listen {{ ip }}:{{ port }}
   RewriteRule ^/{{path}}(.*) {{ backend }}/VirtualHostBase/https/{{ ip }}:{{ port }}/VirtualHostRoot/_vh_{{ path }}$1 [L,P]
 {%   endfor -%}
 </VirtualHost>
-{% endfor -%}
+{% endfor -%}
\ No newline at end of file

software/slapos-master/buildout.hash.cfg

@@ -18,8 +18,8 @@ md5sum = 2ef0ddc206c6b0982a37cfc21f23e423
 
 [template-balancer]
 filename = instance-balancer.cfg.in
-md5sum = ef86e09e44ac67a9b15939df0ab4a466
+md5sum = d10a5ddfffa67b8ca01b3e38315bae2f
 
 [template-apache-backend-conf]
 filename = apache-backend.conf.in
-md5sum = 48f086ce1acffca7bab942b43d856fb7
+md5sum = a169c1d6b0f2636f21f180e8a0b52137

software/slapos-master/instance-balancer.cfg.in

@@ -2,6 +2,7 @@
 {% set part_list = [] -%}
 {% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
 {% set ssl_parameter_dict = slapparameter_dict['ssl'] -%}
+{% set frontend_caucase_url_list = ssl_parameter_dict.get('frontend_caucase_url_list', []) -%}
 {% set shared_ca_path = slapparameter_dict.get('shared-certificate-authority-path') -%}
 {#
 XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
@@ -28,8 +29,8 @@ mode = 644
      url=ssl_parameter_dict['caucase-url'],
      data_dir='${directory:srv}/caucase-updater',
      crt_path='${apache-conf-ssl:caucase-cert}',
-     ca_path='${apache-conf-ssl:ca-cert}',
-     crl_path='${apache-conf-ssl:crl}',
+     ca_path='${directory:srv}/caucase-updater/ca.crt',
+     crl_path='${directory:srv}/caucase-updater/crl.pem',
      key_path='${apache-conf-ssl:caucase-key}',
      on_renew='${apache-graceful:output}',
      max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
@@ -37,6 +38,69 @@ mode = 644
      openssl=parameter_dict['openssl'] ~ '/bin/openssl',
 )}}
 {% do section('caucase-updater') -%}
+{% do section('caucase-updater-promise') -%}
+
+{% set frontend_caucase_url_hash_list = [] -%}
+{% for frontend_caucase_url in frontend_caucase_url_list -%}
+{%   set hash = hashlib.md5(frontend_caucase_url).hexdigest() -%}
+{%   do frontend_caucase_url_hash_list.append(hash) -%}
+{%   set data_dir = '${directory:srv}/client-cert-ca/%s' % hash -%}
+{{   caucase.updater(
+       prefix='caucase-updater-%s' % hash,
+       buildout_bin_directory=parameter_dict['bin-directory'],
+       updater_path='${directory:services-on-watch}/caucase-updater-%s' % hash,
+       url=frontend_caucase_url,
+       data_dir=data_dir,
+       ca_path='%s/ca.crt' % data_dir,
+       crl_path='%s/crl.pem' % data_dir,
+       on_renew='${caucase-updater-housekeeper:output}; ${apache-graceful:output}',
+       max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
+       openssl=parameter_dict['openssl'] ~ '/bin/openssl',
+     )}}
+{%   do section('caucase-updater-%s' % hash) -%}
+{% endfor -%}
+
+{% if frontend_caucase_url_hash_list -%}
+[caucase-updater-housekeeper]
+recipe = collective.recipe.template
+output = ${directory:bin}/caucase-updater-housekeeper
+mode = 700
+input =
+  inline:
+  #!${buildout:executable}
+  import glob
+  import os
+  import subprocess
+  hash_list = {{ repr(frontend_caucase_url_hash_list) }}
+  crt_list = ['%s.crt' % e for e in hash_list]
+  crl_list = ['%s.crl' % e for e in hash_list]
+{% if shared_ca_path -%}
+  crt_list.append('{{ shared_ca_path }}/cacert.pem')
+  crl_list.append('{{ shared_ca_path }}/crl')
+{% endif -%}
+  for path in glob.glob('${apache-conf-ssl:ca-cert-dir}/*.crt'):
+    if os.path.basename(path) not in crt_list:
+      os.unlink(path)
+  for path in glob.glob('${apache-conf-ssl:crl-dir}/*.crl'):
+    if os.path.basename(path) not in crl_list:
+      os.unlink(path)
+  for hash in hash_list:
+    crt = '${directory:srv}/client-cert-ca/%s/ca.crt' % hash
+    crt_link = '${apache-conf-ssl:ca-cert-dir}/%s.crt' % hash
+    crl = '${directory:srv}/client-cert-ca/%s/crl.pem' % hash
+    crl_link = '${apache-conf-ssl:crl-dir}/%s.crl' % hash
+    if os.path.isfile(crt) and not os.path.islink(crt_link):
+      os.symlink(crt, crt_link)
+    if os.path.isfile(crl) and not os.path.islink(crl_link):
+      os.symlink(crl, crl_link)
+  subprocess.check_call(['{{ parameter_dict["openssl"] }}/bin/c_rehash', '${apache-conf-ssl:ca-cert-dir}'])
+  subprocess.check_call(['{{ parameter_dict["openssl"] }}/bin/c_rehash', '${apache-conf-ssl:crl-dir}'])
+
+[caucase-updater-housekeeper-run]
+recipe = plone.recipe.command
+command = ${caucase-updater-housekeeper:output}
+update-command = ${:command}
+{% endif -%}
 
 {% set haproxy_dict = {} -%}
 {% set apache_dict = {} -%}
@@ -123,8 +187,27 @@ key = ${directory:apache-conf}/apache.pem
 # XXX caucase certificate is not supported by caddy for now
 caucase-cert = ${directory:apache-conf}/apache-caucase.crt
 caucase-key = ${directory:apache-conf}/apache-caucase.pem
-ca-cert =  ${directory:apache-conf}/ca.crt
-crl = ${directory:apache-conf}/crl.pem
+{% if frontend_caucase_url_list -%}
+depends = ${caucase-updater-housekeeper-run:recipe}
+ca-cert-dir = ${directory:apache-ca-cert-dir}
+crl-dir = ${directory:apache-crl-dir}
+{%- endif %}
+
+[simplefile]
+< = jinja2-template-base
+template = inline:{{ '{{ content }}' }}
+
+{% macro simplefile(section_name, file_path, content, mode='') -%}
+{%   set content_section_name = section_name ~ '-content' -%}
+[{{  content_section_name }}]
+content = {{ dumps(content) }}
+
+[{{  section(section_name) }}]
+< = simplefile
+rendered = {{ file_path }}
+context = key content {{content_section_name}}:content
+mode = {{ mode }}
+{%- endmacro %}
 
 [apache-ssl]
 {% if ssl_parameter_dict.get('key') -%}
@@ -154,13 +237,10 @@ cert = ${apache-ssl:cert}
 key = ${apache-ssl:key}
 cipher =
 ssl-session-cache = ${directory:log}/apache-ssl-session-cache
+{% if frontend_caucase_url_list -%}
 # Client x509 auth
-ca-cert = ${apache-conf-ssl:ca-cert}
-crl = ${apache-conf-ssl:crl}
-
-{% if shared_ca_path -%}
-shared-ca-cert = {{ shared_ca_path }}/cacert.pem
-shared-crl = {{ shared_ca_path }}/crl 
+ca-cert-dir = ${apache-conf-ssl:ca-cert-dir}
+crl-dir = ${apache-conf-ssl:crl-dir}
 {%- endif %}
 
 [apache-conf]
@@ -186,8 +266,8 @@ input = inline:
   kill -USR1 "$(cat '${apache-conf-parameter-dict:pid-file}')"
 
 [{{ section('apache-promise') }}]
-# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
 <= monitor-promise-base
+# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
 module = check_port_listening
 name = apache.py
 config-hostname = {{ ipv4 }}
@@ -228,6 +308,10 @@ post = test ! -s ${apache-conf-parameter-dict:pid-file} || {{ parameter_dict['bi
 [directory]
 recipe = slapos.cookbook:mkdirectory
 apache-conf = ${:etc}/apache
+{% if frontend_caucase_url_list -%}
+apache-ca-cert-dir = ${:apache-conf}/ssl.crt
+apache-crl-dir = ${:apache-conf}/ssl.crl
+{% endif -%}
 bin = ${buildout:directory}/bin
 etc = ${buildout:directory}/etc
 services = ${:etc}/run

software/slapos-sr-testing/buildout.hash.cfg

@@ -15,4 +15,4 @@
 
 [template]
 filename = instance.cfg
-md5sum = b21b2a9ac7f027a044a897c6eacbba56
+md5sum = 298bac4a631de3b30593b9a1dcf63e1c

software/slapos-sr-testing/instance.cfg

@@ -36,7 +36,7 @@ command-line =
   --source_code_path_list={{ ','.join(tests.splitlines()) }}
 
 environment =
-  PATH={{ buildout['bin-directory'] }}:{{ quic_client_location }}:{{ curl_location }}/bin/:/usr/bin/:/bin
+  PATH={{ buildout['bin-directory'] }}:{{ curl_location }}/bin/:/usr/bin/:/bin
   SLAPOS_TEST_IPV4=${slap-configuration:ipv4-random}
   SLAPOS_TEST_IPV6=${slap-configuration:ipv6-random}
   SLAPOS_TEST_WORKING_DIR=${directory:working-dir}

software/slapos-sr-testing/software-py3.cfg

@@ -13,3 +13,4 @@ eggs -=
 [template]
 extra =
   ${slapos.test.monitor-setup:setup}
+  ${slapos.test.powerdns-setup:setup}

software/slapos-sr-testing/software.cfg

@@ -8,7 +8,6 @@ extends =
   ../../component/python-cryptography/buildout.cfg
   ../../component/python-mysqlclient/buildout.cfg
   ../../component/python-pynacl/buildout.cfg
-  ../../component/quic_client-bin/buildout.cfg
   ../../component/python-backports-lzma/buildout.cfg
 
   ../../stack/slapos.cfg
@@ -235,7 +234,6 @@ context =
   key git_location git:location
   key slapos_location slapos-repository:location
   key interpreter eggs:interpreter
-  key quic_client_location quic_client-bin:location
   key curl_location curl:location
   key tests :tests
 tests =
@@ -251,7 +249,6 @@ extra =
   ${slapos.test.htmlvalidatorserver-setup:setup}
   ${slapos.test.slapos-master-setup:setup}
   ${slapos.test.plantuml-setup:setup}
-  ${slapos.test.powerdns-setup:setup}
   ${slapos.test.proftpd-setup:setup}
   ${slapos.test.re6stnet-setup:setup}
   ${slapos.test.seleniumserver-setup:setup}

software/slaprunner/buildout.hash.cfg

@@ -18,7 +18,7 @@ md5sum = 8d6878ff1d2e75010c50a1a2b0c13b24
 
 [template-runner]
 filename = instance-runner.cfg
-md5sum = b03f39d483cb7f3554fb40092b5b89fa
+md5sum = 376ae851bb13bd88b02ecd72249a64bd
 
 [template-runner-import-script]
 filename = template/runner-import.sh.jinja2

software/slaprunner/instance-runner.cfg

@@ -37,9 +37,12 @@ common-runner-parts =
   slaprunner-frontend-promise
   httpd-frontend-promise
 {% endif %}
-{% if slapparameter_dict.get('custom-frontend-backend-url') and slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %}
+{% if slapparameter_dict.get('custom-frontend-backend-url') %}
+  custom-frontend-url-ready-promise
+{% if slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %}
   custom-frontend-promise
 {% endif %}
+{% endif %}
 ## Monitoring part
   monitor-base
   monitor-check-webrunner-internal-instance

software/slaprunner/test/test.py

@@ -46,6 +46,8 @@ from slapos.recipe.librecipe import generateHashFromFiles
 from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
 from slapos.util import bytes2str
 
+skipIfPython3 = unittest.skipIf(six.PY3, 'rdiff-backup is not compatible with Python 3 yet')
+
 setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass(
     os.path.abspath(
         os.path.join(os.path.dirname(__file__), '..',
@@ -476,6 +478,7 @@ class TestCustomFrontend(SlaprunnerTestCase):
       parameter_dict['custom-frontend-url'],
       'https://www.erp5.com')
 
+@skipIfPython3
 class TestResilientInstance(SlaprunnerTestCase):
   instance_max_retry = 20
 
@@ -502,12 +505,14 @@ class TestResilientInstance(SlaprunnerTestCase):
         'url',
         'webdav-url']))
 
+@skipIfPython3
 class TestResilientCustomFrontend(TestCustomFrontend):
   instance_max_retry = 20
   @classmethod
   def getInstanceSoftwareType(cls):
     return 'resilient'
 
+@skipIfPython3
 class TestResilientWebInstance(TestWeb):
   instance_max_retry = 20
   @classmethod
@@ -518,6 +523,7 @@ class TestResilientWebInstance(TestWeb):
     pass # Disable until we can write on runner0 rather them
          # on root partition
 
+@skipIfPython3
 class TestResilientWebrunnerBasicUsage(TestWebRunnerBasicUsage):
   instance_max_retry = 20
   @classmethod
@@ -525,12 +531,14 @@ class TestResilientWebrunnerBasicUsage(TestWebRunnerBasicUsage):
     return 'resilient'
 
 
+@skipIfPython3
 class TestResilientWebrunnerAutorun(TestWebRunnerAutorun):
   instance_max_retry = 20
   @classmethod
   def getInstanceSoftwareType(cls):
     return 'resilient'
 
+@skipIfPython3
 class TestResilientDummyInstance(SlaprunnerTestCase):
   instance_max_retry = 20
   @classmethod

software/wendelin/software.cfg

@@ -76,7 +76,6 @@ repository = https://lab.nexedi.com/nexedi/wendelin.git
 branch = master
 
 [versions]
-msgpack = 0.6.1
 msgpack-numpy = 0.4.4.3
 wendelin.core = 0.13
 

stack/caucase/README.rst

@@ -72,7 +72,7 @@ Client
   
   This script allows you to re-issue a CSR using a locally-generated private key.
 
-.. topic:: ``updater(prefix, buildout_bin_directory, updater_path, url, data_dir, crt_path, ca_path, crl_path, key_path=None, on_renew=None, max_sleep=None, mode='service', template_csr_pem=None, openssl=None)``
+.. topic:: ``updater(prefix, buildout_bin_directory, updater_path, url, data_dir, ca_path, crl_path, crt_path=None, key_path=None, on_renew=None, max_sleep=None, mode='service', template_csr_pem=None, openssl=None)``
 
   - ``<prefix>``: Creates ``<updater>`` executable file to start ``caucase-updater``, and ``<data_dir>`` directory for its data storage needs.
   

stack/caucase/buildout.cfg

@@ -35,6 +35,6 @@ mode = 0644
 depends = ${caucase-jinja2-library-eggs:eggs}
 
 [versions]
-caucase = 0.9.7
-pem = 17.1.0
+caucase = 0.9.8
+pem = 20.1.0
 PyJWT = 1.7.1

stack/caucase/buildout.hash.cfg

@@ -15,4 +15,4 @@
 
 [caucase-jinja2-library]
 filename = caucase.jinja2.library
-md5sum = 9a7247cdb2ee1d66c074b0660c54713f
+md5sum = 2e7e61bb0cf41c28d6d811a0283cf03e

stack/caucase/caucase.jinja2.library

@@ -43,9 +43,9 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
   updater_path,
   url,
   data_dir,
-  crt_path,
   ca_path,
   crl_path,
+  crt_path=None,
   key_path=None,
   on_renew=None,
   max_sleep=None,
@@ -59,24 +59,25 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
 recipe = slapos.cookbook:mkdirectory
 data-dir = {{ data_dir }}
 
-{% if template_csr_pem or template_csr -%}
+{% if crt_path %}
+{%   if template_csr_pem or template_csr -%}
 [{{ prefix }}-provided-csr-content]
-{%   if template_csr_pem %}
+{%     if template_csr_pem %}
 content = {{ dumps(template_csr_pem) }}
-{%   elif template_csr %}
+{%     elif template_csr %}
 content = {{ template_csr }}
-{%   endif %}
+{%     endif %}
 [{{ prefix }}-provided-csr]
 recipe = slapos.recipe.template:jinja2
 mode = 644
-{%   if template_csr_pem %}
+{%     if template_csr_pem %}
 template = inline:{{ '{{ content }}' }}
 rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
 context = key content {{ prefix }}-provided-csr-content:content
-{%   elif template_csr %}
+{%     elif template_csr %}
 template = {{ '${' + prefix }}-provided-csr-content:content}
 rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
-{%   endif %}
+{%     endif %}
 {{   rerequest(
        prefix=prefix ~ '-csr',
        buildout_bin_directory=buildout_bin_directory,
@@ -84,12 +85,13 @@ rendered = ${ {{- prefix }}-directory:data-dir}/provided.csr.pem
        csr='${:csr}',
        key=key_path,
 )}}
-{%- else -%}
+{%-   else -%}
 [{{ prefix }}-csr]
 recipe = plone.recipe.command
 command = '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}'
-{%- endif %}
+{%-   endif %}
 csr = ${ {{- prefix }}-directory:data-dir}/good.csr.pem
+{%- endif %}
 
 [{{ prefix }}]
 recipe = slapos.cookbook:wrapper
@@ -98,8 +100,8 @@ command-line = '{{ buildout_bin_directory }}/caucase-updater'
   --ca-url '{{ url }}'
   --cas-ca '${ {{- prefix }}-directory:data-dir}/cas.crt.pem'
   --mode '{{ mode }}'
-  --csr '${ {{- prefix }}-csr:csr}'
-  --crt '{{ crt_path }}'
+  {% if crt_path %}--csr '${ {{- prefix }}-csr:csr}'
+  --crt '{{ crt_path }}' {%- endif %}
   --ca '{{ ca_path }}'
   --crl '{{ crl_path }}'
   {% if key_path %}--key '{{ key_path }}' {%- endif %}

stack/erp5/buildout.cfg

@@ -630,7 +630,6 @@ WSGIUtils = 0.7
 ZODB3 = 3.11.0
 # astroid 1.4.1 breaks testDynamicClassGeneration
 astroid = 1.3.8
-chardet = 2.3.0
 csp-eventlet = 0.7.0
 erp5diff = 0.8.1.7
 eventlet = 0.20.1

stack/erp5/buildout.hash.cfg

@@ -34,7 +34,7 @@ md5sum = e91c0fbd0df441884f7422fa7976053c
 
 [template-zope-conf]
 filename = zope.conf.in
-md5sum = 762897486b1e7e28b614224a9a577125
+md5sum = c43da8f7b4db22e40a4864e6cfcaef44
 
 [site-zcml]
 filename = site.zcml
@@ -70,7 +70,7 @@ md5sum = cc19560b9400cecbd23064d55c501eec
 
 [template]
 filename = instance.cfg.in
-md5sum = f0f3b18f9963b137e366752886591fc3
+md5sum = 328ea2bb5f2bff18f8be8c541c01f260
 
 [monitor-template-dummy]
 filename = dummy.cfg
@@ -90,8 +90,8 @@ md5sum = 2f3ddd328ac1c375e483ecb2ef5ffb57
 
 [template-balancer]
 filename = instance-balancer.cfg.in
-md5sum = 6851e0c28a025bd26a4d3450204ae335
+md5sum = 0097e49b5bd7ad4978c722c1cdd27d6c
 
 [template-haproxy-cfg]
 filename = haproxy.cfg.in
-md5sum = 13f1f731ec941f4ba941d6fa8834a5cc
+md5sum = fec6a312e4ef84b02837742992aaf495

stack/erp5/haproxy.cfg.in

@@ -4,10 +4,7 @@ global
   stats socket {{ parameter_dict['socket-path'] }} level admin
 
 defaults
-  log global
   mode http
-  option httplog
-  option dontlognull
   retries 1
   option redispatch
   maxconn 2000
@@ -28,12 +25,12 @@ defaults
   timeout connect 5s
   # As requested in haproxy doc, make this "at least equal to timeout server".
   timeout client 305s
-  # Use "option forceclose" to not preserve client & server persistent connections
+  # Use "option httpclose" to not preserve client & server persistent connections
   # while handling every incoming request individually, dispatching them one after
   # another to servers, in HTTP close mode. This is really needed when haproxy
   # is configured with maxconn to 1, without this option browsers are unable
   # to render a page
-  option forceclose
+  option httpclose
 
 {% for name, (port, backend_list) in sorted(parameter_dict['backend-dict'].iteritems()) -%}
 listen {{ name }}

stack/erp5/instance-balancer.cfg.in

@@ -2,6 +2,7 @@
 {% set part_list = [] -%}
 {% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
 {% set ssl_parameter_dict = slapparameter_dict['ssl'] -%}
+{% set frontend_caucase_url_list = ssl_parameter_dict.get('frontend-caucase-url-list', []) -%}
 {#
 XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
 per partition. No more (undefined result), no less (IndexError).
@@ -27,8 +28,8 @@ mode = 644
      url=ssl_parameter_dict['caucase-url'],
      data_dir='${directory:srv}/caucase-updater',
      crt_path='${apache-conf-ssl:caucase-cert}',
-     ca_path='${apache-conf-ssl:ca-cert}',
-     crl_path='${apache-conf-ssl:crl}',
+     ca_path='${directory:srv}/caucase-updater/ca.crt',
+     crl_path='${directory:srv}/caucase-updater/crl.pem',
      key_path='${apache-conf-ssl:caucase-key}',
      on_renew='${apache-graceful:output}',
      max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
@@ -38,6 +39,64 @@ mode = 644
 {% do section('caucase-updater') -%}
 {% do section('caucase-updater-promise') -%}
 
+{% set frontend_caucase_url_hash_list = [] -%}
+{% for frontend_caucase_url in frontend_caucase_url_list -%}
+{%   set hash = hashlib.md5(frontend_caucase_url).hexdigest() -%}
+{%   do frontend_caucase_url_hash_list.append(hash) -%}
+{%   set data_dir = '${directory:srv}/client-cert-ca/%s' % hash -%}
+{{   caucase.updater(
+       prefix='caucase-updater-%s' % hash,
+       buildout_bin_directory=parameter_dict['bin-directory'],
+       updater_path='${directory:services-on-watch}/caucase-updater-%s' % hash,
+       url=frontend_caucase_url,
+       data_dir=data_dir,
+       ca_path='%s/ca.crt' % data_dir,
+       crl_path='%s/crl.pem' % data_dir,
+       on_renew='${caucase-updater-housekeeper:output}; ${apache-graceful:output}',
+       max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
+       openssl=parameter_dict['openssl'] ~ '/bin/openssl',
+     )}}
+{%   do section('caucase-updater-%s' % hash) -%}
+{% endfor -%}
+
+{% if frontend_caucase_url_hash_list -%}
+[caucase-updater-housekeeper]
+recipe = collective.recipe.template
+output = ${directory:bin}/caucase-updater-housekeeper
+mode = 700
+input =
+  inline:
+  #!${buildout:executable}
+  import glob
+  import os
+  import subprocess
+  hash_list = {{ repr(frontend_caucase_url_hash_list) }}
+  crt_list = ['%s.crt' % e for e in hash_list]
+  crl_list = ['%s.crl' % e for e in hash_list]
+  for path in glob.glob('${apache-conf-ssl:ca-cert-dir}/*.crt'):
+    if os.path.basename(path) not in crt_list:
+      os.unlink(path)
+  for path in glob.glob('${apache-conf-ssl:crl-dir}/*.crl'):
+    if os.path.basename(path) not in crl_list:
+      os.unlink(path)
+  for hash in hash_list:
+    crt = '${directory:srv}/client-cert-ca/%s/ca.crt' % hash
+    crt_link = '${apache-conf-ssl:ca-cert-dir}/%s.crt' % hash
+    crl = '${directory:srv}/client-cert-ca/%s/crl.pem' % hash
+    crl_link = '${apache-conf-ssl:crl-dir}/%s.crl' % hash
+    if os.path.isfile(crt) and not os.path.islink(crt_link):
+      os.symlink(crt, crt_link)
+    if os.path.isfile(crl) and not os.path.islink(crl_link):
+      os.symlink(crl, crl_link)
+  subprocess.check_call(['{{ parameter_dict["openssl"] }}/bin/c_rehash', '${apache-conf-ssl:ca-cert-dir}'])
+  subprocess.check_call(['{{ parameter_dict["openssl"] }}/bin/c_rehash', '${apache-conf-ssl:crl-dir}'])
+
+[caucase-updater-housekeeper-run]
+recipe = plone.recipe.command
+command = ${caucase-updater-housekeeper:output}
+update-command = ${:command}
+{% endif -%}
+
 {% set haproxy_dict = {} -%}
 {% set apache_dict = {} -%}
 {% set zope_virtualhost_monster_backend_dict = {} %}
@@ -123,8 +182,27 @@ key = ${directory:apache-conf}/apache.pem
 # XXX caucase certificate is not supported by caddy for now
 caucase-cert = ${directory:apache-conf}/apache-caucase.crt
 caucase-key = ${directory:apache-conf}/apache-caucase.pem
-ca-cert =  ${directory:apache-conf}/ca.crt
-crl = ${directory:apache-conf}/crl.pem
+{% if frontend_caucase_url_list -%}
+depends = ${caucase-updater-housekeeper-run:recipe}
+ca-cert-dir = ${directory:apache-ca-cert-dir}
+crl-dir = ${directory:apache-crl-dir}
+{%- endif %}
+
+[simplefile]
+< = jinja2-template-base
+template = inline:{{ '{{ content }}' }}
+
+{% macro simplefile(section_name, file_path, content, mode='') -%}
+{%   set content_section_name = section_name ~ '-content' -%}
+[{{  content_section_name }}]
+content = {{ dumps(content) }}
+
+[{{  section(section_name) }}]
+< = simplefile
+rendered = {{ file_path }}
+context = key content {{content_section_name}}:content
+mode = {{ mode }}
+{%- endmacro %}
 
 [apache-ssl]
 {% if ssl_parameter_dict.get('key') -%}
@@ -154,9 +232,11 @@ cert = ${apache-ssl:cert}
 key = ${apache-ssl:key}
 cipher =
 ssl-session-cache = ${directory:log}/apache-ssl-session-cache
+{% if frontend_caucase_url_list -%}
 # Client x509 auth
-ca-cert = ${apache-conf-ssl:ca-cert}
-crl = ${apache-conf-ssl:crl}
+ca-cert-dir = ${apache-conf-ssl:ca-cert-dir}
+crl-dir = ${apache-conf-ssl:crl-dir}
+{%- endif %}
 
 [apache-conf]
 < = jinja2-template-base
@@ -209,6 +289,10 @@ post = test ! -s ${apache-conf-parameter-dict:pid-file} || {{ parameter_dict['bi
 [directory]
 recipe = slapos.cookbook:mkdirectory
 apache-conf = ${:etc}/apache
+{% if frontend_caucase_url_list -%}
+apache-ca-cert-dir = ${:apache-conf}/ssl.crt
+apache-crl-dir = ${:apache-conf}/ssl.crl
+{% endif -%}
 bin = ${buildout:directory}/bin
 etc = ${buildout:directory}/etc
 services = ${:etc}/run

stack/erp5/instance.cfg.in

@@ -72,6 +72,7 @@ filename = instance-balancer.cfg
 extra-context =
     section parameter_dict dynamic-template-balancer-parameters
     import itertools itertools
+    import hashlib hashlib
 import-list =
     file caucase context:caucase-jinja2-library
 

stack/erp5/zope.conf.in

@@ -25,6 +25,13 @@ rest-output-encoding utf-8
 # XXX: isn't this entry implicit ?
 products {{ parameter_dict['instance-products'] }}
 
+# Magic parameter to use the first entry of X-Forwarded-For as the source IP address.
+# (see monkey patches in ERP5Type/patches/HTTPRequest.py and ERP5Type/patches/http_server.py)
+# * Frontend HTTP server should drop incoming X-Forwarded-For.
+# * Communication between frontend and backend should use SSL Client Authentication.
+# * Backend proxy drops incoming X-Forwarded-For without valid SSL Client Authentification.
+trusted-proxy 0.0.0.0
+
 {% if not parameter_dict['wsgi'] -%}
 {%   if parameter_dict['webdav'] -%}
 <webdav-source-server>

stack/slapos.cfg

@@ -134,16 +134,16 @@ Jinja2 = 2.9.5
 MarkupSafe = 1.0
 PyYAML = 3.13
 Werkzeug = 0.12
-asn1crypto = 0.21.1
-cffi = 1.9.1
+asn1crypto = 1.3.0
+cffi = 1.14.0
 click = 6.7
 cliff = 2.4.0
 cmd2 = 0.7.0
 collective.recipe.shelloutput = 0.1
 collective.recipe.template = 2.0
-cryptography = 2.3.1
+cryptography = 2.9.2
 decorator = 4.3.0
-idna = 2.2
+idna = 2.9
 inotify-simple = 1.1.1
 itsdangerous = 0.24
 lock-file = 2.0
@@ -154,10 +154,10 @@ pbr = 2.0.0
 plone.recipe.command = 1.1
 prettytable = 0.7.2
 psutil = 5.6.3
-pyOpenSSL = 18.0.0
+pyOpenSSL = 19.1.0
 pyparsing = 2.2.0
 pytz = 2016.10
-requests = 2.13.0
+requests = 2.24.0
 six = 1.12.0
 slapos.cookbook = 1.0.152
 slapos.core = 1.5.12
@@ -174,7 +174,7 @@ unicodecsv = 0.14.1
 xml-marshaller = 1.0.2
 paramiko = 2.1.3
 CacheControl = 0.12.5
-msgpack = 0.6.1
+msgpack = 0.6.2
 
 # Required by:
 # slapos.core==1.5.0
@@ -214,7 +214,7 @@ dnspython = 1.15.0
 
 # Required by:
 # cryptography==1.8.1
-enum34 = 1.1.6
+enum34 = 1.1.10
 
 # Required by:
 # slapos.toolbox==0.94
@@ -242,7 +242,7 @@ setuptools-scm = 3.5.0
 
 # Required by:
 # cryptography==1.8.1
-ipaddress = 1.0.18
+ipaddress = 1.0.23
 
 # Required by:
 # slapos.cookbook==1.0.143
@@ -271,7 +271,7 @@ pyasn1 = 0.4.5
 
 # Required by:
 # cffi==1.9.1
-pycparser = 2.17
+pycparser = 2.20
 
 # Required by:
 # slapos.toolbox==0.94
@@ -301,6 +301,18 @@ uritemplate = 3.0.0
 # slapos.core==1.5.0
 zope.interface = 4.3.3
 
+# Required by:
+# requests==2.24.0
+certifi = 2020.6.20
+
+# Required by:
+# requests==2.24.0
+chardet = 3.0.4
+
+# Required by:
+# requests==2.24.0
+urllib3 = 1.25.9
+
 [networkcache]
 download-cache-url = http://shacache.nxdcdn.com
 download-dir-url = http://shadir.nxdcdn.com