Commit d294ba6b authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

Update Release Candidate

parents 804396fa c965227f
...@@ -23,14 +23,14 @@ ...@@ -23,14 +23,14 @@
# # The path given to "SSLSessionCache shmcb:<folder_path>(512000)" # # The path given to "SSLSessionCache shmcb:<folder_path>(512000)"
# "ssl-session-cache": "<folder_path>", # "ssl-session-cache": "<folder_path>",
# #
# # The path given to "SSLCACertificateFile" (can be empty) # # The path given to "SSLCACertificatePath" (can be empty)
# # If this value is not empty, it enables client certificate check. # # If this value is not empty, it enables client certificate check.
# # (Enabling "SSLVerifyClient require") # # (Enabling "SSLVerifyClient require")
# "ca-cert": "<file_path>", # "ca-cert-dir": "<directory_path>",
# #
# # The path given to "SSLCARevocationFile" (used if ca-cert is not # # The path given to "SSLCARevocationPath" (used if ca-cert-dir is not
# # empty) # # empty)
# "crl": "<file_path>", # "crl-dir": "<directory_path>",
# #
# # The path given to "ErrorLog" # # The path given to "ErrorLog"
# "error-log": "<file_path>", # "error-log": "<file_path>",
...@@ -69,7 +69,7 @@ ...@@ -69,7 +69,7 @@
# From to `backend-list`: # From to `backend-list`:
# - 0.0.0.0:8000 redirecting internaly to http://10.0.0.10:8001 and # - 0.0.0.0:8000 redirecting internaly to http://10.0.0.10:8001 and
# - [::1]:8000 redirecting internaly to http://10.0.0.10:8001 # - [::1]:8000 redirecting internaly to http://10.0.0.10:8001
# only accepting requests from clients who provide a valid SSL certificate trusted in `ca-cert`. # only accepting requests from clients who provide a valid SSL certificate trusted in `ca-cert-dir`.
# - 0.0.0.0:8002 redirecting internaly to http://10.0.0.10:8003 # - 0.0.0.0:8002 redirecting internaly to http://10.0.0.10:8003
# - [::1]:8002 redirecting internaly to http://10.0.0.10:8003 # - [::1]:8002 redirecting internaly to http://10.0.0.10:8003
# accepting requests from any client. # accepting requests from any client.
...@@ -83,6 +83,8 @@ ...@@ -83,6 +83,8 @@
# For more details, refer to # For more details, refer to
# https://docs.zope.org/zope2/zope2book/VirtualHosting.html#using-virtualhostroot-and-virtualhostbase-together # https://docs.zope.org/zope2/zope2book/VirtualHosting.html#using-virtualhostroot-and-virtualhostbase-together
-#} -#}
{% set ca_cert_dir = parameter_dict.get('ca-cert-dir') -%}
{% set crl_dir = parameter_dict.get('crl-dir') -%}
LoadModule unixd_module modules/mod_unixd.so LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_core_module modules/mod_authz_core.so
...@@ -133,15 +135,17 @@ SSLProxyEngine On ...@@ -133,15 +135,17 @@ SSLProxyEngine On
# As backend is trusting Remote-User header unset it always # As backend is trusting Remote-User header unset it always
RequestHeader unset Remote-User RequestHeader unset Remote-User
{% if parameter_dict['ca-cert'] -%} # Drop incoming X-Forwarded-For without valid client authentication
RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
{% if ca_cert_dir -%}
SSLVerifyClient optional SSLVerifyClient optional
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
SSLCACertificateFile {{ parameter_dict['ca-cert'] }} SSLCACertificatePath {{ ca_cert_dir }}
{% if parameter_dict['crl'] -%} {% if crl_dir -%}
SSLCARevocationCheck chain SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }} SSLCARevocationPath {{ crl_dir }}
{%- endif %} {% endif -%}
{%- endif %} {% endif -%}
ErrorLog "{{ parameter_dict['error-log'] }}" ErrorLog "{{ parameter_dict['error-log'] }}"
# Default apache log format with request time in microsecond at the end # Default apache log format with request time in microsecond at the end
...@@ -161,11 +165,9 @@ Listen {{ ip }}:{{ port }} ...@@ -161,11 +165,9 @@ Listen {{ ip }}:{{ port }}
{% endfor -%} {% endfor -%}
<VirtualHost *:{{ port }}> <VirtualHost *:{{ port }}>
SSLEngine on SSLEngine on
{% if enable_authentication and parameter_dict['ca-cert'] and parameter_dict['crl'] -%} {% if enable_authentication -%}
{{ assert(ca_cert_dir) -}}
SSLVerifyClient require SSLVerifyClient require
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }}
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
...@@ -183,11 +185,9 @@ Listen {{ ip }}:{{ port }} ...@@ -183,11 +185,9 @@ Listen {{ ip }}:{{ port }}
<VirtualHost {{ ip }}:{{ port }}> <VirtualHost {{ ip }}:{{ port }}>
SSLEngine on SSLEngine on
Timeout 3600 Timeout 3600
{% if enable_authentication and parameter_dict['ca-cert'] and parameter_dict['crl'] -%} {% if enable_authentication -%}
{{ assert(ca_cert_dir) -}}
SSLVerifyClient require SSLVerifyClient require
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }}
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
......
...@@ -14,5 +14,5 @@ ...@@ -14,5 +14,5 @@
# not need these here). # not need these here).
[template-apache-backend-conf] [template-apache-backend-conf]
filename = apache-backend.conf.in filename = apache-backend.conf.in
md5sum = bb8c175a93336f0e1838fd47225426f9 md5sum = ace264843228af84d025797f520ce70f
...@@ -13,14 +13,15 @@ parts = haproxy ...@@ -13,14 +13,15 @@ parts = haproxy
[haproxy] [haproxy]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://www.haproxy.org/download/1.8/src/haproxy-1.8.25.tar.gz url = http://www.haproxy.org/download/2.0/src/haproxy-2.0.15.tar.gz
md5sum = ef2164ca3b1ea9011aa271a8cbe030a4 md5sum = 59f892991476f08e2d16ac460c502f61
configure-command = true configure-command = true
# If the system is running on Linux 2.6, we use "linux26" as the TARGET, # for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET,
# otherwise use "generic". # otherwise use "generic".
# For ARCH value, x86_64 and i[3456]86 are supported. # For ARCH value, x86_64 and i[3456]86 are supported.
make-options = make-options =
TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux2628 || echo generic)" TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
CPU=native
ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')" ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
PREFIX=@@LOCATION@@ PREFIX=@@LOCATION@@
USE_DL=1 USE_DL=1
......
...@@ -4,5 +4,6 @@ parts = ...@@ -4,5 +4,6 @@ parts =
[libestr] [libestr]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://libestr.adiscon.com/files/download/libestr-0.1.10.tar.gz url = http://libestr.adiscon.com/files/download/libestr-0.1.11.tar.gz
md5sum = f4c9165a23587e77f7efe65d676d5e8e md5sum = 1f25a2332750d4bfacfb314235fedff0
shared = true
[buildout]
extends =
../autoconf/buildout.cfg
../automake/buildout.cfg
../pkgconfig/buildout.cfg
../m4/buildout.cfg
parts =
libfastjson
[libfastjson]
recipe = slapos.recipe.cmmi
url = https://github.com/rsyslog/libfastjson/archive/v0.99.8.tar.gz
md5sum = 730713ad1d851def7ac8898f751bbfdd
shared = true
pre-configure =
autoreconf -fvi -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal -I ${automake:location}/share/aclocal
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:%(PATH)s
M4=${m4:location}/bin/m4
# To be extended after mariadb's buildout.cfg
[mariadb]
patches +=
${:_profile_base_location_}/mdev20693.patch#34ca907d6b36ba81d75bed118243f637
From: Sergei Petrunia <psergey@askmonty.org>
Date: Tue, 1 Oct 2019 15:29:38 -0700
Subject: [PATCH] #1052: ha_rocksdb::records_in_range() vastly overestimates
#rows (#1053)
Summary:
In ha_rocksdb::records_in_range, Do not adjust the key value. See
issue comments for justification.
The optimizer_loose_index_scans test was hitting this. The testcase
there has a key(b,d) and queries with WHERE b=... and d>=98 (the latter
condition not matching any rows in the table).
Pull Request resolved: https://github.com/facebook/mysql-5.6/pull/1053
Upstream commit 2b1e7918066a967b3a48fe486e5687d786aee052.
diff -ur a/storage/rocksdb/ha_rocksdb.cc b/storage/rocksdb/ha_rocksdb.cc
--- a/storage/rocksdb/ha_rocksdb.cc 2020-05-09 21:28:02.000000000 +0200
+++ b/storage/rocksdb/ha_rocksdb.cc 2020-06-24 21:14:13.090911121 +0200
@@ -11941,11 +11941,6 @@
max_key->flag == HA_READ_AFTER_KEY) {
kd.successor(m_sk_packed_tuple_old, size2);
}
- // pad the upper key with FFFFs to make sure it is more than the lower
- if (size1 > size2) {
- memset(m_sk_packed_tuple_old + size2, 0xff, size1 - size2);
- size2 = size1;
- }
} else {
kd.get_supremum_key(m_sk_packed_tuple_old, &size2);
}
@@ -11953,8 +11948,11 @@
const rocksdb::Slice slice1((const char *)m_sk_packed_tuple, size1);
const rocksdb::Slice slice2((const char *)m_sk_packed_tuple_old, size2);
- // slice1 >= slice2 means no row will match
+ // It's possible to get slice1 == slice2 for a non-inclusive range with the
+ // right bound being successor() of the left one, e.g. "t.key>10 AND t.key<11"
if (slice1.compare(slice2) >= 0) {
+ // It's not possible to get slice2 > slice1
+ DBUG_ASSERT(slice1.compare(slice2) == 0);
DBUG_RETURN(HA_EXIT_SUCCESS);
}
diff -ur a/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result b/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result
--- a/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result 2020-05-09 21:28:02.000000000 +0200
+++ b/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result 2020-06-24 21:14:13.082911030 +0200
@@ -126,9 +126,9 @@
set optimizer_switch = 'skip_scan=off';
explain select a, b, c, d from t where a in (1, 5) and b in (1, 2) and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
-1 SIMPLE t range PRIMARY,b PRIMARY 8 NULL # Using where; Using index
+1 SIMPLE t range PRIMARY,b b 12 NULL # Using where; Using index
rows_read
-200
+0
set optimizer_switch = 'skip_scan=on,skip_scan_cost_based=off';
explain select a, b, c, d from t where a in (1, 5) and b in (1, 2) and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
@@ -140,9 +140,9 @@
set optimizer_switch = 'skip_scan=off';
explain select a, b, c, d from t where a in (1, 2, 3, 4, 5) and b in (1, 2, 3) and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
-1 SIMPLE t range PRIMARY,b PRIMARY 8 NULL # Using where; Using index
+1 SIMPLE t range PRIMARY,b b 12 NULL # Using where; Using index
rows_read
-750
+0
set optimizer_switch = 'skip_scan=on,skip_scan_cost_based=off';
explain select a, b, c, d from t where a in (1, 2, 3, 4, 5) and b in (1, 2, 3) and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
@@ -154,9 +154,9 @@
set optimizer_switch = 'skip_scan=off';
explain select a, b, c, d from t where a = 5 and b = 2 and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
-1 SIMPLE t ref PRIMARY,b PRIMARY 8 const,const # Using where; Using index
+1 SIMPLE t range PRIMARY,b b 12 NULL # Using where; Using index
rows_read
-50
+0
set optimizer_switch = 'skip_scan=on,skip_scan_cost_based=off';
explain select a, b, c, d from t where a = 5 and b = 2 and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
@@ -271,7 +271,7 @@
1
explain select a, b, c, d from t where (a < 1 or a = 4 or a = 5) and b in (1, 2, 3) and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
-1 SIMPLE t range PRIMARY,b PRIMARY 8 NULL # Using where; Using index
+1 SIMPLE t range PRIMARY,b b 8 NULL # Using where; Using index
select count(*) from information_schema.optimizer_trace where trace like '%prefix_not_const_equality%';
count(*)
1
diff -ur a/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result b/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result
--- a/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result 2020-05-09 21:28:02.000000000 +0200
+++ b/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result 2020-06-24 21:14:13.082911030 +0200
@@ -27,3 +27,42 @@
date
2018-10-05
drop table t1;
+#
+# Issue #1052: ha_rocksdb::records_in_range() vastly overestimates the number of rows in certain ranges
+#
+CREATE TABLE t1 (
+part_id smallint(5) unsigned NOT NULL,
+oid bigint(20) unsigned NOT NULL,
+tid bigint(20) unsigned NOT NULL,
+filler char(32),
+KEY tid (part_id,tid,oid)
+) ENGINE=ROCKSDB;
+create table t2(a int primary key);
+insert into t2 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
+create table t3(a int primary key);
+insert into t3 select A.a + B.a* 10 + C.a * 100 from t2 A, t2 B, t2 C;
+set rocksdb_max_row_locks=1000000;
+insert into t1
+select
+0,
+A.a + 1000*B.a,
+A.a + 1000*B.a,
+'filler-data'
+from t2 A, t3 B;
+insert into t1
+select
+1,
+A.a + 1000*B.a,
+A.a + 1000*B.a,
+'filler-data'
+from t2 A, t3 B;
+set global rocksdb_force_flush_memtable_now=1;
+explain select * from t1 where part_id=0 and tid>100000000;
+id select_type table type possible_keys key key_len ref rows Extra
+1 SIMPLE t1 range tid tid 10 NULL # Using index condition
+# We can't check "rows" in EXPLAIN output directly as that value tends
+# to change a bit. Instead, check that the value is sufficiently low
+select @a < 10 as "MUST BE 1";
+MUST BE 1
+1
+drop table t2,t3,t1;
diff -ur a/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test b/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test
--- a/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test 2020-05-09 21:28:02.000000000 +0200
+++ b/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test 2020-06-24 21:14:13.082911030 +0200
@@ -31,3 +31,63 @@
select * from t1 where date < '2018-10-09' order by date desc limit 1;
drop table t1;
+
+--echo #
+--echo # Issue #1052: ha_rocksdb::records_in_range() vastly overestimates the number of rows in certain ranges
+--echo #
+
+CREATE TABLE t1 (
+ part_id smallint(5) unsigned NOT NULL,
+ oid bigint(20) unsigned NOT NULL,
+ tid bigint(20) unsigned NOT NULL,
+ filler char(32),
+ KEY tid (part_id,tid,oid)
+) ENGINE=ROCKSDB;
+
+create table t2(a int primary key);
+insert into t2 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
+
+create table t3(a int primary key);
+insert into t3 select A.a + B.a* 10 + C.a * 100 from t2 A, t2 B, t2 C;
+
+set rocksdb_max_row_locks=1000000;
+insert into t1
+select
+ 0,
+ A.a + 1000*B.a,
+ A.a + 1000*B.a,
+ 'filler-data'
+from t2 A, t3 B;
+
+insert into t1
+select
+ 1,
+ A.a + 1000*B.a,
+ A.a + 1000*B.a,
+ 'filler-data'
+from t2 A, t3 B;
+set global rocksdb_force_flush_memtable_now=1;
+
+--replace_column 9 #
+explain select * from t1 where part_id=0 and tid>100000000;
+
+--echo # We can't check "rows" in EXPLAIN output directly as that value tends
+--echo # to change a bit. Instead, check that the value is sufficiently low
+
+let $explain=`explain select * from t1 where part_id=0 and tid>100000000`;
+--disable_query_log
+eval set @a= '$explain';
+set @a=(select substr(@a, 1+locate('\t', @a))); # id
+set @a=(select substr(@a, 1+locate('\t', @a))); # select_type
+set @a=(select substr(@a, 1+locate('\t', @a))); # table
+set @a=(select substr(@a, 1+locate('\t', @a))); # type
+set @a=(select substr(@a, 1+locate('\t', @a))); # possible_keys
+set @a=(select substr(@a, 1+locate('\t', @a))); # key
+set @a=(select substr(@a, 1+locate('\t', @a))); # key_len
+set @a=(select substr(@a, 1+locate('\t', @a))); # ref
+# ok now at rows
+set @a=(select substr(@a, 1, locate('\t', @a)-1)); # rows
+--enable_query_log
+
+select @a < 10 as "MUST BE 1";
+drop table t2,t3,t1;
...@@ -2,33 +2,42 @@ ...@@ -2,33 +2,42 @@
extends = extends =
../autoconf/buildout.cfg ../autoconf/buildout.cfg
../automake/buildout.cfg ../automake/buildout.cfg
../bison/buildout.cfg
../flex/buildout.cfg
../git/buildout.cfg
../boost-lib/buildout.cfg ../boost-lib/buildout.cfg
../libtool/buildout.cfg ../libtool/buildout.cfg
../make/buildout.cfg ../make/buildout.cfg
../mariadb/buildout.cfg ../openssl/buildout.cfg
../pkgconfig/buildout.cfg ../pkgconfig/buildout.cfg
../ragel/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
# For geoip backend
# https://doc.powerdns.com/authoritative/backends/geoip.html
../geoip2/buildout.cfg
../yaml-cpp/buildout.cfg
parts = parts =
powerdns powerdns
[powerdns] [powerdns]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://downloads.powerdns.com/releases/pdns-3.3.1.tar.gz url = http://downloads.powerdns.com/releases/pdns-4.2.1.tar.bz2
md5sum = 074e2ff211fd12ecad25b5c1cc190dd4 md5sum = b5f3998a3bc438b905c72c0473408839
configure-options = configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_} --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-boost=${boost-lib:location} --with-boost=${boost-lib:location}
--with-modules="geo" --with-libcrypto=${openssl:location}
--with-modules="geoip"
--with-dynmodules="" --with-dynmodules=""
--without-lua --without-lua
--disable-lua-records
pkg_config_depends = ${yaml-cpp:location}/lib/pkgconfig
environment = environment =
PATH=${make:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:${bison:location}/bin:${flex:location}/bin:${git:location}/bin:${ragel:location}/bin:%(PATH)s PATH=${autoconf:location}/bin:${automake:location}/bin:${libmaxminddb:location}/bin:${libtool:location}/bin:${make:location}/bin:${pkgconfig:location}/bin:%(PATH)s
LDFLAGS=-L${boost-lib:location}/lib -Wl,-rpath=${boost-lib:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lz LDFLAGS=-L${boost-lib:location}/lib -Wl,-rpath=${boost-lib:location}/lib -L${libmaxminddb:location}/lib -Wl,-rpath=${libmaxminddb:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${yaml-cpp:location}/lib -Wl,-rpath=${yaml-cpp:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
CPPFLAGS=-I${boost-lib:location}/include CPPFLAGS=-I${boost-lib:location}/include -I${libmaxminddb:location}/include -I${yaml-cpp:location}/include
PKG_CONFIG_PATH=${:pkg_config_depends}
# XXX: Override the default value "-Llib -lyaml-cpp"; "-Llib" is a problem
YAML_LIBS = -lyaml-cpp
make-options =
LIBTOOL=libtool
make-target = make-target =
install install
[buildout]
extends =
../bzip2/buildout.cfg
../gdbm/buildout.cfg
../libexpat/buildout.cfg
../libffi/buildout.cfg
../ncurses/buildout.cfg
../openssl/buildout.cfg
../pkgconfig/buildout.cfg
../sqlite3/buildout.cfg
../zlib/buildout.cfg
[pycparser-shared]
# XXX:
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/eliben/pycparser/archive/release_v2.20.tar.gz
md5sum = a5d9ea5350a8edb8239af73913ea2858
configure-command = :
make-binary =
make-targets = python setup.py install --install-lib @@LOCATION@@
[pypy2]
recipe = slapos.recipe.cmmi
shared = true
url = https://bitbucket.org/pypy/pypy/downloads/pypy2.7-v7.3.1-src.tar.bz2
md5sum = 7608bd58940ffc5403632c2c786d83bb
configure-command =
sed -i '/"_tkinter":/s/^/#/' lib_pypy/tools/build_cffi_imports.py
cat <<EOF > Makefile
PREFIX = @@LOCATION@@
export PYPY_USESSION_BASENAME=slapos
export TMPDIR=\$(realpath ..)
all: pypy/goal/pypy-c lib_pypy/tools/build_cffi_imports.py
\$^
c_src_dir:
cd pypy/goal && PYTHONPATH=${pycparser-shared:location} $${PYTHON:-python2} ../../rpython/bin/rpython --batch --source --opt=jit --shared targetpypystandalone
ln -s ../usession-\$\$PYPY_USESSION_BASENAME-\$\$USER/testing_1 \$@
pypy/goal/pypy-c: c_src_dir
\$(MAKE) -C \$<
mv \$</libpypy-c.so \$</pypy-c pypy/goal
touch \$@
install:
mkdir -p \$(PREFIX)/bin \$(PREFIX)/include
find lib_pypy lib-python/2.7 -type d '(' '(' -name __pycache__ -o -name _tkinter -o -name test -o -name tests ')' -prune -o -print ')' \
|while read d; do mkdir -p \$(PREFIX)/\$\$d && find \$\$d -maxdepth 1 -type f ! -name '*.o' ! -name '*.c' |xargs -r cp -t \$(PREFIX)/\$\$d; done
d=lib-python/2.7/test && mkdir -p \$(PREFIX)/\$\$d && for x in __init__ pystone regrtest test_support; do echo \$\$d/\$\$x.py; done |xargs -r cp -t \$(PREFIX)/\$\$d
cd lib-python && cp conftest.py stdlib-version.* \$(PREFIX)/lib-python
cp -r include/pypy_*.h include/PyPy.h pypy/module/cpyext/include/* pypy/module/cpyext/parse/* \$(PREFIX)/include
cd pypy/goal && cp libpypy-c.so \$(PREFIX)/bin && cp pypy-c \$(PREFIX)/bin/pypy
environment =
C_INCLUDE_PATH=${bzip2:location}/include:${gdbm:location}/include:${libexpat:location}/include:${ncurses:location}/include:${ncurses:location}/include/ncursesw:${openssl:location}/include:${sqlite3:location}/include:${zlib:location}/include
LDFLAGS=-L${bzip2:location}/lib -L${gdbm:location}/lib -L${libexpat:location}/lib -L${libffi:location}/lib -L${ncurses:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -L${zlib:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${libffi:location}/lib/pkgconfig
...@@ -2,21 +2,25 @@ ...@@ -2,21 +2,25 @@
parts = parts =
rsyslogd rsyslogd
extends = extends =
../curl/buildout.cfg
../libestr/buildout.cfg ../libestr/buildout.cfg
../json-c/buildout.cfg ../libfastjson/buildout.cfg
../libuuid/buildout.cfg ../libuuid/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
[rsyslogd] [rsyslogd]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.12.0.tar.gz url = https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2004.0.tar.gz
md5sum = c31c2d545c8a3b8695bdf076851d1517 md5sum = 375a60ab0f461367f84f07a5dbda6de2
shared = true
configure-options = configure-options =
--disable-klog --disable-klog
--disable-libgcrypt --disable-libgcrypt
--disable-liblogging-stdlog --disable-liblogging-stdlog
--disable-libsystemd
environment = environment =
PKG_CONFIG_PATH=${libestr:location}/lib/pkgconfig:${json-c:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig PATH=${pkgconfig:location}/bin:%(PATH)s
CPPFLAGS=-I${libestr:location}/include -I${json-c:location}/include -I${libuuid:location}/include -I${zlib:location}/include PKG_CONFIG_PATH=${libestr:location}/lib/pkgconfig:${curl:location}/lib/pkgconfig:${libfastjson:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig
LDFLAGS=-Wl,-rpath=${libestr:location}/lib -Wl,-rpath=${json-c:location}/lib -Wl,-rpath=${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib CPPFLAGS=-I${libestr:location}/include -I${curl:location}/include -I${libfastjson:location}/include -I${libuuid:location}/include -I${zlib:location}/include
LDFLAGS=-Wl,-rpath=${libestr:location}/lib -Wl,-rpath=${curl:location}/lib -Wl,-rpath=${libfastjson:location}/lib -Wl,-rpath=${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
ZLIB_CFLAGS=-I${zlib:location}/include ZLIB_CFLAGS=-I${zlib:location}/include
...@@ -86,8 +86,12 @@ environment += ...@@ -86,8 +86,12 @@ environment +=
pre-configure = pre-configure =
sed -i 's#/opt/slapos/parts/dbus/lib/libdbus-1.la#${dbus:location}/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la sed -i 's#/opt/slapos/parts/dbus/lib/libdbus-1.la#${dbus:location}/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la
environment += environment +=
PATH=${pkgconfig:location}/bin:${python:location}/bin:%(PATH)s
LD_LIBRARY_PATH=${dbus:location}/lib LD_LIBRARY_PATH=${dbus:location}/lib
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${dbus:location}/lib -Wl,-rpath=${dbus:location}/lib LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${dbus:location}/lib -Wl,-rpath=${dbus:location}/lib
PYTHON=${python:location}/bin/python${python:version}
PYTHON_INCLUDES=-I${python:location}/include/python${python:version}
PYTHON_LIBS=-L${python:location}/lib -lpython${python:version} -lpthread -ldl -lutil -lm
post-install = post-install =
sed -i 's#${dbus:location}/lib/libdbus-1.la#/opt/slapos/parts/dbus/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la sed -i 's#${dbus:location}/lib/libdbus-1.la#/opt/slapos/parts/dbus/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la
...@@ -110,7 +114,7 @@ make-options = ...@@ -110,7 +114,7 @@ make-options =
[gobject-introspection] [gobject-introspection]
pre-configure = pre-configure =
ln -s ${python2.7:location}/bin/python2.7 ${python2.7:location}/bin/python2. ln -s ${python:location}/bin/python${python:version} ${python:location}/bin/python2.
sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config
libtoolize -c -f libtoolize -c -f
aclocal -I${pkgconfig:location}/share/aclocal -I${gettext:location}/share/aclocal -I${libtool:location}/share/aclocal -I${glib:location}/share/aclocal aclocal -I${pkgconfig:location}/share/aclocal -I${gettext:location}/share/aclocal -I${libtool:location}/share/aclocal -I${glib:location}/share/aclocal
...@@ -120,24 +124,24 @@ configure-options += ...@@ -120,24 +124,24 @@ configure-options +=
environment += environment +=
PATH=${autoconf:location}/bin:${automake:location}/bin:${pkgconfig:location}/bin:${libtool:location}/bin:${intltool:location}/bin:${gettext:location}/bin:${glib:location}/bin:${flex:location}/bin:${bison-go:location}/bin:%(PATH)s PATH=${autoconf:location}/bin:${automake:location}/bin:${pkgconfig:location}/bin:${libtool:location}/bin:${intltool:location}/bin:${gettext:location}/bin:${glib:location}/bin:${flex:location}/bin:${bison-go:location}/bin:%(PATH)s
GIR_DIR=${buildout:parts-directory}/${:_buildout_section_name_}/share/gir-1.0 GIR_DIR=${buildout:parts-directory}/${:_buildout_section_name_}/share/gir-1.0
CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${python2.7:location}/include/python2.7 CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${python:location}/include/python${python:version}
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi -L${python2.7:location}/lib LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi -L${python:location}/lib
ACLOCAL_PATH=${pkgconfig:location}/share/aclocal:${gettext:location}/share/aclocal:${libtool:location}/share/aclocal:${glib:location}/share/aclocal:${intltool:location}/share/aclocal ACLOCAL_PATH=${pkgconfig:location}/share/aclocal:${gettext:location}/share/aclocal:${libtool:location}/share/aclocal:${glib:location}/share/aclocal:${intltool:location}/share/aclocal
M4=${m4:location}/bin/m4 M4=${m4:location}/bin/m4
PERL5LIB=${perl:location}/lib/5.28.1/ PERL5LIB=${perl:location}/lib/5.28.1/
post-install = post-install =
sed -i 's#!${python2.7:location}/bin/python2.7#!/opt/slapos/parts/python2.7/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!${python:location}/bin/python${python:version}#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#' ${python:location}/bin/python-config
rm -rf ${bison-go:location} rm -rf ${bison-go:location}
[pygobject3] [pygobject3]
pre-configure += pre-configure +=
sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#!${python:location}/bin/python${python:version}#' ${python:location}/bin/python-config
environment += environment +=
CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${gettext:location}/include -I${libffi:location}/include -I${python2.7:location}/include/python2.7 CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${gettext:location}/include -I${libffi:location}/include -I${python:location}/include/python${python:version}
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${python2.7:location}/lib LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${python:location}/lib
post-install = post-install =
sed -i 's#!${python2.7:location}/bin/python2.7#!/opt/slapos/parts/python2.7/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!${python:location}/bin/python${python:version}#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#' ${python:location}/bin/python-config
[ncurses] [ncurses]
configure-options = configure-options =
......
...@@ -16,7 +16,6 @@ shared = true ...@@ -16,7 +16,6 @@ shared = true
url = https://github.com/akopytov/sysbench/archive/1.0.19.tar.gz url = https://github.com/akopytov/sysbench/archive/1.0.19.tar.gz
md5sum = 2912bfe7238cac7351459019a84e2557 md5sum = 2912bfe7238cac7351459019a84e2557
pre-configure = pre-configure =
aclocal -I${pkgconfig:location}/share/aclocal -I${libtool:location}/share/aclocal -I${gettext:location}/share/aclocal
./autogen.sh ./autogen.sh
configure-options = configure-options =
--disable-static --disable-static
......
[buildout]
extends =
../cmake/buildout.cfg
parts =
yaml-cpp
[yaml-cpp]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-0.6.3.tar.gz
md5sum = b45bf1089a382e81f6b661062c10d0c2
location = @@LOCATION@@
configure-command =
mkdir build && cd build && \
${cmake:location}/bin/cmake \
-DYAML_BUILD_SHARED_LIBS=ON \
-DCMAKE_INSTALL_PREFIX=${:location} \
..
make-options = -C build
...@@ -3,10 +3,7 @@ global ...@@ -3,10 +3,7 @@ global
stats socket %(socket_path)s level admin stats socket %(socket_path)s level admin
defaults defaults
log global
mode http mode http
option httplog
option dontlognull
retries 1 retries 1
option redispatch option redispatch
maxconn 2000 maxconn 2000
...@@ -23,11 +20,11 @@ defaults ...@@ -23,11 +20,11 @@ defaults
timeout connect 5s timeout connect 5s
# As requested in haproxy doc, make this "at least equal to timeout server". # As requested in haproxy doc, make this "at least equal to timeout server".
timeout client 305s timeout client 305s
# Use "option forceclose" to not preserve client & server persistent connections # Use "option httpclose" to not preserve client & server persistent connections
# while handling every incoming request individually, dispatching them one after # while handling every incoming request individually, dispatching them one after
# another to servers, in HTTP close mode. This is really needed when haproxy # another to servers, in HTTP close mode. This is really needed when haproxy
# is configured with maxconn to 1, without this options browser are unable # is configured with maxconn to 1, without this options browser are unable
# to render a page # to render a page
option forceclose option httpclose
%(server_text)s %(server_text)s
...@@ -237,14 +237,6 @@ Will append the specified path to the "VirtualHostRoot" of the zope's VirtualHos ...@@ -237,14 +237,6 @@ Will append the specified path to the "VirtualHostRoot" of the zope's VirtualHos
"path" is an optional parameter, ignored if not specified. "path" is an optional parameter, ignored if not specified.
Example of value: "/erp5/web_site_module/hosting/" Example of value: "/erp5/web_site_module/hosting/"
caddy_custom_https
~~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
caddy_custom_http
~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above
url url
~~~ ~~~
Necessary to activate cache. ``url`` of backend to use. Necessary to activate cache. ``url`` of backend to use.
...@@ -359,33 +351,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be:: ...@@ -359,33 +351,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
partition_parameter_kw={ partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234", "url":"https://[1:2:3:4:5:6:7:8]:1234",
"caddy_custom_https":'
https://www.example.com:%(https_port)s, https://example.com:%(https_port)s {
bind %(local_ipv4)s
tls %(certificate)s %(certificate)s
log / %(access_log)s {combined}
errors %(error_log)s
proxy / https://[1:2:3:4:5:6:7:8]:1234 {
transparent
timeout 600s
insecure_skip_verify
}
}
"caddy_custom_http":'
http://www.example.com:%(http_port)s, http://example.com:%(http_port)s {
bind %(local_ipv4)s
log / %(access_log)s {combined}
errors %(error_log)s
proxy / https://[1:2:3:4:5:6:7:8]:1234/ {
transparent
timeout 600s
insecure_skip_verify
}
}
Simple Cache Example - XXX - to be written Simple Cache Example - XXX - to be written
------------------------------------------ ------------------------------------------
...@@ -402,40 +367,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be:: ...@@ -402,40 +367,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
"domain": "www.example.org", "domain": "www.example.org",
"enable_cache": "True", "enable_cache": "True",
"caddy_custom_https":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLEngine on
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
RewriteRule ^/(.*) %(cache_access)s/$1 [L,P]',
"caddy_custom_http":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*) %(cache_access)s/$1 [L,P],
}
)
Advanced example - XXX - to be written Advanced example - XXX - to be written
-------------------------------------- --------------------------------------
...@@ -457,56 +388,6 @@ the proxy:: ...@@ -457,56 +388,6 @@ the proxy::
"path":"/erp5", "path":"/erp5",
"domain":"example.org", "domain":"example.org",
"caddy_custom_https":'
ServerName www.example.org
ServerAlias www.example.org
ServerAdmin example.org
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
# Use personal ssl certificates
SSLCertificateFile %(ssl_crt)s
SSLCertificateKeyFile %(ssl_key)s
SSLCACertificateFile %(ssl_ca_crt)s
SSLCertificateChainFile %(ssl_ca_crt)s
# Configure personal logs
ErrorLog "%(error_log)s"
LogLevel info
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Redirect / to /index.html
RewriteRule ^/$ /index.html [R=302,L]
# Use cache
RewriteRule ^/(.*) %(cache_access)s/VirtualHostBase/https/www.example.org:443/erp5/VirtualHostRoot/$1 [L,P]',
"caddy_custom_http":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Configure personal logs
ErrorLog "%(error_log)s"
LogLevel info
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*)$ https://%%{SERVER_NAME}%%{REQUEST_URI}',
"ssl_key":"-----BEGIN RSA PRIVATE KEY----- "ssl_key":"-----BEGIN RSA PRIVATE KEY-----
XXXXXXX..........XXXXXXXXXXXXXXX XXXXXXX..........XXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----", -----END RSA PRIVATE KEY-----",
...@@ -522,20 +403,6 @@ the proxy:: ...@@ -522,20 +403,6 @@ the proxy::
} }
) )
QUIC Protocol
=============
Note: QUIC support in Caddy is really experimental. It can result with silently having problems with QUIC connections or hanging Caddy process. So in case of QUIC error ``QUIC_NETWORK_IDLE_TIMEOUT`` or ``QUIC_PEER_GOING_AWAY`` it is required to restart caddy process.
Note: Chrome will refuse to connect to QUIC on different port then HTTPS has been served. As Caddy binds to high ports, if QUIC is wanted, the browser need to connect to high port too.
Experimental QUIC available in Caddy is not configurable. If caddy is configured to bind to HTTPS port ``${port}``, QUIC is going to be advertised on this port only. It is not possible to configure another public port in case of port rewriting.
So it is required to ``DNAT`` from ``${public IP}`` of the computer to the computer partition running caddy ``${local IP}`` with configured port::
iptables -A DNAT -d ${public IP}/32 -p udp -m udp --dport ${port} -j DNAT --to-destination ${local IP}:${port}
Promises Promises
======== ========
...@@ -621,3 +488,8 @@ Each `caddy-frontend-N` partition downloads certificates from the kedifa server. ...@@ -621,3 +488,8 @@ Each `caddy-frontend-N` partition downloads certificates from the kedifa server.
Caucase (exposed by ``kedifa-caucase-url`` in master partition parameters) is used to handle certificates for authentication to kedifa server. Caucase (exposed by ``kedifa-caucase-url`` in master partition parameters) is used to handle certificates for authentication to kedifa server.
If ``automatic-internal-kedifa-caucase-csr`` is enabled (by default it is) there are scripts running on master partition to simulate human to sign certificates for each caddy-frontend-N node. If ``automatic-internal-kedifa-caucase-csr`` is enabled (by default it is) there are scripts running on master partition to simulate human to sign certificates for each caddy-frontend-N node.
Support for X-Real-Ip and X-Forwarded-For
-----------------------------------------
X-Forwarded-For and X-Real-Ip are transmitted to the backend, but only for IPv4 access to the frontend. In case of IPv6 access, the provided IP will be wrong, because of using 6tunnel.
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 816bc8179cf4195a35e07f22c36679fa md5sum = 20f7a925e686949092823595c79a0523
[template-common] [template-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,26 +22,22 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b ...@@ -22,26 +22,22 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 60aefa15002b04665a95a6c197eac5ab md5sum = 0851faa528eb4f21330a6f23f77dea7f
[template-caddy-replicate] [template-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = 087bd9404cd120bd7602a9fbfcddc064 md5sum = a544bf7586f5945bbf108abe9818c7dd
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = d96fea7dd4d7f0a157c86d25a263d8e1 md5sum = 9da1616d203e4909af37e658aa923d95
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
md5sum = 54ae95597a126ae552c3a913ddf29e5e
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
md5sum = 7e3ee70c447f8203273d78f66ab519c3 md5sum = 7e3ee70c447f8203273d78f66ab519c3
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
filename = templates/Caddyfile.in _update_hash_filename_ = templates/Caddyfile.in
md5sum = f0faf6d2e6c187df7e25bf717676f9df md5sum = f0faf6d2e6c187df7e25bf717676f9df
[caddy-backend-url-validator] [caddy-backend-url-validator]
...@@ -49,63 +45,63 @@ filename = templates/caddy-backend-url-validator.in ...@@ -49,63 +45,63 @@ filename = templates/caddy-backend-url-validator.in
md5sum = 0979a03476e86bf038516c9565dadc17 md5sum = 0979a03476e86bf038516c9565dadc17
[template-not-found-html] [template-not-found-html]
filename = templates/notfound.html _update_hash_filename_ = templates/notfound.html
md5sum = f20d6c3d2d94fb685f8d26dfca1e822b md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in _update_hash_filename_ = templates/default-virtualhost.conf.in
md5sum = 7e26935bb6daf00d8fc01d97eebc7abd md5sum = a72e9056eeda3c7c794f6f6560056380
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in _update_hash_filename_ = templates/cached-virtualhost.conf.in
md5sum = a73839d777fbd548286bbeccf47be335 md5sum = e839ca3cb308f7fcdfa06c2f1b95e93f
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in _update_hash_filename_ = templates/template-log-access.conf.in
md5sum = f8068179333ce19e95df561c70073857 md5sum = f8068179333ce19e95df561c70073857
[template-empty] [template-empty]
filename = templates/empty.in _update_hash_filename_ = templates/empty.in
md5sum = c2314c3a9c3412a38d14b312d3df83c1 md5sum = c2314c3a9c3412a38d14b312d3df83c1
[template-wrapper] [template-wrapper]
filename = templates/wrapper.in _update_hash_filename_ = templates/wrapper.in
md5sum = 8cde04bfd0c0e9bd56744b988275cfd8 md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
[template-trafficserver-records-config] [template-trafficserver-records-config]
filename = templates/trafficserver/records.config.jinja2 _update_hash_filename_ = templates/trafficserver/records.config.jinja2
md5sum = 3a4e378932ffc7768426bb7a897e2c45 md5sum = f3f31188de56bb35383335b3219537f4
[template-trafficserver-storage-config] [template-trafficserver-storage-config]
filename = templates/trafficserver/storage.config.jinja2 _update_hash_filename_ = templates/trafficserver/storage.config.jinja2
md5sum = baf7b89cc9ab5506100b0c900808c1ea md5sum = baf7b89cc9ab5506100b0c900808c1ea
[template-trafficserver-logging-config] [template-trafficserver-logging-config]
filename = templates/trafficserver/logging.config.jinja2 _update_hash_filename_ = templates/trafficserver/logging.config.jinja2
md5sum = 6aed31174dc262ced02f31624321df41 md5sum = 6aed31174dc262ced02f31624321df41
[template-nginx-eventsource-slave-virtualhost] [template-nginx-eventsource-slave-virtualhost]
filename = templates/nginx-eventsource-slave.conf.in _update_hash_filename_ = templates/nginx-eventsource-slave.conf.in
md5sum = 217a6c801b8330b0b825f7b8b4c77184 md5sum = 217a6c801b8330b0b825f7b8b4c77184
[template-caddy-lazy-script-call] [template-caddy-lazy-script-call]
filename = templates/apache-lazy-script-call.sh.in _update_hash_filename_ = templates/apache-lazy-script-call.sh.in
md5sum = b9f73f6323f9fceea054c46c854d2862 md5sum = b9f73f6323f9fceea054c46c854d2862
[template-graceful-script] [template-graceful-script]
filename = templates/graceful-script.sh.in _update_hash_filename_ = templates/graceful-script.sh.in
md5sum = 061cc244558fd3af2b6bacf17cae5555 md5sum = 061cc244558fd3af2b6bacf17cae5555
[template-validate-script] [template-validate-script]
filename = templates/validate-script.sh.in _update_hash_filename_ = templates/validate-script.sh.in
md5sum = f26e11574f266c7437c9c89e3c93825a md5sum = f26e11574f266c7437c9c89e3c93825a
[template-configuration-state-script] [template-configuration-state-script]
filename = templates/configuration-state-script.sh.in _update_hash_filename_ = templates/configuration-state-script.sh.in
md5sum = 4d2537d2698d32a7e909989f8778d144 md5sum = 4d2537d2698d32a7e909989f8778d144
[template-rotate-script] [template-rotate-script]
filename = templates/rotate-script.sh.in _update_hash_filename_ = templates/rotate-script.sh.in
md5sum = 8c150e1e6c993708d31936742f3a7302 md5sum = 8c150e1e6c993708d31936742f3a7302
[caddyprofiledeps-setup] [caddyprofiledeps-setup]
......
...@@ -119,15 +119,10 @@ template_default_slave_virtualhost = ${template-default-slave-virtualhost:target ...@@ -119,15 +119,10 @@ template_default_slave_virtualhost = ${template-default-slave-virtualhost:target
template_empty = ${template-empty:target} template_empty = ${template-empty:target}
template_log_access = ${template-log-access:target} template_log_access = ${template-log-access:target}
template_not_found_html = ${template-not-found-html:target} template_not_found_html = ${template-not-found-html:target}
template_slave_configuration = ${template-slave-configuration:target}
template_slave_list = ${template-slave-list:target} template_slave_list = ${template-slave-list:target}
template_trafficserver_records_config = ${template-trafficserver-records-config:location} template_trafficserver_records_config = ${template-trafficserver-records-config:target}
template_trafficserver_records_config_filename = ${template-trafficserver-records-config:filename} template_trafficserver_storage_config = ${template-trafficserver-storage-config:target}
template_trafficserver_records_config_location = ${template-trafficserver-records-config:location} template_trafficserver_logging_config = ${template-trafficserver-logging-config:target}
template_trafficserver_storage_config_filename = ${template-trafficserver-storage-config:filename}
template_trafficserver_storage_config_location = ${template-trafficserver-storage-config:location}
template_trafficserver_logging_config_filename = ${template-trafficserver-logging-config:filename}
template_trafficserver_logging_config_location = ${template-trafficserver-logging-config:location}
template_wrapper = ${template-wrapper:output} template_wrapper = ${template-wrapper:output}
[template] [template]
...@@ -155,8 +150,7 @@ mode = 0644 ...@@ -155,8 +150,7 @@ mode = 0644
[caddy-backend-url-validator] [caddy-backend-url-validator]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/templates/${:filename} url = ${:_profile_base_location_}/${:filename}
filename = caddy-backend-url-validator.in
output = ${buildout:directory}/caddy-backend-url-validator output = ${buildout:directory}/caddy-backend-url-validator
mode = 0750 mode = 0750
...@@ -172,44 +166,32 @@ mode = 0644 ...@@ -172,44 +166,32 @@ mode = 0644
[download-template] [download-template]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/${:filename} url = ${:_profile_base_location_}/${:_update_hash_filename_}
mode = 640 mode = 640
[template-slave-list] [template-slave-list]
<=download-template <=download-template
filename = apache-custom-slave-list.cfg.in
[template-slave-configuration]
<=download-template
filename = custom-virtualhost.conf.in
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
<=download-template <=download-template
filename = replicate-publish-slave-information.cfg.in
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
<=download-template <=download-template
filename = Caddyfile.in
[template-not-found-html] [template-not-found-html]
<=download-template <=download-template
filename = notfound.html
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
<=download-template <=download-template
filename = default-virtualhost.conf.in
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
<=download-template <=download-template
filename = cached-virtualhost.conf.in
[template-log-access] [template-log-access]
<=download-template <=download-template
filename = template-log-access.conf.in
[template-empty] [template-empty]
<=download-template <=download-template
filename = empty.in
[template-wrapper] [template-wrapper]
recipe = slapos.recipe.template recipe = slapos.recipe.template
...@@ -219,35 +201,24 @@ mode = 0644 ...@@ -219,35 +201,24 @@ mode = 0644
[template-trafficserver-records-config] [template-trafficserver-records-config]
<=download-template <=download-template
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
filename = records.config.jinja2
[template-trafficserver-storage-config] [template-trafficserver-storage-config]
<=download-template <=download-template
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
filename = storage.config.jinja2
[template-trafficserver-logging-config] [template-trafficserver-logging-config]
<=download-template <=download-template
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
filename = logging.config.jinja2
[template-rotate-script] [template-rotate-script]
<=download-template <=download-template
filename = rotate-script.sh.in
[template-caddy-lazy-script-call] [template-caddy-lazy-script-call]
<=download-template <=download-template
filename = apache-lazy-script-call.sh.in
[template-graceful-script] [template-graceful-script]
<=download-template <=download-template
filename = graceful-script.sh.in
[template-validate-script] [template-validate-script]
<=download-template <=download-template
filename = validate-script.sh.in
[template-configuration-state-script] [template-configuration-state-script]
<=download-template <=download-template
filename = configuration-state-script.sh.in
...@@ -15,7 +15,6 @@ parts = ...@@ -15,7 +15,6 @@ parts =
caucase-updater caucase-updater
caucase-updater-promise caucase-updater-promise
frontend-caddy-graceful frontend-caddy-graceful
not-found-html
port-redirection port-redirection
promise-frontend-caddy-configuration promise-frontend-caddy-configuration
promise-caddy-frontend-v4-https promise-caddy-frontend-v4-https
...@@ -147,7 +146,6 @@ context = ...@@ -147,7 +146,6 @@ context =
[software-release-path] [software-release-path]
template-empty = {{ parameter_dict['template_empty'] }} template-empty = {{ parameter_dict['template_empty'] }}
template-slave-configuration = {{ parameter_dict['template_slave_configuration'] }}
template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }} template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }}
template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }} template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }}
caddy-location = {{ parameter_dict['caddy_location'] }} caddy-location = {{ parameter_dict['caddy_location'] }}
...@@ -249,7 +247,6 @@ extra-context = ...@@ -249,7 +247,6 @@ extra-context =
key local_ipv6 :local_ipv6 key local_ipv6 :local_ipv6
key global_ipv6 slap-network-information:global-ipv6 key global_ipv6 slap-network-information:global-ipv6
key empty_template software-release-path:template-empty key empty_template software-release-path:template-empty
key template_custom_slave_configuration software-release-path:template-slave-configuration
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost
key software_type :software_type key software_type :software_type
...@@ -278,19 +275,6 @@ extra-context = ...@@ -278,19 +275,6 @@ extra-context =
key apache_certificate apache-certificate:rendered key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
[dynamic-virtualhost-template-slave]
<= jinja2-template-base
template = {{ parameter_dict['template_slave_configuration'] }}
rendered = ${directory:template}/slave-virtualhost.conf.in
# BBB: apache_custom_https and apache_custom_http
extra-context =
key https_port configuration:port
key http_port configuration:plain_http_port
key apache_custom_https configuration:apache_custom_https
key apache_custom_http configuration:apache_custom_http
key caddy_custom_https configuration:caddy_custom_https
key caddy_custom_http configuration:caddy_custom_http
# Deploy Caddy Frontend with Jinja power # Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template] [dynamic-caddy-frontend-template]
< = jinja2-template-base < = jinja2-template-base
...@@ -334,9 +318,6 @@ template = inline: ...@@ -334,9 +318,6 @@ template = inline:
-http2=false \ -http2=false \
{% else %} {% else %}
-http2=true \ -http2=true \
{% endif %}
{% if instance_parameter['configuration.enable-quic'].lower() in TRUE_VALUES %}
-quic \
{% endif %} {% endif %}
-grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s \ -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s \
-disable-http-challenge \ -disable-http-challenge \
...@@ -353,10 +334,10 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -353,10 +334,10 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
hash-files = ${caddy-wrapper:rendered} hash-files = ${caddy-wrapper:rendered}
[not-found-html] [not-found-html]
recipe = slapos.cookbook:symbolic.link recipe = plone.recipe.command
target-directory = ${caddy-directory:document-root} update-command = ${:command}
link-binary = filename = notfound.html
{{ parameter_dict['template_not_found_html'] }} command = ln -sf {{ parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename}
[caddy-directory] [caddy-directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
...@@ -377,7 +358,7 @@ access-log = ${directory:log}/frontend-access.log ...@@ -377,7 +358,7 @@ access-log = ${directory:log}/frontend-access.log
error-log = ${directory:log}/frontend-error.log error-log = ${directory:log}/frontend-error.log
pid-file = ${directory:run}/httpd.pid pid-file = ${directory:run}/httpd.pid
frontend-graceful-command = ${frontend-caddy-validate:rendered} && kill -USR1 $(cat ${:pid-file}) frontend-graceful-command = ${frontend-caddy-validate:rendered} && kill -USR1 $(cat ${:pid-file})
not-found-file = ${caddy-directory:document-root}/notfound.html not-found-file = ${caddy-directory:document-root}/${not-found-html:filename}
master-certificate = ${caddy-directory:master-autocert-dir}/master.pem master-certificate = ${caddy-directory:master-autocert-dir}/master.pem
# Communication with ATS # Communication with ATS
cache-port = ${trafficserver-variable:input-port} cache-port = ${trafficserver-variable:input-port}
...@@ -478,19 +459,19 @@ context = ...@@ -478,19 +459,19 @@ context =
[trafficserver-records-config] [trafficserver-records-config]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_records_config_location'] }}/{{ parameter_dict['template_trafficserver_records_config_filename'] }} template = {{ parameter_dict['template_trafficserver_records_config'] }}
filename = records.config filename = records.config
extra-context = extra-context =
import os_module os import os_module os
[trafficserver-storage-config] [trafficserver-storage-config]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_storage_config_location'] }}/{{ parameter_dict['template_trafficserver_storage_config_filename'] }} template = {{ parameter_dict['template_trafficserver_storage_config'] }}
filename = storage.config filename = storage.config
[trafficserver-logging-config] [trafficserver-logging-config]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_logging_config_location'] }}/{{ parameter_dict['template_trafficserver_logging_config_filename'] }} template = {{ parameter_dict['template_trafficserver_logging_config'] }}
filename = logging.config filename = logging.config
[trafficserver-remap-config] [trafficserver-remap-config]
......
...@@ -78,13 +78,12 @@ context = ...@@ -78,13 +78,12 @@ context =
}) %} }) %}
{% endfor %} {% endfor %}
{% set authorized_slave_string_list = slapparameter_dict.pop('-frontend-authorized-slave-string', '').split() %} {% set authorized_slave_string_list = [] %}
{% set authorized_slave_list = [] %} {% set authorized_slave_list = [] %}
{% set rejected_slave_dict = {} %} {% set rejected_slave_dict = {} %}
{% set rejected_slave_title_dict = {} %} {% set rejected_slave_title_dict = {} %}
{% set warning_slave_dict = {} %} {% set warning_slave_dict = {} %}
{% set used_host_list = [] %} {% set used_host_list = [] %}
{% set unauthorized_message = 'slave not authorized' %}
{% for slave in sorted(slave_instance_list) %} {% for slave in sorted(slave_instance_list) %}
{% set slave_error_list = [] %} {% set slave_error_list = [] %}
{% set slave_warning_list = [] %} {% set slave_warning_list = [] %}
...@@ -104,7 +103,6 @@ context = ...@@ -104,7 +103,6 @@ context =
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{# BBB: apache_custom_https AND apache_custom_http #}
{% set custom_domain = slave.get('custom_domain') %} {% set custom_domain = slave.get('custom_domain') %}
{% if custom_domain and custom_domain in used_host_list %} {% if custom_domain and custom_domain in used_host_list %}
{% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %} {% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %}
...@@ -133,15 +131,6 @@ context = ...@@ -133,15 +131,6 @@ context =
{% endfor %} {% endfor %}
{% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %} {% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %}
{% endif %} {% endif %}
{% for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %}
{% if slave.get(key) %}
{% if not slave.get('slave_reference') in authorized_slave_string_list %}
{% if not unauthorized_message in slave_error_list %}
{% do slave_error_list.append(unauthorized_message) %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %} {# for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] #}
{% if slave.get('url') %} {% if slave.get('url') %}
{% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1 %} {% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1 %}
{% do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %} {% do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %}
......
{ {
"$schema": "http://json-schema.org/draft-04/schema", "$schema": "http://json-schema.org/draft-04/schema",
"properties": { "properties": {
"-frontend-authorized-slave-string": {
"description": "List of SOFTINST-XXX of Slaves, separated by space which is allowed to use custom configuration.",
"title": "Authorized Slave String",
"type": "string"
},
"-frontend-quantity": { "-frontend-quantity": {
"description": "Quantity of Frontends Replicate.", "description": "Quantity of Frontends Replicate.",
"title": "Frontend Replication Quantity", "title": "Frontend Replication Quantity",
...@@ -71,16 +66,6 @@ ...@@ -71,16 +66,6 @@
"title": "Test Verification URL", "title": "Test Verification URL",
"type": "string" "type": "string"
}, },
"enable-quic": {
"default": "false",
"description": "Enables QUIC - Quick UDP Internet Connections. Note that this is experimental feature, thus can result in undefined behaviour. Warning: Changing the parameter will result in restarting Caddy process.",
"enum": [
"true",
"false"
],
"title": "Enable QUIC",
"type": "string"
},
"proxy-try-duration": { "proxy-try-duration": {
"default": 5, "default": 5,
"description": "A time during which Caddy will try to establish connection with a backend. Setting it to 0 will result with immediate return of 502 EOF error to the browser, even if it would be possible to (re)connect to the backend during few moments. More info in https://caddyserver.com/docs/proxy try_durtion.", "description": "A time during which Caddy will try to establish connection with a backend. Setting it to 0 will result with immediate return of 502 EOF error to the browser, even if it would be possible to (re)connect to the backend during few moments. More info in https://caddyserver.com/docs/proxy try_durtion.",
......
...@@ -53,20 +53,6 @@ ...@@ -53,20 +53,6 @@
"title": "HTTPS Only", "title": "HTTPS Only",
"type": "string" "type": "string"
}, },
"caddy_custom_http": {
"default": "",
"description": "Raw http configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
"textarea": true,
"title": "HTTP configuration",
"type": "string"
},
"caddy_custom_https": {
"default": "",
"description": "Raw https configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
"textarea": true,
"title": "HTTPS configuration",
"type": "string"
},
"default-path": { "default-path": {
"default": "", "default": "",
"description": "Provide default path to redirect user to when user access / (the site root)", "description": "Provide default path to redirect user to when user access / (the site root)",
...@@ -153,12 +139,6 @@ ...@@ -153,12 +139,6 @@
"title": "Prefer gzip Encoding for Backend", "title": "Prefer gzip Encoding for Backend",
"type": "string" "type": "string"
}, },
"re6st-optimal-test": {
"default": "",
"description": "IPv6 and IPv6 Address for the frontend test if re6st is on the optimal status (use ipv6,ipv4)",
"title": "IPv6 and IPv4 Address to test Re6st",
"type": "string"
},
"server-alias": { "server-alias": {
"default": "", "default": "",
"description": "Server Alias List separated by space", "description": "Server Alias List separated by space",
......
...@@ -103,11 +103,6 @@ configuration.nginx_port = 9443 ...@@ -103,11 +103,6 @@ configuration.nginx_port = 9443
configuration.kedifa_port = 7879 configuration.kedifa_port = 7879
# Warning: Caucase takes also cacuase_port+1 # Warning: Caucase takes also cacuase_port+1
configuration.caucase_port = 8890 configuration.caucase_port = 8890
# BBB: apache_custom_https and apache_custom_http
configuration.apache_custom_https = ""
configuration.apache_custom_http = ""
configuration.caddy_custom_https = ""
configuration.caddy_custom_http = ""
configuration.apache-key = configuration.apache-key =
configuration.apache-certificate = configuration.apache-certificate =
configuration.open-port = 80 443 configuration.open-port = 80 443
...@@ -120,7 +115,6 @@ configuration.enable-http2-by-default = true ...@@ -120,7 +115,6 @@ configuration.enable-http2-by-default = true
configuration.global-disable-http2 = false configuration.global-disable-http2 = false
configuration.ciphers = configuration.ciphers =
configuration.request-timeout = 600 configuration.request-timeout = 600
configuration.enable-quic = false
configuration.mpm-graceful-shutdown-timeout = 5 configuration.mpm-graceful-shutdown-timeout = 5
configuration.frontend-name = configuration.frontend-name =
configuration.proxy-try-duration = 5 configuration.proxy-try-duration = 5
......
...@@ -22,7 +22,10 @@ ...@@ -22,7 +22,10 @@
try_duration {{ slave_parameter['proxy_try_duration'] }}s try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent header_upstream Host {host}
{# header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
header_upstream -X-Forwarded-For-Real
timeout {{ slave_parameter['request_timeout'] }}s timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %} {%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
...@@ -47,7 +50,10 @@ ...@@ -47,7 +50,10 @@
proxy / {{ slave_parameter.get('https_backend_url', '') }} { proxy / {{ slave_parameter.get('https_backend_url', '') }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent header_upstream Host {host}
{# header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
header_upstream -X-Forwarded-For-Real
timeout {{ slave_parameter['request_timeout'] }}s timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %} {%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
......
{{ slave_parameter.get('caddy_custom_https', '') }}
{{ slave_parameter.get('caddy_custom_http', '') }}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set enable_cache = slave_parameter.get('enable_cache', '').lower() in TRUE_VALUES %}
{%- set disable_no_cache_header = slave_parameter.get('disable-no-cache-request', '').lower() in TRUE_VALUES %} {%- set disable_no_cache_header = slave_parameter.get('disable-no-cache-request', '').lower() in TRUE_VALUES %}
{%- set disable_via_header = slave_parameter.get('disable-via-header', '').lower() in TRUE_VALUES %} {%- set disable_via_header = slave_parameter.get('disable-via-header', '').lower() in TRUE_VALUES %}
{%- set prefer_gzip = slave_parameter.get('prefer-gzip-encoding-to-backend', '').lower() in TRUE_VALUES %} {%- set prefer_gzip = slave_parameter.get('prefer-gzip-encoding-to-backend', '').lower() in TRUE_VALUES %}
...@@ -39,6 +40,25 @@ ...@@ -39,6 +40,25 @@
{%- set enable_h2 = False %} {%- set enable_h2 = False %}
{%- endif %} {%- endif %}
{%- macro proxy_header() %}
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
# force reset of X-Forwarded-For
header_upstream X-Forwarded-For {remote}
{%- if enable_cache %}
# provide a header for other components
header_upstream X-Forwarded-For-Real {remote}
{%- endif %}
{%- endmacro %} {# proxy_header #}
{%- for tls in [True, False] %} {%- for tls in [True, False] %}
{%- if tls %} {%- if tls %}
{%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')).rstrip('/') %} {%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')).rstrip('/') %}
...@@ -102,8 +122,7 @@ ...@@ -102,8 +122,7 @@
{%- for (proxy_name, proxy_comment) in proxy_append_list %} {%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }} # {{ proxy_comment }}
proxy /{{ proxy_name }} {{ backend_url }} { proxy /{{ proxy_name }} {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
{%- if proxy_name == 'prefer-gzip' %} {%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip without /prefer-gzip
header_upstream Accept-Encoding gzip header_upstream Accept-Encoding gzip
...@@ -122,14 +141,6 @@ ...@@ -122,14 +141,6 @@
header_upstream -Pragma header_upstream -Pragma
{%- endif %} {#- if disable_no_cache_header #} {%- endif %} {#- if disable_no_cache_header #}
transparent transparent
timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
} {# proxy #} } {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #} {%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- if default_path %} {%- if default_path %}
...@@ -174,54 +185,43 @@ ...@@ -174,54 +185,43 @@
} {# redir #} } {# redir #}
{%- elif slave_type == 'notebook' %} {%- elif slave_type == 'notebook' %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent transparent
insecure_skip_verify
} }
rewrite { rewrite {
regexp "/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/?" regexp "/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/?"
to /proxy/{1} to /proxy/{1}
} }
proxy /proxy/ {{ backend_url }} { proxy /proxy/ {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms transparent
header_upstream X-Real-IP {remote}
header_upstream Host {host}
websocket websocket
without /proxy/ without /proxy/
insecure_skip_verify
} }
{%- elif slave_type == 'websocket' %} {%- elif slave_type == 'websocket' %}
{%- if websocket_path_list %} {%- if websocket_path_list %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
{%- if websocket_transparent %} {%- if websocket_transparent %}
transparent transparent
{%- endif %} {%- endif %}
insecure_skip_verify
} }
{%- for websocket_path in websocket_path_list %} {%- for websocket_path in websocket_path_list %}
proxy /{{ websocket_path }} {{ backend_url }} { proxy /{{ websocket_path }} {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
websocket websocket
{%- if websocket_transparent %} {%- if websocket_transparent %}
transparent transparent
{%- endif %} {%- endif %}
insecure_skip_verify
} }
{%- endfor %} {%- endfor %}
{%- else %} {%- else %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
websocket websocket
{%- if websocket_transparent %} {%- if websocket_transparent %}
transparent transparent
{%- endif %} {%- endif %}
insecure_skip_verify
} }
{%- endif %} {%- endif %}
{%- else %} {#- if slave_type == 'zope' and backend_url #} {%- else %} {#- if slave_type == 'zope' and backend_url #}
...@@ -237,8 +237,7 @@ ...@@ -237,8 +237,7 @@
{%- for (proxy_name, proxy_comment) in proxy_append_list %} {%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }} # {{ proxy_comment }}
proxy /{{ proxy_name }} {{ backend_url }} { proxy /{{ proxy_name }} {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
{%- if proxy_name == 'prefer-gzip' %} {%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip without /prefer-gzip
header_upstream Accept-Encoding gzip header_upstream Accept-Encoding gzip
...@@ -257,14 +256,6 @@ ...@@ -257,14 +256,6 @@
header_upstream -Pragma header_upstream -Pragma
{%- endif %} {#- if disable_no_cache_header #} {%- endif %} {#- if disable_no_cache_header #}
transparent transparent
timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
} {# proxy #} } {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #} {%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- endif %} {#- if backend_url #} {%- endif %} {#- if backend_url #}
......
...@@ -27,6 +27,14 @@ CONFIG proxy.config.http.cache.open_write_fail_action INT 2 ...@@ -27,6 +27,14 @@ CONFIG proxy.config.http.cache.open_write_fail_action INT 2
CONFIG proxy.config.body_factory.template_sets_dir STRING {{ ats_configuration['templates-dir'] }} CONFIG proxy.config.body_factory.template_sets_dir STRING {{ ats_configuration['templates-dir'] }}
# Support stale-if-error by returning cached content on backend 5xx or unavailability # Support stale-if-error by returning cached content on backend 5xx or unavailability
CONFIG proxy.config.http.negative_revalidating_enabled INT 1 CONFIG proxy.config.http.negative_revalidating_enabled INT 1
##############################################################################
# Proxy users variables. Docs:
# https://docs.trafficserver.apache.org/records.config#proxy-user-variables
##############################################################################
# Do not modify headers, as it needlessly pollutes information
CONFIG proxy.config.http.insert_client_ip INT 0
CONFIG proxy.config.http.insert_squid_x_forwarded_for INT 0
############################################################################## ##############################################################################
# Thread configurations. Docs: # Thread configurations. Docs:
...@@ -98,13 +106,6 @@ CONFIG proxy.config.http.down_server.abort_threshold INT 10 ...@@ -98,13 +106,6 @@ CONFIG proxy.config.http.down_server.abort_threshold INT 10
CONFIG proxy.config.http.negative_caching_enabled INT 0 CONFIG proxy.config.http.negative_caching_enabled INT 0
CONFIG proxy.config.http.negative_caching_lifetime INT 1800 CONFIG proxy.config.http.negative_caching_lifetime INT 1800
##############################################################################
# Proxy users variables. Docs:
# https://docs.trafficserver.apache.org/records.config#proxy-user-variables
##############################################################################
CONFIG proxy.config.http.insert_client_ip INT 1
CONFIG proxy.config.http.insert_squid_x_forwarded_for INT 1
############################################################################## ##############################################################################
# Security. Docs: # Security. Docs:
# https://docs.trafficserver.apache.org/records.config#security # https://docs.trafficserver.apache.org/records.config#security
......
...@@ -46,7 +46,6 @@ setup(name=name, ...@@ -46,7 +46,6 @@ setup(name=name,
# ipaddress is patching IPAddress so IPv6 in SSL certificates # ipaddress is patching IPAddress so IPv6 in SSL certificates
# match works # match works
'ipaddress >= 1.0.22', 'ipaddress >= 1.0.22',
'forcediphttpsadapter',
'requests-toolbelt', 'requests-toolbelt',
'supervisor', 'supervisor',
# caucase needed to connect to the KeDiFa caucase # caucase needed to connect to the KeDiFa caucase
......
This diff is collapsed.
...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log ...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_error_log T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_access_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_error_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_access_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_error_log
T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
...@@ -76,8 +72,6 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log ...@@ -76,8 +72,6 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_re6st-optimal-test_access_log
T-2/var/log/httpd/_re6st-optimal-test_error_log
T-2/var/log/httpd/_server-alias-duplicated_access_log T-2/var/log/httpd/_server-alias-duplicated_access_log
T-2/var/log/httpd/_server-alias-duplicated_error_log T-2/var/log/httpd/_server-alias-duplicated_error_log
T-2/var/log/httpd/_server-alias-wildcard_access_log T-2/var/log/httpd/_server-alias-wildcard_access_log
......
...@@ -27,7 +27,6 @@ T-2/etc/plugin/caddy_ssl_cached.py ...@@ -27,7 +27,6 @@ T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
T-2/etc/plugin/check-_re6st-optimal-test-re6st-optimal-test.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-caddy-configuration-promise.py
......
T-2/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test T-2/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test
T-2/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test T-2/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test
T-2/etc/monitor-promise/check-_re6st-optimal-test-re6st-optimal-test
...@@ -12,10 +12,6 @@ T-2/var/log/httpd/_monitor-ipv4-test-unsafe_access_log ...@@ -12,10 +12,6 @@ T-2/var/log/httpd/_monitor-ipv4-test-unsafe_access_log
T-2/var/log/httpd/_monitor-ipv4-test-unsafe_error_log T-2/var/log/httpd/_monitor-ipv4-test-unsafe_error_log
T-2/var/log/httpd/_monitor-ipv6-test-unsafe_access_log T-2/var/log/httpd/_monitor-ipv6-test-unsafe_access_log
T-2/var/log/httpd/_monitor-ipv6-test-unsafe_error_log T-2/var/log/httpd/_monitor-ipv6-test-unsafe_error_log
T-2/var/log/httpd/_re6st-optimal-test-nocomma_access_log
T-2/var/log/httpd/_re6st-optimal-test-nocomma_error_log
T-2/var/log/httpd/_re6st-optimal-test-unsafe_access_log
T-2/var/log/httpd/_re6st-optimal-test-unsafe_error_log
T-2/var/log/httpd/_server-alias-same_access_log T-2/var/log/httpd/_server-alias-same_access_log
T-2/var/log/httpd/_server-alias-same_error_log T-2/var/log/httpd/_server-alias-same_error_log
T-2/var/log/httpd/_virtualhostroot-http-port-unsafe_access_log T-2/var/log/httpd/_virtualhostroot-http-port-unsafe_access_log
......
T-2/etc/monitor-promise/check-_monitor-ipv4-test-unsafe-ipv4-packet-list-test T-2/etc/monitor-promise/check-_monitor-ipv4-test-unsafe-ipv4-packet-list-test
T-2/etc/monitor-promise/check-_monitor-ipv6-test-unsafe-ipv6-packet-list-test T-2/etc/monitor-promise/check-_monitor-ipv6-test-unsafe-ipv6-packet-list-test
T-2/etc/monitor-promise/check-_re6st-optimal-test-unsafe-re6st-optimal-test
...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log ...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_error_log T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_access_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_error_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_access_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_error_log
T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
...@@ -76,8 +72,6 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log ...@@ -76,8 +72,6 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_re6st-optimal-test_access_log
T-2/var/log/httpd/_re6st-optimal-test_error_log
T-2/var/log/httpd/_server-alias-duplicated_access_log T-2/var/log/httpd/_server-alias-duplicated_access_log
T-2/var/log/httpd/_server-alias-duplicated_error_log T-2/var/log/httpd/_server-alias-duplicated_error_log
T-2/var/log/httpd/_server-alias-wildcard_access_log T-2/var/log/httpd/_server-alias-wildcard_access_log
......
...@@ -27,7 +27,6 @@ T-2/etc/plugin/caddy_ssl_cached.py ...@@ -27,7 +27,6 @@ T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
T-2/etc/plugin/check-_re6st-optimal-test-re6st-optimal-test.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-caddy-configuration-promise.py
......
T-1/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test T-1/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test
T-1/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test T-1/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test
T-1/etc/monitor-promise/check-_re6st-optimal-test-re6st-optimal-test
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment