1. 21 Dec, 2020 1 commit
    • Jérome Perrin's avatar
      stack/erp5: restart zopes on configuration changes · 59745322
      Jérome Perrin authored
      We are using this pattern for most of our services since several
      months without any issue, so let's also use it for zopes. This
      makes automatic upgrade possible.
      
      Also remove "zope running current products" promise, since we
      restart we no longer need to check this.
      59745322
  2. 17 Dec, 2020 1 commit
  3. 16 Dec, 2020 1 commit
  4. 15 Dec, 2020 2 commits
  5. 14 Dec, 2020 2 commits
  6. 10 Dec, 2020 1 commit
  7. 09 Dec, 2020 3 commits
  8. 07 Dec, 2020 5 commits
    • Kirill Smelkov's avatar
      Move wendelin.core from Wendelin to ERP5 · 7f877621
      Kirill Smelkov authored
      We are starting to use wendelin.core not only in Wendelin context.
      So it makes sense to have it installed in base ERP5, like we already do for
      example for NumPy and SciPy.
      
      /reviewed-by @rafael, @jp
      /reviewed-on nexedi/slapos!874
      7f877621
    • Kirill Smelkov's avatar
      wendelin.core: Always use git checkout for both release and development version · ad34ff4a
      Kirill Smelkov authored
      Having only one section [wendelin.core] instead of [wendelin.core] and
      [wendelin.core-dev] is easier to handle in "we want to use such and such
      particular version" scenarious without deciding in advance whether an SR needs
      to inherit from wendelin/software.cfg or wendelin/software-dev.cfg
      
      /reviewed-on nexedi/slapos!874
      ad34ff4a
    • Jérome Perrin's avatar
      stack/erp5: socat wrapper to get haproxy stats · 82a249b6
      Jérome Perrin authored
      haproxy can be controlled with this socket, so it might be useful
      to "expose" it - it's not really expose because we only use a
      UNIX socket.
      82a249b6
    • Jérome Perrin's avatar
      stack/erp5: leave apachedex reports with wrong microsecond timing for now · 06ce6b17
      Jérome Perrin authored
      The apachedex reports when produced on backend will be wrong, because haproxy
      logs timings in milliseconds and apachedex parses as microsecond, but as far as
      I know we produce reports from frontend logs, so it should not really affect
      our operations.
      06ce6b17
    • Jérome Perrin's avatar
      stack/erp5: remove httpd and use haproxy instead · 6a8f58c5
      Jérome Perrin authored
      Two main differences of haproxy are file format for certificates and logs.
      
      HAProxy also uses certificates in PEM format, but it expect its own server
      certificate and the key to be in the same file (although recent version seems
      to accept separate files, we don't use this now) and the CRL and CA certificates
      also all together in the same file.
      We change to use the same file for certificate and key and for CA and CRL, in
      the updater script we we build PEM files by containing all CA certificates and
      all CRL together.
      Also, since haproxy needs to be reloaded when certificate change, we run it in
      master-worker mode, with a pid file so that we can signal it to reload.
      
      For the logs, since haproxy does not log to file, we introduce a rsyslogd to
      log to a file. The log format is same as with httpd, except that timing are not
      in microseconds but in milliseconds - this did not seem to be configurable.
      This is a problem for apachedex reports on log, for that we plan to use an
      updated version of apachedex with support for `%{ms}T` for durations.
      
      HAProxy is configured with same timeouts, except:
       - "connect" timeout has been increased a bit (from 5 to 10s), because the
         comment "The connection should be immediate on LAN" was no longer true, now
         that haproxy is accessed from frontend.
       - the server entries for testrunner are a very long timeout (8h) because some
         ERP5 functional tests exceeed the 305s timeout.
      
      The SSL configuration is with current "modern" config from https://ssl-config.mozilla.org/
      
      Tests have been modified a bit, because haproxy uses HTTP/2.0 and not 1.1
      like httpd was doing several haproxy features (keep alive and gzip
      compression) are only available when backend uses HTTP/1.1, so we adjusted
      tests to use a 1.1 backend.
      
      There was also differences with logs, because of the time being in milliseconds.
      
      TestPublishedURLIsReachableMixin._checkERP5IsReachable was also updated, it
      was working by chance because when accessed behind httpd->haproxy->zope, zope
      was producing a redirect URL that was the URL of haproxy, which could be
      resolved by chance. This test was updated to access zope with a path that
      contains VirtualHostMonster magic, as the shared frontend ( with "zope" software
      type) is supposed to set.
      
      This should hopefuly solve the "502 Proxy Error" that we are observing with httpd.
      6a8f58c5
  9. 04 Dec, 2020 1 commit
  10. 03 Dec, 2020 10 commits
  11. 02 Dec, 2020 11 commits
  12. 01 Dec, 2020 2 commits