Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
f7021142
Commit
f7021142
authored
Oct 15, 2020
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
caddy-frontend: Stabilise passed parameters to nodes
parent
49cce32f
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
245 additions
and
44 deletions
+245
-44
software/caddy-frontend/buildout.hash.cfg
software/caddy-frontend/buildout.hash.cfg
+1
-1
software/caddy-frontend/instance-apache-replicate.cfg.in
software/caddy-frontend/instance-apache-replicate.cfg.in
+34
-5
software/caddy-frontend/test/test.py
software/caddy-frontend/test/test.py
+210
-38
No files found.
software/caddy-frontend/buildout.hash.cfg
View file @
f7021142
...
...
@@ -26,7 +26,7 @@ md5sum = 91fce5ebea302e9c9ccc20c140b76608
[profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in
md5sum =
26b21124b898158c4f409a798eb253ad
md5sum =
ab85ee7bd22e559d87bb214bb22a0e9e
[profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
...
...
software/caddy-frontend/instance-apache-replicate.cfg.in
View file @
f7021142
...
...
@@ -5,6 +5,25 @@
{%- set SERVER_POLLUTED_KEY_LIST = ['connection-parameter-hash', 'timestamp', 'slave_title', 'slap_software_type'] -%}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %}
{#- Allow to pass only some parameters to frontend nodes #}
{%- set FRONTEND_NODE_PASSED_KEY_LIST = [
'plain_http_port',
'port',
'apache-certificate',
'apache-key',
'domain',
'enable-http2-by-default',
'global-disable-http2',
'mpm-graceful-shutdown-timeout',
'public-ipv4',
're6st-verification-url',
'backend-connect-timeout',
'backend-connect-retries',
'ciphers',
'request-timeout',
'authenticate-to-backend',
]
%}
{% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %}
{% set aibcc_enabled = slapparameter_dict.get('automatic-internal-backend-client-caucase-csr', 'true').lower() in TRUE_VALUES %}
{# Ports 8401, 8402 and 8410+1..N are reserved for monitor ports on various partitions #}
...
...
@@ -217,6 +236,13 @@ config-monitor-password = ${monitor-htpasswd:passwd}
software-type = {{frontend_type}}
return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate backend-haproxy-statistic-url
{#- Send only needed parameters to frontend nodes #}
{%- set base_node_configuration_dict = {} %}
{%- for key in FRONTEND_NODE_PASSED_KEY_LIST %}
{%- if key in slapparameter_dict %}
{%- do base_node_configuration_dict.__setitem__(key, slapparameter_dict[key]) %}
{%- endif %}
{%- endfor %}
{% for section, frontend_request in request_dict.iteritems() %}
{% set state = frontend_request.get('state', '') %}
[{{section}}]
...
...
@@ -233,12 +259,15 @@ config-master-key-download-url = ${request-kedifa:connection-master-key-download
config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
{# Do not send additional parameters for destroyed nodes #}
{% if state != 'destroyed' %}
{% set
slave_configuration_dict = slapparameter_dict
%}
{% do
slav
e_configuration_dict.update(frontend_request.get('config')) %}
{% set
node_configuration_dict = {}
%}
{% do
nod
e_configuration_dict.update(frontend_request.get('config')) %}
{# sort_keys are important in order to avoid shuffling parameters on each run #}
{% do slave_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %}
{% do slave_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
{%- for config_key, config_value in slave_configuration_dict.iteritems() %}
{% do node_configuration_dict.__setitem__(slave_list_name, json_module.dumps(authorized_slave_list, sort_keys=True)) %}
{% do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
{%- for config_key, config_value in node_configuration_dict.iteritems() %}
config-{{ config_key }} = {{ dumps(config_value) }}
{% endfor -%}
{%- for config_key, config_value in base_node_configuration_dict.iteritems() %}
config-{{ config_key }} = {{ dumps(config_value) }}
{% endfor -%}
{% endif %}
...
...
software/caddy-frontend/test/test.py
View file @
f7021142
...
...
@@ -48,7 +48,6 @@ from slapos.recipe.librecipe import generateHashFromFiles
import
xml.etree.ElementTree
as
ET
import
urlparse
import
socket
import
sqlite3
try
:
...
...
@@ -6790,14 +6789,34 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
def
test
(
self
):
self
.
instance_parameter_dict
.
update
({
# master partition parameters
'-frontend-quantity'
:
3
,
'-sla-2-computer_guid'
:
self
.
slap
.
_computer_id
,
'-sla-3-computer_guid'
:
self
.
slap
.
_computer_id
,
'-frontend-2-state'
:
'stopped'
,
'-frontend-2-software-release-url'
:
self
.
frontend_2_sr
,
'-sla-3-computer_guid'
:
self
.
slap
.
_computer_id
,
'-frontend-3-state'
:
'stopped'
,
'-frontend-3-software-release-url'
:
self
.
frontend_3_sr
,
'-kedifa-software-release-url'
:
self
.
kedifa_sr
,
'automatic-internal-kedifa-caucase-csr'
:
False
,
'automatic-internal-backend-client-caucase-csr'
:
False
,
# all nodes partition parameters
'apache-certificate'
:
self
.
certificate_pem
,
'apache-key'
:
self
.
key_pem
,
'domain'
:
'example.com'
,
'enable-http2-by-default'
:
True
,
'global-disable-http2'
:
True
,
'mpm-graceful-shutdown-timeout'
:
2
,
'public-ipv4'
:
'255.255.255.255'
,
're6st-verification-url'
:
're6st-verification-url'
,
'backend-connect-timeout'
:
2
,
'backend-connect-retries'
:
1
,
'ciphers'
:
'ciphers'
,
'request-timeout'
:
100
,
'authenticate-to-backend'
:
True
,
# specific parameters
'-frontend-config-1-ram-cache-size'
:
'512K'
,
'-frontend-config-2-ram-cache-size'
:
'256K'
,
})
# re-request instance with updated parameters
...
...
@@ -6809,43 +6828,196 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
except
Exception
:
pass
# inspect slapproxy, that the master correctly requested other partitions
sqlitedb_file
=
os
.
path
.
join
(
os
.
path
.
abspath
(
os
.
path
.
join
(
self
.
slap
.
instance_directory
,
os
.
pardir
)
),
'var'
,
'proxy.db'
)
connection
=
sqlite3
.
connect
(
sqlitedb_file
)
def
dict_factory
(
cursor
,
row
):
d
=
{}
for
idx
,
col
in
enumerate
(
cursor
.
description
):
d
[
col
[
0
]]
=
row
[
idx
]
return
d
connection
.
row_factory
=
dict_factory
cursor
=
connection
.
cursor
()
cursor
.
execute
(
"select partition_reference, software_release "
"from partition14 where slap_state='busy';"
)
requested_partition_information
=
cursor
.
fetchall
()
computer
=
self
.
slap
.
_slap
.
registerComputer
(
'local'
)
# state of parameters of all instances
partition_parameter_dict_dict
=
{}
for
partition
in
computer
.
getComputerPartitionList
():
if
partition
.
getState
()
==
'destroyed'
:
continue
parameter_dict
=
partition
.
getInstanceParameterDict
()
instance_title
=
parameter_dict
[
'instance_title'
]
if
'_'
in
parameter_dict
:
# "flatten" the instance parameter
parameter_dict
=
json
.
loads
(
parameter_dict
[
'_'
])
partition_parameter_dict_dict
[
instance_title
]
=
parameter_dict
parameter_dict
[
'X-software_release_url'
]
=
partition
.
getSoftwareRelease
().
getURI
()
base_software_url
=
self
.
getSoftwareURL
()
# drop some very varying parameters
def
assertKeyWithPop
(
d
,
k
):
self
.
assertIn
(
k
,
d
)
d
.
pop
(
k
)
assertKeyWithPop
(
partition_parameter_dict_dict
[
'caddy-frontend-1'
],
'master-key-download-url'
)
assertKeyWithPop
(
partition_parameter_dict_dict
[
'caddy-frontend-2'
],
'master-key-download-url'
)
assertKeyWithPop
(
partition_parameter_dict_dict
[
'caddy-frontend-3'
],
'master-key-download-url'
)
assertKeyWithPop
(
partition_parameter_dict_dict
[
'testing partition 0'
],
'timestamp'
)
assertKeyWithPop
(
partition_parameter_dict_dict
[
'testing partition 0'
],
'ip_list'
)
monitor_password
=
partition_parameter_dict_dict
[
'caddy-frontend-1'
].
pop
(
'monitor-password'
)
self
.
assertEqual
(
monitor_password
,
partition_parameter_dict_dict
[
'caddy-frontend-2'
].
pop
(
'monitor-password'
)
)
self
.
assertEqual
(
monitor_password
,
partition_parameter_dict_dict
[
'caddy-frontend-3'
].
pop
(
'monitor-password'
)
)
self
.
assertEqual
(
monitor_password
,
partition_parameter_dict_dict
[
'kedifa'
].
pop
(
'monitor-password'
)
)
backend_client_caucase_url
=
u'http://[%s]:8990'
%
(
self
.
_ipv6_address
,)
kedifa_caucase_url
=
u'http://[%s]:15090'
%
(
self
.
_ipv6_address
,)
expected_partition_parameter_dict_dict
=
{
'caddy-frontend-1'
:
{
'X-software_release_url'
:
base_software_url
,
u'apache-certificate'
:
unicode
(
self
.
certificate_pem
),
u'apache-key'
:
unicode
(
self
.
key_pem
),
u'authenticate-to-backend'
:
u'True'
,
u'backend-client-caucase-url'
:
backend_client_caucase_url
,
u'backend-connect-retries'
:
u'1'
,
u'backend-connect-timeout'
:
u'2'
,
u'ciphers'
:
u'ciphers'
,
u'cluster-identification'
:
u'testing partition 0'
,
u'domain'
:
u'example.com'
,
u'enable-http2-by-default'
:
u'True'
,
u'extra_slave_instance_list'
:
u'[]'
,
u'frontend-name'
:
u'caddy-frontend-1'
,
u'global-disable-http2'
:
u'True'
,
u'kedifa-caucase-url'
:
kedifa_caucase_url
,
u'monitor-cors-domains'
:
u'monitor.app.officejs.com'
,
u'monitor-httpd-port'
:
8411
,
u'monitor-username'
:
u'admin'
,
u'mpm-graceful-shutdown-timeout'
:
u'2'
,
u'plain_http_port'
:
'11080'
,
u'port'
:
'11443'
,
u'public-ipv4'
:
u'255.255.255.255'
,
u'ram-cache-size'
:
u'512K'
,
u're6st-verification-url'
:
u're6st-verification-url'
,
u'request-timeout'
:
u'100'
,
u'slave-kedifa-information'
:
u'{}'
},
'caddy-frontend-2'
:
{
'X-software_release_url'
:
self
.
frontend_2_sr
,
u'apache-certificate'
:
unicode
(
self
.
certificate_pem
),
u'apache-key'
:
unicode
(
self
.
key_pem
),
u'authenticate-to-backend'
:
u'True'
,
u'backend-client-caucase-url'
:
backend_client_caucase_url
,
u'backend-connect-retries'
:
u'1'
,
u'backend-connect-timeout'
:
u'2'
,
u'ciphers'
:
u'ciphers'
,
u'cluster-identification'
:
u'testing partition 0'
,
u'domain'
:
u'example.com'
,
u'enable-http2-by-default'
:
u'True'
,
u'extra_slave_instance_list'
:
u'[]'
,
u'frontend-name'
:
u'caddy-frontend-2'
,
u'global-disable-http2'
:
u'True'
,
u'kedifa-caucase-url'
:
kedifa_caucase_url
,
u'monitor-cors-domains'
:
u'monitor.app.officejs.com'
,
u'monitor-httpd-port'
:
8412
,
u'monitor-username'
:
u'admin'
,
u'mpm-graceful-shutdown-timeout'
:
u'2'
,
u'plain_http_port'
:
u'11080'
,
u'port'
:
u'11443'
,
u'public-ipv4'
:
u'255.255.255.255'
,
u'ram-cache-size'
:
u'256K'
,
u're6st-verification-url'
:
u're6st-verification-url'
,
u'request-timeout'
:
u'100'
,
u'slave-kedifa-information'
:
u'{}'
},
'caddy-frontend-3'
:
{
'X-software_release_url'
:
self
.
frontend_3_sr
,
u'apache-certificate'
:
unicode
(
self
.
certificate_pem
),
u'apache-key'
:
unicode
(
self
.
key_pem
),
u'authenticate-to-backend'
:
u'True'
,
u'backend-client-caucase-url'
:
backend_client_caucase_url
,
u'backend-connect-retries'
:
u'1'
,
u'backend-connect-timeout'
:
u'2'
,
u'ciphers'
:
u'ciphers'
,
u'cluster-identification'
:
u'testing partition 0'
,
u'domain'
:
u'example.com'
,
u'enable-http2-by-default'
:
u'True'
,
u'extra_slave_instance_list'
:
u'[]'
,
u'frontend-name'
:
u'caddy-frontend-3'
,
u'global-disable-http2'
:
u'True'
,
u'kedifa-caucase-url'
:
kedifa_caucase_url
,
u'monitor-cors-domains'
:
u'monitor.app.officejs.com'
,
u'monitor-httpd-port'
:
8413
,
u'monitor-username'
:
u'admin'
,
u'mpm-graceful-shutdown-timeout'
:
u'2'
,
u'plain_http_port'
:
u'11080'
,
u'port'
:
u'11443'
,
u'public-ipv4'
:
u'255.255.255.255'
,
u're6st-verification-url'
:
u're6st-verification-url'
,
u'request-timeout'
:
u'100'
,
u'slave-kedifa-information'
:
u'{}'
},
'kedifa'
:
{
'X-software_release_url'
:
self
.
kedifa_sr
,
u'caucase_port'
:
u'15090'
,
u'cluster-identification'
:
u'testing partition 0'
,
u'kedifa_port'
:
u'15080'
,
u'monitor-cors-domains'
:
u'monitor.app.officejs.com'
,
u'monitor-httpd-port'
:
u'8402'
,
u'monitor-username'
:
u'admin'
,
u'slave-list'
:
[]
},
'testing partition 0'
:
{
'-frontend-2-software-release-url'
:
self
.
frontend_2_sr
,
'-frontend-2-state'
:
'stopped'
,
'-frontend-3-software-release-url'
:
self
.
frontend_3_sr
,
'-frontend-3-state'
:
'stopped'
,
'-frontend-config-1-ram-cache-size'
:
'512K'
,
'-frontend-config-2-ram-cache-size'
:
'256K'
,
'-frontend-quantity'
:
'3'
,
'-kedifa-software-release-url'
:
self
.
kedifa_sr
,
'-sla-2-computer_guid'
:
'local'
,
'-sla-3-computer_guid'
:
'local'
,
'X-software_release_url'
:
base_software_url
,
'apache-certificate'
:
unicode
(
self
.
certificate_pem
),
'apache-key'
:
unicode
(
self
.
key_pem
),
'authenticate-to-backend'
:
'True'
,
'automatic-internal-backend-client-caucase-csr'
:
'False'
,
'automatic-internal-kedifa-caucase-csr'
:
'False'
,
'backend-connect-retries'
:
'1'
,
'backend-connect-timeout'
:
'2'
,
'caucase_port'
:
'15090'
,
'ciphers'
:
'ciphers'
,
'domain'
:
'example.com'
,
'enable-http2-by-default'
:
'True'
,
'full_address_list'
:
[],
'global-disable-http2'
:
'True'
,
'instance_title'
:
'testing partition 0'
,
'kedifa_port'
:
'15080'
,
'mpm-graceful-shutdown-timeout'
:
'2'
,
'plain_http_port'
:
'11080'
,
'port'
:
'11443'
,
'public-ipv4'
:
'255.255.255.255'
,
're6st-verification-url'
:
're6st-verification-url'
,
'request-timeout'
:
'100'
,
'root_instance_title'
:
'testing partition 0'
,
'slap_software_type'
:
'RootSoftwareInstance'
,
'slave_instance_list'
:
[]
}
}
self
.
assertEqual
(
requested_partition_information
,
[
{
'software_release'
:
base_software_url
,
'partition_reference'
:
'testing partition 0'
},
{
'software_release'
:
self
.
kedifa_sr
,
'partition_reference'
:
'kedifa'
},
# that one is base, as expected
{
'software_release'
:
base_software_url
,
'partition_reference'
:
'caddy-frontend-1'
},
{
'software_release'
:
self
.
frontend_2_sr
,
'partition_reference'
:
'caddy-frontend-2'
},
{
'software_release'
:
self
.
frontend_3_sr
,
'partition_reference'
:
'caddy-frontend-3'
}]
expected_partition_parameter_dict_dict
,
partition_parameter_dict_dict
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment