Skip to content

slapos
slapos
Commit 032443a4 authored by Łukasz Nowak's avatar Łukasz Nowak
Browse files
Options

XXX

parent 1d65ee00
Hide whitespace changes
Inline Side-by-side
Showing with 223 additions and 225 deletions
software/rapid-cdn/buildout.hash.cfg
View file @ 032443a4
...@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend] [profile-frontend]
filename = instance-frontend.cfg.in filename = instance-frontend.cfg.in
md5sum = 11c152cb4a23814051eed6d6bb836c00 md5sum = c6c24579eca6ff23bcea039ce47ee78c
[profile-master] [profile-master]
filename = instance-master.cfg.in filename = instance-master.cfg.in
md5sum = e161e544c64ace05eb4d2306d604153f md5sum = 7cd3e058355018eb18b85d6cdcc0d9d5
[profile-slave-list] [profile-slave-list]
filename = instance-slave-list.cfg.in filename = instance-slave-list.cfg.in
md5sum = 5ce5113f9fa2e6e7d393b4ae8fb10dcd md5sum = d88c16fb9e5adb0f40294573921eed72
[profile-master-publish-slave-information] [profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in filename = instance-master-publish-slave-information.cfg.in
md5sum = cba4d995962f7fbeae3f61c9372c4181 md5sum = 3923ad1a985520ff38cf133259078d89
[template-frontend-haproxy-configuration] [template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in _update_hash_filename_ = templates/frontend-haproxy.cfg.in
...@@ -102,7 +102,7 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a ...@@ -102,7 +102,7 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
[profile-kedifa] [profile-kedifa]
filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
md5sum = d6e28c1bdc971134b8de1b5b3e50c3b6 md5sum = 5533c2d153cce0f4ef2624df14fb60ac
[template-frontend-haproxy-rsyslogd-conf] [template-frontend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in _update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
......
software/rapid-cdn/instance-frontend.cfg.in
View file @ 032443a4
...@@ -190,7 +190,7 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output ...@@ -190,7 +190,7 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output
[frontend-configuration] [frontend-configuration]
ip-access-certificate = ${self-signed-ip-access:certificate} ip-access-certificate = ${self-signed-ip-access:certificate}
slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf
slave-introspection-https-port = ${configuration:slave-introspection-https-port} frontend-introspection-https-port = ${configuration:frontend-introspection-https-port}
slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access} slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access}
[self-signed-ip-access] [self-signed-ip-access]
...@@ -312,7 +312,7 @@ csr = ${caucase-updater-csr:csr} ...@@ -312,7 +312,7 @@ csr = ${caucase-updater-csr:csr}
crl = ${kedifa-login-config:crl} crl = ${kedifa-login-config:crl}
kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt
kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json
slave_kedifa_information = {{ dumps(instance_parameter_dict['configuration']['slave-kedifa-information']) }} slave_kedifa_information = {{ dumps(instance_parameter_dict['configuration']['frontend-kedifa-information']) }}
[backend-client-login-config] [backend-client-login-config]
d = ${directory:backend-client-dir} d = ${directory:backend-client-dir}
...@@ -359,8 +359,8 @@ stop-on-error = True ...@@ -359,8 +359,8 @@ stop-on-error = True
[dynamic-custom-personal-profile-slave-list] [dynamic-custom-personal-profile-slave-list]
< = jinja2-template-base < = jinja2-template-base
depends = ${software-py:recipe} depends = ${software-py:recipe}
url = {{ software_parameter_dict['profile_slave_list'] }} url = {{ software_parameter_dict['profile_frontend_list'] }}
filename = instance-slave-list.cfg filename = instance-frontend-list.cfg
master_key_download_url = {{ dumps(instance_parameter_dict['configuration']['master-key-download-url']) }} master_key_download_url = {{ dumps(instance_parameter_dict['configuration']['master-key-download-url']) }}
software_type = single-custom-personal software_type = single-custom-personal
organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }} organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }}
...@@ -1001,7 +1001,7 @@ recipe = slapos.cookbook:requestoptional ...@@ -1001,7 +1001,7 @@ recipe = slapos.cookbook:requestoptional
name = Slave Introspection Frontend {{ instance_parameter_dict['configuration']['frontend-name'] }} name = Slave Introspection Frontend {{ instance_parameter_dict['configuration']['frontend-name'] }}
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
shared = true shared = true
config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration']['slave-introspection-https-port'] }}/ config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration']['frontend-introspection-https-port'] }}/
config-https-only = true config-https-only = true
return = secure_access return = secure_access
...@@ -1088,7 +1088,7 @@ context = ...@@ -1088,7 +1088,7 @@ context =
promise = check_socket_listening promise = check_socket_listening
name = slave_introspection_https.py name = slave_introspection_https.py
config-host = {{ instance_parameter_dict['ipv6-random'] }} config-host = {{ instance_parameter_dict['ipv6-random'] }}
config-port = ${frontend-configuration:slave-introspection-https-port} config-port = ${frontend-configuration:frontend-introspection-https-port}
[logrotate-entry-slave-introspection] [logrotate-entry-slave-introspection]
<= logrotate-entry-base <= logrotate-entry-base
......
software/rapid-cdn/instance-kedifa.cfg.in
View file @ 032443a4
...@@ -13,7 +13,7 @@ parts = ...@@ -13,7 +13,7 @@ parts =
kedifa kedifa
logrotate-entry-kedifa logrotate-entry-kedifa
promise-kedifa-http-reply promise-kedifa-http-reply
slave-kedifa-information frontend-kedifa-information
caucased caucased
caucased-promise caucased-promise
caucase-updater caucase-updater
...@@ -248,16 +248,16 @@ command-line = {{ software_parameter_dict['kedifa'] }} ...@@ -248,16 +248,16 @@ command-line = {{ software_parameter_dict['kedifa'] }}
wrapper-path = ${directory:service}/kedifa wrapper-path = ${directory:service}/kedifa
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
# Publish KeDiFa configuration for upload and download for each slave # Publish KeDiFa configuration for upload and download for each frontend
{%- set slave_kedifa_information = {} -%} {%- set frontend_kedifa_information = {} -%}
{%- for slave in instance_parameter_dict['configuration']['slave-list'] -%} {%- for frontend in instance_parameter_dict['configuration']['frontend-list'] -%}
{%- set slave_reference = slave['slave_reference'] -%} {%- set slave_reference = frontend['slave_reference'] -%}
{%- set slave_dict = {} -%} {%- set frontend_dict = {} -%}
{%- do slave_dict.__setitem__('key-generate-auth-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}/generateauth' % (slave_reference,)) -%} {%- do frontend_dict.__setitem__('key-generate-auth-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}/generateauth' % (slave_reference,)) -%}
{%- do slave_dict.__setitem__('key-upload-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}?auth=' % (slave_reference,)) -%} {%- do frontend_dict.__setitem__('key-upload-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}?auth=' % (slave_reference,)) -%}
{%- do slave_dict.__setitem__('key-download-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}' % (slave_reference,)) -%} {%- do frontend_dict.__setitem__('key-download-url', 'https://[${kedifa-config:ip}]:${kedifa-config:port}/${%s-auth-random:passwd}' % (slave_reference,)) -%}
{%- do slave_dict.__setitem__('kedifa-caucase-url', caucase_url ) -%} {%- do frontend_dict.__setitem__('kedifa-caucase-url', caucase_url ) -%}
{%- do slave_kedifa_information.__setitem__(slave_reference, slave_dict) %} {%- do frontend_kedifa_information.__setitem__(slave_reference, frontend_dict) %}
[{{ slave_reference }}-auth-random-generate] [{{ slave_reference }}-auth-random-generate]
recipe = plone.recipe.command recipe = plone.recipe.command
file = ${directory:reservation}/${:_buildout_section_name_} file = ${directory:reservation}/${:_buildout_section_name_}
...@@ -279,7 +279,7 @@ command = ...@@ -279,7 +279,7 @@ command =
update-command = ${:command} update-command = ${:command}
[cleanup-auth-ready] [cleanup-auth-ready]
# Cleans auth-ready as some slaves can appear and be configured, but then # Cleans auth-ready as some frontends can appear and be configured, but then
# become removed before auth-random kicks in # become removed before auth-random kicks in
recipe = slapos.recipe.build recipe = slapos.recipe.build
directory = ${directory:auth-ready} directory = ${directory:auth-ready}
...@@ -310,10 +310,10 @@ init = ...@@ -310,10 +310,10 @@ init =
<= auth-random <= auth-random
file = ${master-auth-random-generate:file} file = ${master-auth-random-generate:file}
[slave-kedifa-information] [frontend-kedifa-information]
recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
slave-kedifa-information = {{ json_module.dumps(slave_kedifa_information, sort_keys=True) }} frontend-kedifa-information = {{ json_module.dumps(frontend_kedifa_information, sort_keys=True) }}
caucase-url = {{ caucase_url }} caucase-url = {{ caucase_url }}
master-key-generate-auth-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}/generateauth master-key-generate-auth-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}/generateauth
master-key-upload-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}?auth= master-key-upload-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}?auth=
......
software/rapid-cdn/instance-master-publish-slave-information.cfg.in
View file @ 032443a4
{% set part_list = [] %} {% set part_list = [] %}
{% set slave_information_dict = {} %} {% set frontend_information_dict = {} %}
# regroup slave information from all frontends # regroup frontend information from all frontend nodes
{% for frontend, slave_list_raw in slave_information.items() %} {% for frontend_node, frontend_list_raw in frontend_information.items() %}
{% if slave_list_raw %} {% if frontend_list_raw %}
{% set slave_list = json_module.loads(slave_list_raw) %} {% set frontend_list = json_module.loads(frontend_list_raw) %}
{% else %} {% else %}
{% set slave_list = [] %} {% set frontend_list = [] %}
{% endif %} {% endif %}
{% for slave_dict in slave_list %} {% for frontend_dict in frontend_list %}
{% set slave_reference = slave_dict.pop('slave-reference') %} {% set slave_reference = frontend_dict.pop('slave-reference') %}
{% set log_access_url = slave_dict.pop('log-access', '') %} {% set log_access_url = frontend_dict.pop('log-access', '') %}
{% set current_slave_dict = slave_information_dict.get(slave_reference, {}) %} {% set current_frontend_dict = frontend_information_dict.get(slave_reference, {}) %}
{% do current_slave_dict.update(slave_dict) %} {% do current_frontend_dict.update(frontend_dict) %}
{% set log_access_list = current_slave_dict.get('log-access-urls', []) %} {% set log_access_list = current_frontend_dict.get('log-access-urls', []) %}
{% do log_access_list.append( frontend + ': ' + log_access_url) %} {% do log_access_list.append( frontend_node + ': ' + log_access_url) %}
{% do current_slave_dict.__setitem__( {% do current_frontend_dict.__setitem__(
'log-access-urls', 'log-access-urls',
log_access_list log_access_list
) %} ) %}
{% do current_slave_dict.__setitem__( {% do current_frontend_dict.__setitem__(
'replication_number', 'replication_number',
current_slave_dict.get('replication_number', 0) + 1 current_frontend_dict.get('replication_number', 0) + 1
) %} ) %}
{% do slave_information_dict.__setitem__(slave_reference, current_slave_dict) %} {% do frontend_information_dict.__setitem__(slave_reference, current_frontend_dict) %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
{% for slave_reference, rejected_info_list in rejected_slave_information['rejected-slave-dict'].items() %} {% for slave_reference, rejected_info_list in rejected_frontend_information['rejected-frontend-dict'].items() %}
{% if slave_reference not in slave_information_dict %} {% if slave_reference not in frontend_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %} {% do frontend_information_dict.__setitem__(slave_reference, {}) %}
{% endif %} {% endif %}
{% do slave_information_dict[slave_reference].__setitem__('request-error-list', json_module.dumps(rejected_info_list)) %} {% do frontend_information_dict[slave_reference].__setitem__('request-error-list', json_module.dumps(rejected_info_list)) %}
{% endfor %} {% endfor %}
{% for slave_reference, warning_info_list in warning_slave_information['warning-slave-dict'].items() %} {% for slave_reference, warning_info_list in warning_frontend_information['warning-frontend-dict'].items() %}
{% if slave_reference not in slave_information_dict %} {% if slave_reference not in frontend_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %} {% do frontend_information_dict.__setitem__(slave_reference, {}) %}
{% endif %} {% endif %}
{% do slave_information_dict[slave_reference].__setitem__('warning-list', json_module.dumps(warning_info_list)) %} {% do frontend_information_dict[slave_reference].__setitem__('warning-list', json_module.dumps(warning_info_list)) %}
{% endfor %} {% endfor %}
{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).items() %} {% for slave_reference, kedifa_dict in json_module.loads(frontend_kedifa_information).items() %}
{% if slave_reference not in rejected_slave_information['rejected-slave-dict'] %} {% if slave_reference not in rejected_frontend_information['rejected-frontend-dict'] %}
{% if slave_reference not in slave_information_dict %} {% if slave_reference not in frontend_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %} {% do frontend_information_dict.__setitem__(slave_reference, {}) %}
{% endif %} {% endif %}
{% do slave_information_dict[slave_reference].__setitem__('key-generate-auth-url', kedifa_dict['key-generate-auth-url']) %} {% do frontend_information_dict[slave_reference].__setitem__('key-generate-auth-url', kedifa_dict['key-generate-auth-url']) %}
{% do slave_information_dict[slave_reference].__setitem__('key-upload-url', kedifa_dict['key-upload-url']) %} {% do frontend_information_dict[slave_reference].__setitem__('key-upload-url', kedifa_dict['key-upload-url']) %}
{% do slave_information_dict[slave_reference].__setitem__('kedifa-caucase-url', kedifa_dict['kedifa-caucase-url']) %} {% do frontend_information_dict[slave_reference].__setitem__('kedifa-caucase-url', kedifa_dict['kedifa-caucase-url']) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
[common-frontend-information] [common-frontend-information]
{% for frontend_key, frontend_value in frontend_information.items() %} {% for frontend_node_key, frontend_node_value in frontend_node_information.items() %}
{{ frontend_key }} = {{ frontend_value }} {{ frontend_node_key }} = {{ frontend_node_value }}
{% endfor %} {% endfor %}
# Publish information for each slave # Publish information for each frontend
{% set active_slave_instance_list = json_module.loads(active_slave_instance_dict['active-slave-instance-list']) %} {% set active_frontend_list = json_module.loads(active_frontend_instance_dict['active-frontend-list']) %}
{% for slave_reference, slave_information in slave_information_dict.items() %} {% for slave_reference, frontend_information in frontend_information_dict.items() %}
{# Filter out destroyed, so not existing anymore, slaves #} {# Filter out destroyed, so not existing anymore, frontends #}
{# Note: This functionality is not yet covered by tests, please modify with care #} {# Note: This functionality is not yet covered by tests, please modify with care #}
{% if slave_reference in active_slave_instance_list %} {% if slave_reference in active_frontend_list %}
{% set publish_section_title = 'publish-%s' % slave_reference %} {% set publish_section_title = 'publish-%s' % slave_reference %}
{% do part_list.append(publish_section_title) %} {% do part_list.append(publish_section_title) %}
[{{ publish_section_title }}] [{{ publish_section_title }}]
...@@ -70,12 +70,12 @@ ...@@ -70,12 +70,12 @@
recipe = slapos.cookbook:publish_failsafe recipe = slapos.cookbook:publish_failsafe
-error-status-file = {{ publish_failsafe_error }}/{{ slave_reference }}-error.status -error-status-file = {{ publish_failsafe_error }}/{{ slave_reference }}-error.status
-slave-reference = {{ slave_reference }} -slave-reference = {{ slave_reference }}
{% set log_access_url = slave_information.pop('log-access-urls', None) %} {% set log_access_url = frontend_information.pop('log-access-urls', None) %}
{% if log_access_url %} {% if log_access_url %}
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }} log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
{% endif %} {% endif %}
{% for key, value in slave_information.items() %} {% for key, value in frontend_information.items() %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
......
software/rapid-cdn/instance-master.cfg.in
View file @ 032443a4
...@@ -42,7 +42,7 @@ ...@@ -42,7 +42,7 @@
%} %}
{#- SlapOS Master (but not slapproxy!) merges slave's instance and connection parameters, so the slave information passed to nodes have to be limited only to instance related keys #} {#- SlapOS Master (but not slapproxy!) merges slave's instance and connection parameters, so the slave information passed to nodes have to be limited only to instance related keys #}
{#- Note: As a result, this feature is very hard to be tested with slapproxy, as it does not pollute the slave information, this kind of whitelist is implemented #} {#- Note: As a result, this feature is very hard to be tested with slapproxy, as it does not pollute the slave information, this kind of whitelist is implemented #}
{%- set FRONTEND_NODE_SLAVE_PASSED_KEY_LIST_SCHEMA = [ {%- set FRONTEND_NODE_FRONTEND_PASSED_KEY_LIST_SCHEMA = [
'authenticate-to-backend', 'authenticate-to-backend',
'backend-connect-retries', 'backend-connect-retries',
'backend-connect-timeout', 'backend-connect-timeout',
...@@ -94,11 +94,11 @@ ...@@ -94,11 +94,11 @@
'websocket-transparent', 'websocket-transparent',
] ]
%} %}
{%- set FRONTEND_NODE_SLAVE_PASSED_KEY_LIST_INTERNAL = [ {%- set FRONTEND_NODE_FRONTEND_PASSED_KEY_LIST_INTERNAL = [
'slave_reference', 'slave_reference',
] ]
%} %}
{%- set FRONTEND_NODE_SLAVE_PASSED_KEY_LIST = FRONTEND_NODE_SLAVE_PASSED_KEY_LIST_SCHEMA + FRONTEND_NODE_SLAVE_PASSED_KEY_LIST_INTERNAL %} {%- set FRONTEND_NODE_FRONTEND_PASSED_KEY_LIST = FRONTEND_NODE_FRONTEND_PASSED_KEY_LIST_SCHEMA + FRONTEND_NODE_FRONTEND_PASSED_KEY_LIST_INTERNAL %}
{% set aikc_enabled = instance_parameter_dict['configuration'].get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %} {% set aikc_enabled = instance_parameter_dict['configuration'].get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %}
{% set aibcc_enabled = instance_parameter_dict['configuration'].get('automatic-internal-backend-client-caucase-csr', 'true').lower() in TRUE_VALUES %} {% set aibcc_enabled = instance_parameter_dict['configuration'].get('automatic-internal-backend-client-caucase-csr', 'true').lower() in TRUE_VALUES %}
{# Ports 8401, 8402 and 8410+1..N are reserved for monitor ports on various partitions #} {# Ports 8401, 8402 and 8410+1..N are reserved for monitor ports on various partitions #}
...@@ -148,7 +148,7 @@ context = ...@@ -148,7 +148,7 @@ context =
'port': '4443', 'port': '4443',
'ram-cache-size': '1G', 'ram-cache-size': '1G',
'request-timeout': '600', 'request-timeout': '600',
'slave-introspection-https-port': '22443', 'frontend-introspection-https-port': '22443',
} %} } %}
{% for i in range(1, frontend_quantity + 1) %} {% for i in range(1, frontend_quantity + 1) %}
{% set frontend_name = "%s-%s" % (NAME_BASE, i) %} {% set frontend_name = "%s-%s" % (NAME_BASE, i) %}
...@@ -198,188 +198,187 @@ context = ...@@ -198,188 +198,187 @@ context =
{% do request_dict.__setitem__(request_section_title, request_content_dict) %} {% do request_dict.__setitem__(request_section_title, request_content_dict) %}
{% endfor %} {% endfor %}
{% set authorized_slave_string_list = [] %} {% set authorized_frontend_list = [] %}
{% set authorized_slave_list = [] %} {% set rejected_frontend_dict = {} %}
{% set rejected_slave_dict = {} %} {% set critical_rejected_frontend_dict = {} %}
{% set critical_rejected_slave_dict = {} %} {% set warning_frontend_dict = {} %}
{% set warning_slave_dict = {} %}
{% set used_host_list = [] %} {% set used_host_list = [] %}
{% for slave in sorted(instance_parameter_dict['slave-instance-list'], key=operator_module.itemgetter('slave_reference')) %} {% for frontend in sorted(instance_parameter_dict['slave-instance-list'], key=operator_module.itemgetter('slave_reference')) %}
{% set slave_error_list = [] %} {% set frontend_error_list = [] %}
{% set slave_critical_error_list = [] %} {% set frontend_critical_error_list = [] %}
{% set slave_warning_list = [] %} {% set frontend_warning_list = [] %}
{% set slave_server_alias_unclashed = [] %} {% set frontend_server_alias_unclashed = [] %}
{% set slave_type = slave.get('type') %} {% set frontend_type = frontend.get('type') %}
{% if slave_type not in [None, '', 'default', 'zope', 'redirect', 'notebook', 'websocket'] %} {% if frontend_type not in [None, '', 'default', 'zope', 'redirect', 'notebook', 'websocket'] %}
{% do slave_error_list.append('type:%s is not supported' % (slave_type,)) %} {% do frontend_error_list.append('type:%s is not supported' % (frontend_type,)) %}
{% endif %} {% endif %}
{# Check health-check-* #} {# Check health-check-* #}
{% set health_check = (str(slave.get('health-check', False)) or 'false').lower() %} {% set health_check = (str(frontend.get('health-check', False)) or 'false').lower() %}
{% if health_check in TRUE_VALUES %} {% if health_check in TRUE_VALUES %}
{% set health_check_http_method = slave.get('health-check-http-method') or 'GET' %} {% set health_check_http_method = frontend.get('health-check-http-method') or 'GET' %}
{% if health_check_http_method not in ['GET', 'OPTIONS', 'CONNECT', 'POST'] %} {% if health_check_http_method not in ['GET', 'OPTIONS', 'CONNECT', 'POST'] %}
{% do slave_error_list.append('Wrong health-check-http-method %s' % (health_check_http_method,)) %} {% do frontend_error_list.append('Wrong health-check-http-method %s' % (health_check_http_method,)) %}
{% endif %} {% endif %}
{% set health_check_http_path = slave.get('health-check-http-path') or '/' %} {% set health_check_http_path = frontend.get('health-check-http-path') or '/' %}
{% set health_check_http_version = slave.get('health-check-http-version') or 'HTTP/1.1' %} {% set health_check_http_version = frontend.get('health-check-http-version') or 'HTTP/1.1' %}
{% if health_check_http_version not in ['HTTP/1.1', 'HTTP/1.0'] %} {% if health_check_http_version not in ['HTTP/1.1', 'HTTP/1.0'] %}
{% do slave_error_list.append('Wrong health-check-http-version %s' % (health_check_http_version,)) %} {% do frontend_error_list.append('Wrong health-check-http-version %s' % (health_check_http_version,)) %}
{% endif %} {% endif %}
{% set health_check_timeout = (slave.get('health-check-timeout') or '2') | int(false) %} {% set health_check_timeout = (frontend.get('health-check-timeout') or '2') | int(false) %}
{% if health_check_timeout is false or health_check_timeout <= 0 %} {% if health_check_timeout is false or health_check_timeout <= 0 %}
{% do slave_error_list.append('Wrong health-check-timeout %s' % (slave.get('health-check-timeout'),)) %} {% do frontend_error_list.append('Wrong health-check-timeout %s' % (frontend.get('health-check-timeout'),)) %}
{% endif %} {% endif %}
{% set health_check_interval = (slave.get('health-check-interval') or '5') | int(false) %} {% set health_check_interval = (frontend.get('health-check-interval') or '5') | int(false) %}
{% if health_check_interval is false or health_check_interval <= 0 %} {% if health_check_interval is false or health_check_interval <= 0 %}
{% do slave_error_list.append('Wrong health-check-interval %s' % (slave.get('health-check-interval'),)) %} {% do frontend_error_list.append('Wrong health-check-interval %s' % (frontend.get('health-check-interval'),)) %}
{% endif %} {% endif %}
{% set health_check_rise = (slave.get('health-check-rise') or '1') | int(false) %} {% set health_check_rise = (frontend.get('health-check-rise') or '1') | int(false) %}
{% if health_check_rise is false or health_check_rise <= 0 %} {% if health_check_rise is false or health_check_rise <= 0 %}
{% do slave_error_list.append('Wrong health-check-rise %s' % (slave.get('health-check-rise'),)) %} {% do frontend_error_list.append('Wrong health-check-rise %s' % (frontend.get('health-check-rise'),)) %}
{% endif %} {% endif %}
{% set health_check_fall = (slave.get('health-check-fall') or '1') | int(false) %} {% set health_check_fall = (frontend.get('health-check-fall') or '1') | int(false) %}
{% if health_check_fall is false or health_check_fall <= 0 %} {% if health_check_fall is false or health_check_fall <= 0 %}
{% do slave_error_list.append('Wrong health-check-fall %s' % (slave.get('health-check-fall'),)) %} {% do frontend_error_list.append('Wrong health-check-fall %s' % (frontend.get('health-check-fall'),)) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{# Check virtualhostroot-http-port and virtualhostroot-https-port #} {# Check virtualhostroot-http-port and virtualhostroot-https-port #}
{% for key in ['virtualhostroot-http-port', 'virtualhostroot-https-port'] %} {% for key in ['virtualhostroot-http-port', 'virtualhostroot-https-port'] %}
{% set value = (slave.get(key) or '1') | int(false) %} {% set value = (frontend.get(key) or '1') | int(false) %}
{% if value is false or value < 0 %} {% if value is false or value < 0 %}
{% do slave_error_list.append('Wrong %s %r' % (key, slave.get(key))) %} {% do frontend_error_list.append('Wrong %s %r' % (key, frontend.get(key))) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{# Check ciphers #} {# Check ciphers #}
{% set slave_cipher_list = slave.get('ciphers', '').strip().split() %} {% set frontend_cipher_list = frontend.get('ciphers', '').strip().split() %}
{% if slave_cipher_list %} {% if frontend_cipher_list %}
{% for cipher in slave_cipher_list %} {% for cipher in frontend_cipher_list %}
{% if cipher not in GOOD_CIPHER_LIST %} {% if cipher not in GOOD_CIPHER_LIST %}
{% if cipher in CIPHER_TRANSLATION_DICT %} {% if cipher in CIPHER_TRANSLATION_DICT %}
{# Real translation happens in instance-slave-list.cfg.in #} {# Real translation happens in instance-frontend-list.cfg.in #}
{% do slave_warning_list.append('Cipher %r translated to %r' % (cipher, CIPHER_TRANSLATION_DICT[cipher])) %} {% do frontend_warning_list.append('Cipher %r translated to %r' % (cipher, CIPHER_TRANSLATION_DICT[cipher])) %}
{% else %} {% else %}
{% do slave_error_list.append('Cipher %r is not supported.' % (cipher,)) %} {% do frontend_error_list.append('Cipher %r is not supported.' % (cipher,)) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{# Check strict-transport-security #} {# Check strict-transport-security #}
{% set strict_transport_security = (slave.get('strict-transport-security') or '0') | int(false) %} {% set strict_transport_security = (frontend.get('strict-transport-security') or '0') | int(false) %}
{% if strict_transport_security is false or strict_transport_security < 0 %} {% if strict_transport_security is false or strict_transport_security < 0 %}
{% do slave_error_list.append('Wrong strict-transport-security %s' % (slave.get('strict-transport-security'),)) %} {% do frontend_error_list.append('Wrong strict-transport-security %s' % (frontend.get('strict-transport-security'),)) %}
{% endif %} {% endif %}
{% set custom_domain = slave.get('custom_domain') %} {% set custom_domain = frontend.get('custom_domain') %}
{% if custom_domain and custom_domain in used_host_list %} {% if custom_domain and custom_domain in used_host_list %}
{% set message = 'custom_domain %r clashes' % (custom_domain,) %} {% set message = 'custom_domain %r clashes' % (custom_domain,) %}
{% do slave_error_list.append(message) %} {% do frontend_error_list.append(message) %}
{% do slave_critical_error_list.append(message) %} {% do frontend_critical_error_list.append(message) %}
{% else %} {% else %}
{% do used_host_list.append(custom_domain) %} {% do used_host_list.append(custom_domain) %}
{% endif %} {% endif %}
{% if slave.get('server-alias') %} {% if frontend.get('server-alias') %}
{% for slave_alias in ('' ~ slave['server-alias']).split() %} {% for frontend_alias in ('' ~ frontend['server-alias']).split() %}
{% if slave_alias.startswith('*.') %} {% if frontend_alias.startswith('*.') %}
{% set clean_slave_alias = slave_alias[2:] %} {% set clean_frontend_alias = frontend_alias[2:] %}
{% else %} {% else %}
{% set clean_slave_alias = slave_alias %} {% set clean_frontend_alias = frontend_alias %}
{% endif %} {% endif %}
{% if not validators.domain(clean_slave_alias) %} {% if not validators.domain(clean_frontend_alias) %}
{% do slave_error_list.append('server-alias \'%s\' not valid' % (slave_alias,)) %} {% do frontend_error_list.append('server-alias \'%s\' not valid' % (frontend_alias,)) %}
{% else %} {% else %}
{% if slave_alias in slave_server_alias_unclashed or slave_alias == custom_domain %} {% if frontend_alias in frontend_server_alias_unclashed or frontend_alias == custom_domain %}
{# optionally do something about reporting back that server-alias has been unclashed #} {# optionally do something about reporting back that server-alias has been unclashed #}
{% elif slave_alias in used_host_list %} {% elif frontend_alias in used_host_list %}
{% set message = 'server-alias \'%s\' clashes' % (slave_alias,) %} {% set message = 'server-alias \'%s\' clashes' % (frontend_alias,) %}
{% do slave_error_list.append(message) %} {% do frontend_error_list.append(message) %}
{% do slave_critical_error_list.append(message) %} {% do frontend_critical_error_list.append(message) %}
{% else %} {% else %}
{% do slave_server_alias_unclashed.append(slave_alias) %} {% do frontend_server_alias_unclashed.append(frontend_alias) %}
{% do used_host_list.append(slave_alias) %} {% do used_host_list.append(frontend_alias) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %} {% do frontend.__setitem__('server-alias', ' '.join(frontend_server_alias_unclashed)) %}
{% endif %} {% endif %}
{% for url_key in ['url', 'https-url', 'health-check-failover-url', 'health-check-failover-https-url'] %} {% for url_key in ['url', 'https-url', 'health-check-failover-url', 'health-check-failover-https-url'] %}
{% if url_key in slave %} {% if url_key in frontend %}
{% set url = (slave[url_key] or '').strip() %} {% set url = (frontend[url_key] or '').strip() %}
{% if not validators.url(url) %} {% if not validators.url(url) %}
{% do slave_error_list.append('slave %s %r invalid' % (url_key, url)) %} {% do frontend_error_list.append('frontend %s %r invalid' % (url_key, url)) %}
{% elif url != slave[url_key] %} {% elif url != frontend[url_key] %}
{% do slave_warning_list.append('slave %s %r has been converted to %r' % (url_key, slave[url_key], url)) %} {% do frontend_warning_list.append('frontend %s %r has been converted to %r' % (url_key, frontend[url_key], url)) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% for url_key in ['url-netloc-list', 'https-url-netloc-list', 'health-check-failover-url-netloc-list'] %} {% for url_key in ['url-netloc-list', 'https-url-netloc-list', 'health-check-failover-url-netloc-list'] %}
{% if url_key in slave %} {% if url_key in frontend %}
{% for netloc in slave[url_key].split() %} {% for netloc in frontend[url_key].split() %}
{% if not software.validate_netloc(netloc) %} {% if not software.validate_netloc(netloc) %}
{% do slave_error_list.append('slave %s %r invalid' % (url_key, netloc)) %} {% do frontend_error_list.append('frontend %s %r invalid' % (url_key, netloc)) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% for k in ['ssl_proxy_ca_crt', 'health-check-failover-ssl-proxy-ca-crt'] %} {% for k in ['ssl_proxy_ca_crt', 'health-check-failover-ssl-proxy-ca-crt'] %}
{% if k in slave %} {% if k in frontend %}
{% set crt = slave.get(k, '') %} {% set crt = frontend.get(k, '') %}
{% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %} {% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %}
{% do check_popen.communicate(crt.encode()) %} {% do check_popen.communicate(crt.encode()) %}
{% if check_popen.returncode != 0 %} {% if check_popen.returncode != 0 %}
{% do slave_error_list.append('%s is invalid' % (k,)) %} {% do frontend_error_list.append('%s is invalid' % (k,)) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{# BBB: SlapOS Master non-zero knowledge BEGIN #} {# BBB: SlapOS Master non-zero knowledge BEGIN #}
{% for key in ['ssl_key', 'ssl_crt', 'ssl_ca_crt'] %} {% for key in ['ssl_key', 'ssl_crt', 'ssl_ca_crt'] %}
{% if key in slave %} {% if key in frontend %}
{% do slave_warning_list.append('%s is obsolete, please use key-upload-url' % (key,)) %} {% do frontend_warning_list.append('%s is obsolete, please use key-upload-url' % (key,)) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% if slave.get('ssl_ca_crt') and not (slave.get('ssl_crt') and slave.get('ssl_key')) %} {% if frontend.get('ssl_ca_crt') and not (frontend.get('ssl_crt') and frontend.get('ssl_key')) %}
{% do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required') %} {% do frontend_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required') %}
{% endif %} {% endif %}
{% if slave.get('ssl_key') and slave.get('ssl_crt') %} {% if frontend.get('ssl_key') and frontend.get('ssl_crt') %}
{% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %} {% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %} {% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'].encode())[0] | trim %} {% set key_modulus = key_popen.communicate(frontend['ssl_key'].encode())[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'].encode())[0] | trim %} {% set crt_modulus = crt_popen.communicate(frontend['ssl_crt'].encode())[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %} {% if not key_modulus or key_modulus != crt_modulus %}
{% do slave_error_list.append('slave ssl_key and ssl_crt does not match') %} {% do frontend_error_list.append('frontend ssl_key and ssl_crt does not match') %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{# BBB: SlapOS Master non-zero knowledge END #} {# BBB: SlapOS Master non-zero knowledge END #}
{% if slave.get('custom_domain') %} {% if frontend.get('custom_domain') %}
{% set slave_custom_domain = '' ~ slave['custom_domain'] %} {% set frontend_custom_domain = '' ~ frontend['custom_domain'] %}
{% if slave_custom_domain.startswith('*.') %} {% if frontend_custom_domain.startswith('*.') %}
{% set clean_custom_domain = slave_custom_domain[2:] %} {% set clean_custom_domain = frontend_custom_domain[2:] %}
{% else %} {% else %}
{% set clean_custom_domain = slave_custom_domain %} {% set clean_custom_domain = frontend_custom_domain %}
{% endif %} {% endif %}
{% if not validators.domain(clean_custom_domain) %} {% if not validators.domain(clean_custom_domain) %}
{% do slave_error_list.append('custom_domain %r invalid' % (slave['custom_domain'],)) %} {% do frontend_error_list.append('custom_domain %r invalid' % (frontend['custom_domain'],)) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if len(slave_error_list) == 0 %} {% if len(frontend_error_list) == 0 %}
{# Cleanup slave from not needed keys which come from implementation of SlapOS Master #} {# Cleanup frontend from not needed keys which come from implementation of SlapOS Master #}
{# Send only controlled information about the slave to node #} {# Send only controlled information about the frontend to node #}
{% set authorized_slave = {} %} {% set authorized_frontend = {} %}
{% for key in FRONTEND_NODE_SLAVE_PASSED_KEY_LIST %} {% for key in FRONTEND_NODE_FRONTEND_PASSED_KEY_LIST %}
{% if key in slave %} {% if key in frontend %}
{% do authorized_slave.__setitem__(key, slave[key]) %} {% do authorized_frontend.__setitem__(key, frontend[key]) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% do authorized_slave_list.append(authorized_slave) %} {% do authorized_frontend_list.append(authorized_frontend) %}
{% else %} {% else %}
{% do rejected_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_error_list)) %} {% do rejected_frontend_dict.__setitem__(frontend.get('slave_reference'), sorted(frontend_error_list)) %}
{% endif %} {% endif %}
{% if len(slave_critical_error_list) > 0 %} {% if len(frontend_critical_error_list) > 0 %}
{% do critical_rejected_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_critical_error_list)) %} {% do critical_rejected_frontend_dict.__setitem__(frontend.get('slave_reference'), sorted(frontend_critical_error_list)) %}
{% endif %} {% endif %}
{% if len(slave_warning_list) > 0 %} {% if len(frontend_warning_list) > 0 %}
{% do warning_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_warning_list)) %} {% do warning_frontend_dict.__setitem__(frontend.get('slave_reference'), sorted(frontend_warning_list)) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% do authorized_slave_list.sort(key=operator_module.itemgetter('slave_reference')) %} {% do authorized_frontend_list.sort(key=operator_module.itemgetter('slave_reference')) %}
[monitor-instance-parameter] [monitor-instance-parameter]
monitor-httpd-port = {{ master_partition_monitor_monitor_httpd_port }} monitor-httpd-port = {{ master_partition_monitor_monitor_httpd_port }}
...@@ -392,7 +391,7 @@ config-monitor-username = ${monitor-instance-parameter:username} ...@@ -392,7 +391,7 @@ config-monitor-username = ${monitor-instance-parameter:username}
config-monitor-password = ${monitor-htpasswd:passwd} config-monitor-password = ${monitor-htpasswd:passwd}
software-type = {{frontend_type}} software-type = {{frontend_type}}
return = slave-instance-information-list monitor-base-url backend-client-csr-url kedifa-csr-url csr-certificate backend-haproxy-statistic-url node-information-json return = frontend-instance-information-list monitor-base-url backend-client-csr-url kedifa-csr-url csr-certificate backend-haproxy-statistic-url node-information-json
{#- Send only needed parameters to frontend nodes #} {#- Send only needed parameters to frontend nodes #}
{%- set base_node_configuration_dict = {} %} {%- set base_node_configuration_dict = {} %}
...@@ -410,7 +409,7 @@ state = {{ state }} ...@@ -410,7 +409,7 @@ state = {{ state }}
{% endif %} {% endif %}
{# Do not send additional parameters for destroyed nodes #} {# Do not send additional parameters for destroyed nodes #}
{% if state != 'destroyed' %} {% if state != 'destroyed' %}
config-slave-kedifa-information = ${request-kedifa:connection-slave-kedifa-information} config-frontend-kedifa-information = ${request-kedifa:connection-frontend-kedifa-information}
config-kedifa-caucase-url = ${request-kedifa:connection-caucase-url} config-kedifa-caucase-url = ${request-kedifa:connection-caucase-url}
config-backend-client-caucase-url = {{ caucase_url }} config-backend-client-caucase-url = {{ caucase_url }}
config-master-key-download-url = ${request-kedifa:connection-master-key-download-url} config-master-key-download-url = ${request-kedifa:connection-master-key-download-url}
...@@ -419,7 +418,7 @@ config-cluster-identification = {{ instance_parameter_dict['root-instance-title' ...@@ -419,7 +418,7 @@ config-cluster-identification = {{ instance_parameter_dict['root-instance-title'
{% do node_configuration_dict.update(frontend_request.get('config')) %} {% do node_configuration_dict.update(frontend_request.get('config')) %}
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
{% do node_configuration_dict.__setitem__("frontend-list", json_module.dumps([])) %} {# XXX Upward compatbility #} {% do node_configuration_dict.__setitem__("frontend-list", json_module.dumps([])) %} {# XXX Upward compatbility #}
{% do node_configuration_dict.__setitem__("extra_slave_instance_list", json_module.dumps(authorized_slave_list, sort_keys=True)) %} {# XXX Backward compatibility #} {% do node_configuration_dict.__setitem__("extra_slave_instance_list", json_module.dumps(authorized_frontend_list, sort_keys=True)) %} {# XXX Backward compatibility #}
{% do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %} {% do node_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
{%- for config_key, config_value in node_configuration_dict.items() %} {%- for config_key, config_value in node_configuration_dict.items() %}
config-{{ config_key }} = {{ dumps(config_value) }} config-{{ config_key }} = {{ dumps(config_value) }}
...@@ -449,13 +448,13 @@ return = ...@@ -449,13 +448,13 @@ return =
<= monitor-publish <= monitor-publish
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
domain = {{ instance_parameter_dict['configuration'].get('domain') }} domain = {{ instance_parameter_dict['configuration'].get('domain') }}
slave-amount = {{ instance_parameter_dict['slave-instance-list'] | length }} frontend-amount = {{ instance_parameter_dict['slave-instance-list'] | length }}
accepted-slave-amount = {{ authorized_slave_list | length }} accepted-frontend-amount = {{ authorized_frontend_list | length }}
rejected-slave-amount = {{ rejected_slave_dict | length }} rejected-frontend-amount = {{ rejected_frontend_dict | length }}
backend-client-caucase-url = {{ caucase_url }} backend-client-caucase-url = {{ caucase_url }}
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
rejected-slave-dict = {{ dumps(json_module.dumps(rejected_slave_dict, sort_keys=True)) }} rejected-frontend-dict = {{ dumps(json_module.dumps(rejected_frontend_dict, sort_keys=True)) }}
rejected-slave-promise-url = ${rejected-slave-promise:config-url} rejected-frontend-promise-url = ${rejected-frontend-promise:config-url}
publish-failsafe-error-promise-url = ${publish-failsafe-error-promise:config-url} publish-failsafe-error-promise-url = ${publish-failsafe-error-promise:config-url}
master-key-upload-url = ${request-kedifa:connection-master-key-upload-url} master-key-upload-url = ${request-kedifa:connection-master-key-upload-url}
master-key-generate-auth-url = ${request-kedifa:connection-master-key-generate-auth-url} master-key-generate-auth-url = ${request-kedifa:connection-master-key-generate-auth-url}
...@@ -464,9 +463,9 @@ kedifa-caucase-url = ${request-kedifa:connection-caucase-url} ...@@ -464,9 +463,9 @@ kedifa-caucase-url = ${request-kedifa:connection-caucase-url}
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
warning-list = {{ dumps(json_module.dumps(warning_list, sort_keys=True)) }} warning-list = {{ dumps(json_module.dumps(warning_list, sort_keys=True)) }}
{% endif %} {% endif %}
{% if len(warning_slave_dict) > 0 %} {% if len(warning_frontend_dict) > 0 %}
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
warning-slave-dict = {{ dumps(json_module.dumps(warning_slave_dict, sort_keys=True)) }} warning-frontend-dict = {{ dumps(json_module.dumps(warning_frontend_dict, sort_keys=True)) }}
{% endif %} {% endif %}
{% if not aikc_enabled or not aibcc_enabled %} {% if not aikc_enabled or not aibcc_enabled %}
{% for index, frontend in enumerate(frontend_list) %} {% for index, frontend in enumerate(frontend_list) %}
...@@ -485,7 +484,7 @@ frontend-node-{{ index + 1 }}-kedifa-csr-url = {{ section_part }}:connection-ked ...@@ -485,7 +484,7 @@ frontend-node-{{ index + 1 }}-kedifa-csr-url = {{ section_part }}:connection-ked
{% for index, frontend in enumerate(frontend_list) %} {% for index, frontend in enumerate(frontend_list) %}
{% set section_part = '${request-' + frontend %} {% set section_part = '${request-' + frontend %}
frontend-node-{{ index + 1 }}-backend-haproxy-statistic-url = {{ section_part }}:connection-backend-haproxy-statistic-url} frontend-node-{{ index + 1 }}-backend-haproxy-statistic-url = {{ section_part }}:connection-backend-haproxy-statistic-url}
frontend-node-{{ index + 1 }}-node-information-json = ${frontend-information:frontend-node-{{ index + 1 }}-node-information-json} frontend-node-{{ index + 1 }}-node-information-json = ${frontend-node-information:frontend-node-{{ index + 1 }}-node-information-json}
{% endfor %} {% endfor %}
{% if not aibcc_enabled %} {% if not aibcc_enabled %}
{% for index, frontend in enumerate(frontend_list) %} {% for index, frontend in enumerate(frontend_list) %}
...@@ -509,14 +508,14 @@ config-url = ...@@ -509,14 +508,14 @@ config-url =
#---------------------------- #----------------------------
#-- #--
#-- Publish slave information #-- Publish frontend information
[publish-slave-information] [publish-frontend-information]
recipe = slapos.cookbook:switch-softwaretype recipe = slapos.cookbook:switch-softwaretype
default = instance-publish-slave-information:output default = instance-publish-frontend-information:output
RootSoftwareInstance = ${:default} RootSoftwareInstance = ${:default}
replicate = instance-publish-slave-information:output replicate = instance-publish-frontend-information:output
custom-personal = instance-publish-slave-information:output custom-personal = instance-publish-frontend-information:output
custom-group = instance-publish-slave-information:output custom-group = instance-publish-frontend-information:output
[request-kedifa] [request-kedifa]
<= slap-connection <= slap-connection
...@@ -533,7 +532,7 @@ config-rotate-num = {{ instance_parameter_dict['configuration'].get('rotate-num' ...@@ -533,7 +532,7 @@ config-rotate-num = {{ instance_parameter_dict['configuration'].get('rotate-num'
config-{{ key }} = {{ dumps(instance_parameter_dict['configuration'][key]) }} config-{{ key }} = {{ dumps(instance_parameter_dict['configuration'][key]) }}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
config-slave-list = {{ dumps(authorized_slave_list) }} config-frontend-list = {{ dumps(authorized_frontend_list) }}
config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }} config-cluster-identification = {{ instance_parameter_dict['root-instance-title'] }}
{% set software_url_key = "-kedifa-software-release-url" %} {% set software_url_key = "-kedifa-software-release-url" %}
...@@ -544,7 +543,7 @@ software-url = ${slap-connection:software-release-url} ...@@ -544,7 +543,7 @@ software-url = ${slap-connection:software-release-url}
{% endif %} {% endif %}
software-type = kedifa software-type = kedifa
name = kedifa name = kedifa
return = slave-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate monitor-base-url return = frontend-kedifa-information master-key-generate-auth-url master-key-upload-url master-key-download-url caucase-url kedifa-csr-url csr-certificate monitor-base-url
{% set sla_kedifa_key = "-sla-kedifa-" %} {% set sla_kedifa_key = "-sla-kedifa-" %}
{% set sla_kedifa_key_length = sla_kedifa_key | length %} {% set sla_kedifa_key_length = sla_kedifa_key | length %}
{% for key in list(instance_parameter_dict['configuration'].keys()) %} {% for key in list(instance_parameter_dict['configuration'].keys()) %}
...@@ -553,45 +552,45 @@ sla-{{ key[sla_kedifa_key_length:] }} = {{ instance_parameter_dict['configuratio ...@@ -553,45 +552,45 @@ sla-{{ key[sla_kedifa_key_length:] }} = {{ instance_parameter_dict['configuratio
{% endif %} {% endif %}
{% endfor %} {% endfor %}
[rejected-slave-information] [rejected-frontend-information]
rejected-slave-dict = {{ dumps(rejected_slave_dict) }} rejected-frontend-dict = {{ dumps(rejected_frontend_dict) }}
[warning-slave-information] [warning-frontend-information]
warning-slave-dict = {{ dumps(warning_slave_dict) }} warning-frontend-dict = {{ dumps(warning_frontend_dict) }}
[slave-information] [frontend-information]
{% for frontend_section in frontend_section_list %} {% for frontend_section in frontend_section_list %}
{{ frontend_section }} = {{ "${%s:connection-slave-instance-information-list}" % frontend_section }} {{ frontend_section }} = {{ "${%s:connection-frontend-instance-information-list}" % frontend_section }}
{% endfor %} {% endfor %}
[active-slave-instance] [active-frontend-instance]
{% set active_slave_instance_list = [] %} {% set active_frontend_list = [] %}
{% for slave_instance in instance_parameter_dict['slave-instance-list'] %} {% for frontend in instance_parameter_dict['slave-instance-list'] %}
{# Provide a list of slave titles send by master, in order to filter out already destroyed slaves #} {# Provide a list of slave titles send by master, in order to filter out already destroyed slaves #}
{# Note: This functionality is not yet covered by tests, please modify with care #} {# Note: This functionality is not yet covered by tests, please modify with care #}
{% do active_slave_instance_list.append(slave_instance['slave_reference']) %} {% do active_frontend_list.append(frontend['slave_reference']) %}
{% endfor %} {% endfor %}
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
active-slave-instance-list = {{ json_module.dumps(active_slave_instance_list, sort_keys=True) }} active-frontend-list = {{ json_module.dumps(active_frontend_list, sort_keys=True) }}
[frontend-information] [frontend-node-information]
{% for index, frontend in enumerate(frontend_list) %} {% for index, frontend in enumerate(frontend_list) %}
{% set section_part = '${request-' + frontend %} {% set section_part = '${request-' + frontend %}
frontend-node-{{ index + 1 }}-node-information-json = {{ section_part }}:connection-node-information-json} frontend-node-{{ index + 1 }}-node-information-json = {{ section_part }}:connection-node-information-json}
{% endfor %} {% endfor %}
[instance-publish-slave-information] [instance-publish-frontend-information]
< = jinja2-template-base < = jinja2-template-base
url = {{ software_parameter_dict['profile_master_publish_slave_information'] }} url = {{ software_parameter_dict['profile_master_publish_frontend_information'] }}
filename = instance-publish-slave-information.cfg filename = instance-publish-frontend-information.cfg
extensions = jinja2.ext.do extensions = jinja2.ext.do
extra-context = extra-context =
section slave_information slave-information
section frontend_information frontend-information section frontend_information frontend-information
section rejected_slave_information rejected-slave-information section frontend_node_information frontend-node-information
section active_slave_instance_dict active-slave-instance section rejected_frontend_information rejected-frontend-information
section warning_slave_information warning-slave-information section active_frontend_instance_dict active-frontend-instance
key slave_kedifa_information request-kedifa:connection-slave-kedifa-information section warning_frontend_information warning-frontend-information
key frontend_kedifa_information request-kedifa:connection-frontend-kedifa-information
key publish_failsafe_error directory:publish-failsafe-error-var key publish_failsafe_error directory:publish-failsafe-error-var
[monitor-base-url-dict] [monitor-base-url-dict]
...@@ -611,7 +610,7 @@ caucased = ${:srv}/caucased ...@@ -611,7 +610,7 @@ caucased = ${:srv}/caucased
backup-caucased = ${:backup}/caucased backup-caucased = ${:backup}/caucased
# NGINX # NGINX
master-introspection-var = ${:var}/master-introspection-nginx master-introspection-var = ${:var}/master-introspection-nginx
# slaves # frontends
publish-failsafe-error-var = ${:var}/publish-failsafe-error publish-failsafe-error-var = ${:var}/publish-failsafe-error
publish-failsafe-check-var = ${:var}/publish-failsafe-check publish-failsafe-check-var = ${:var}/publish-failsafe-check
...@@ -860,15 +859,15 @@ update-command = ${:command} ...@@ -860,15 +859,15 @@ update-command = ${:command}
{% endfor %} {% endfor %}
{% endif %} {# if aibcc_enabled #} {% endif %} {# if aibcc_enabled #}
[rejected-slave-json] [rejected-frontend-json]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
filename = rejected-slave.json filename = rejected-frontend.json
directory = ${directory:promise-output} directory = ${directory:promise-output}
output = ${:directory}/${:filename} output = ${:directory}/${:filename}
url = {{ software_parameter_dict['template_empty'] }} url = {{ software_parameter_dict['template_empty'] }}
{% if critical_rejected_slave_dict %} {% if critical_rejected_frontend_dict %}
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
content = {{ dumps(json_module.dumps(critical_rejected_slave_dict, indent=2, sort_keys=True)) }} content = {{ dumps(json_module.dumps(critical_rejected_frontend_dict, indent=2, sort_keys=True)) }}
{% else %} {% else %}
content = content =
{% endif %} {% endif %}
...@@ -920,8 +919,8 @@ init = ...@@ -920,8 +919,8 @@ init =
url.set(path = '') url.set(path = '')
options['frontend-url'] = url.tostr() options['frontend-url'] = url.tostr()
[rejected-slave-publish] [rejected-frontend-publish]
url = ${master-introspection-frontend-url:frontend-url}/${master-introspection-template:rejected-slave-path}/${rejected-slave-json:filename} url = ${master-introspection-frontend-url:frontend-url}/${master-introspection-template:rejected-frontend-path}/${rejected-frontend-json:filename}
[master-introspection-certificate] [master-introspection-certificate]
recipe = plone.recipe.command recipe = plone.recipe.command
...@@ -958,7 +957,7 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} ${master-intros ...@@ -958,7 +957,7 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} ${master-intros
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
var = ${directory:master-introspection-var} var = ${directory:master-introspection-var}
pid = ${directory:var}/nginx-master-introspection-server.pid pid = ${directory:var}/nginx-master-introspection-server.pid
rejected-slave-path = rejected-slave rejected-frontend-path = rejected-frontend
publish-failsafe-error-path = publish-failsafe-error publish-failsafe-error-path = publish-failsafe-error
inline = inline =
daemon off; daemon off;
...@@ -984,8 +983,8 @@ inline = ...@@ -984,8 +983,8 @@ inline =
scgi_temp_path ${:var} 1 2; scgi_temp_path ${:var} 1 2;
auth_basic "Master Introspection"; auth_basic "Master Introspection";
auth_basic_user_file ${master-introspection-htpasswd:file}; auth_basic_user_file ${master-introspection-htpasswd:file};
location /${:rejected-slave-path} { location /${:rejected-frontend-path} {
alias ${rejected-slave-json:directory}/; alias ${rejected-frontend-json:directory}/;
autoindex off; autoindex off;
sendfile on; sendfile on;
sendfile_max_chunk 1m; sendfile_max_chunk 1m;
...@@ -1008,13 +1007,13 @@ name = master-introspection-server-ip-port-listening.py ...@@ -1008,13 +1007,13 @@ name = master-introspection-server-ip-port-listening.py
config-host = ${master-introspection-server-configuration:ip} config-host = ${master-introspection-server-configuration:ip}
config-port = ${master-introspection-server-configuration:port} config-port = ${master-introspection-server-configuration:port}
[rejected-slave-promise] [rejected-frontend-promise]
<= monitor-promise-base <= monitor-promise-base
promise = check_file_state promise = check_file_state
name = rejected-slave.py name = rejected-frontend.py
config-filename = ${rejected-slave-json:output} config-filename = ${rejected-frontend-json:output}
config-state = empty config-state = empty
config-url = ${rejected-slave-publish:url} config-url = ${rejected-frontend-publish:url}
[master-key-upload-url-ready] [master-key-upload-url-ready]
recipe = slapos.recipe.build recipe = slapos.recipe.build
...@@ -1094,12 +1093,12 @@ extends = ...@@ -1094,12 +1093,12 @@ extends =
{{ software_parameter_dict['profile_monitor2'] }} {{ software_parameter_dict['profile_monitor2'] }}
parts = parts =
monitor-base monitor-base
publish-slave-information publish-frontend-information
check-publish-failsafe-error check-publish-failsafe-error
publish-failsafe-error-promise publish-failsafe-error-promise
publish-information publish-information
request-kedifa request-kedifa
rejected-slave-promise rejected-frontend-promise
master-introspection-server-ip-port master-introspection-server-ip-port
caucased-backend-client caucased-backend-client
caucased-backend-client-promise caucased-backend-client-promise
......
software/rapid-cdn/instance-slave-list.cfg.in
View file @ 032443a4
...@@ -12,7 +12,6 @@ ...@@ -12,7 +12,6 @@
{%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': instance_parameter_dict['ipv4-random'], 'http_port': configuration['plain_http_port'], 'https_port': configuration['port']} %} {%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': instance_parameter_dict['ipv4-random'], 'http_port': configuration['plain_http_port'], 'https_port': configuration['port']} %}
{%- set slave_log_dict = {} %} {%- set slave_log_dict = {} %}
{%- set slave_instance_information_list = [] %} {%- set slave_instance_information_list = [] %}
{%- set slave_instance_list = instance_parameter_dict['slave-instance-list'] %}
{%- set frontend_list = json_module.loads(configuration['frontend-list']) %} {#- XXX Upward compatibility #} {%- set frontend_list = json_module.loads(configuration['frontend-list']) %} {#- XXX Upward compatibility #}
{%- do frontend_list.extend(json_module.loads(configuration.get('extra_slave_instance_list', []))) %} {#- XXX Backward compatibility #} {%- do frontend_list.extend(json_module.loads(configuration.get('extra_slave_instance_list', []))) %} {#- XXX Backward compatibility #}
{%- if master_key_download_url %} {%- if master_key_download_url %}
...@@ -56,7 +55,7 @@ context = ...@@ -56,7 +55,7 @@ context =
{%- do configuration.__setitem__(key, ('' ~ configuration[key]).lower() in TRUE_VALUES) %} {%- do configuration.__setitem__(key, ('' ~ configuration[key]).lower() in TRUE_VALUES) %}
{%- endfor %} {%- endfor %}
{#- Loop thought slave list to set up slaves #} {#- Loop thought slave list to set up slaves #}
{%- for slave_instance in slave_instance_list %} {%- for slave_instance in frontend_list %}
{#- Prepare slave parameters: #} {#- Prepare slave parameters: #}
{#- * convert strings to booleans (as slapproxy and SlapOS Master differ a bit) #} {#- * convert strings to booleans (as slapproxy and SlapOS Master differ a bit) #}
{#- * create real lists from string lists #} {#- * create real lists from string lists #}
...@@ -388,7 +387,7 @@ local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }} ...@@ -388,7 +387,7 @@ local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
{%- if slave_type != 'redirect' %} {%- if slave_type != 'redirect' %}
{%- do backend_slave_list.append(slave_instance) %} {%- do backend_slave_list.append(slave_instance) %}
{%- endif %} {%- endif %}
{%- endfor %} {# Slave iteration ends for slave_instance in slave_instance_list #} {%- endfor %} {# Slave iteration ends for slave_instance in frontend_list #}
{%- do part_list.append('slave-introspection') %} {%- do part_list.append('slave-introspection') %}
{#- ############################################## #} {#- ############################################## #}
......
software/rapid-cdn/software.cfg
View file @ 032443a4
...@@ -75,8 +75,8 @@ profile_kedifa = ${profile-kedifa:target} ...@@ -75,8 +75,8 @@ profile_kedifa = ${profile-kedifa:target}
profile_logrotate_base = ${template-logrotate-base:output} profile_logrotate_base = ${template-logrotate-base:output}
profile_monitor = ${monitor-template:output} profile_monitor = ${monitor-template:output}
profile_monitor2 = ${monitor2-template:output} profile_monitor2 = ${monitor2-template:output}
profile_master_publish_slave_information = ${profile-master-publish-slave-information:target} profile_master_publish_frontend_information = ${profile-master-publish-frontend-information:target}
profile_slave_list = ${profile-slave-list:target} profile_frontend_list = ${profile-frontend-list:target}
# templates # templates
template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target} template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
...@@ -147,7 +147,7 @@ url = ${:_profile_base_location_}/${:filename} ...@@ -147,7 +147,7 @@ url = ${:_profile_base_location_}/${:filename}
[profile-slave-list] [profile-slave-list]
<= download-profile <= download-profile
[profile-master-publish-slave-information] [profile-master-publish-frontend-information]
<= download-profile <= download-profile
[download-template] [download-template]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7