Update Release Candidate

component/git/buildout.cfg

@@ -18,8 +18,8 @@ parts =
 [git]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.33.1.tar.xz
-md5sum = 3462f34d9c17288eee854b7645f6a0a1
+url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.35.1.tar.xz
+md5sum = 3aae077280b6be861e3c1c637491853a
 configure-options =
   --with-curl=${curl:location}
   --with-openssl=${openssl:location}

component/nano/buildout.cfg

@@ -10,9 +10,8 @@ extends =
 [nano]
 recipe = slapos.recipe.cmmi
 shared = true
-url = http://www.nano-editor.org/dist/v2.8/nano-2.8.4.tar.xz
-md5sum = 02ff28870194178595b287fc16fa611b
-location = @@LOCATION@@
+url = https://www.nano-editor.org/dist/v6/nano-6.2.tar.xz
+md5sum = 12784a5c245518d7580125ebbd6b7601
 # The dummy PKG_CONFIG is in the case that both pkg-config and ncursesw
 # are installed on the system.
 environment=
@@ -21,5 +20,6 @@ environment=
   CPPFLAGS=-I${file:location}/include -I${zlib:location}/include
   LDFLAGS=-L${file:location}/lib/ -Wl,-rpath=${file:location}/lib/ -L${zlib:location}/lib/ -Wl,-rpath=${zlib:location}/lib/
 post-install =
-  cd ${:location} && mkdir etc &&
-  echo include "${:location}/share/nano/*.nanorc" > etc/nanorc
+  cd %(location)s
+  mkdir etc
+  echo 'include %(location)s/share/nano/*.nanorc' > etc/nanorc

software/beremiz-runtime/buildout.hash.cfg

 [instance-profile]
 filename = instance.cfg.in
-md5sum = a438aa4126feb2e609a082935acbb625
+md5sum = 6e3e1dc304378640707cdb6a792106f1

software/beremiz-runtime/instance.cfg.in

@@ -29,11 +29,8 @@ key = ${slap-connection:key-file}
 cert = ${slap-connection:cert-file}
 configuration.runtime_plc_url =
 configuration.runtime_plc_md5sum =
-# XXX: we can get rid of plc_name in future
-configuration.runtime_plc_name = 
 configuration.autostart = 1
 configuration.interface = 0.0.0.0
-# XXX: randomly generated one on slap's interface?
 configuration.port = 61248
 
 # Create all needed directories, depending on your needs

software/caddy-frontend/buildout.hash.cfg

@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 
 [profile-caddy-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = 0950e09ad1f03f0789308f5f7a7eb1b8
+md5sum = 3e3021b86c3cfe93553489441da85496
 
 [profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = c5d1e235959a877b4f3157369c6f5e10
+md5sum = c028f1c5947494e7f25cf8266a3ecd2d
 
 [profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = 9e77ca5d41541787f66a4e1872556418
+md5sum = 6b6ab13d82bf9ecff6a37c3402ddbf95
 
 [profile-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
@@ -94,15 +94,15 @@ md5sum = 8c150e1e6c993708d31936742f3a7302
 
 [caddyprofiledeps-setup]
 filename = setup.py
-md5sum = 8e1c6c06c09beb921965b3ce98c67c9e
+md5sum = 6aad2b4c271294f524214192ee197c15
 
 [caddyprofiledeps-dummy]
 filename = caddyprofiledummy.py
-md5sum = 59cb33f11272ee09eccea74981d2304a
+md5sum = b41b8de115ad815d0b0db306ad650365
 
 [profile-kedifa]
 filename = instance-kedifa.cfg.in
-md5sum = 483e834e689f9a943346683e4d81eab4
+md5sum = 88f3a8cc30d3cf30f4bd2797f5c16221
 
 [template-backend-haproxy-rsyslogd-conf]
 _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
@@ -111,3 +111,7 @@ md5sum = 3336d554661b138dcef97b1d1866803c
 [template-slave-introspection-httpd-nginx]
 _update_hash_filename_ = templates/slave-introspection-httpd-nginx.conf.in
 md5sum = 3067e6ba6c6901821d57d2109517d39c
+
+[template-expose-csr-nginx-conf]
+_update_hash_filename_ = templates/expose-csr-nginx.conf.in
+md5sum = 5620baa8819fcc8340fa6777ee551a1a

software/caddy-frontend/caddyprofiledummy.py

+from __future__ import print_function
+
+import caucase.client
+import caucase.utils
+import os
+import ssl
+import sys
+import urllib
 import urlparse
 
+from cryptography import x509
+from cryptography.hazmat.primitives import serialization
+
 class Recipe(object):
   def __init__(self, *args, **kwargs):
     pass
@@ -19,3 +30,94 @@ def validate_netloc(netloc):
   else:
     hostname = parsed.hostname
   return netloc == '%s:%s' % (hostname, parsed.port)
+
+
+def _check_certificate(url, certificate):
+  parsed = urlparse.urlparse(url)
+  got_certificate = ssl.get_server_certificate((parsed.hostname, parsed.port))
+  if certificate.strip() != got_certificate.strip():
+    raise ValueError('Certificate for %s does not match expected one' % (url,))
+
+
+def _get_exposed_csr(url, certificate):
+  _check_certificate(url, certificate)
+  self_signed = ssl.create_default_context()
+  self_signed.check_hostname = False
+  self_signed.verify_mode = ssl.CERT_NONE
+  return urllib.urlopen(url, context=self_signed).read()
+
+
+def _get_caucase_client(ca_url, ca_crt, user_key):
+  return caucase.client.CaucaseClient(
+    ca_url=ca_url + '/cas',
+    ca_crt_pem_list=caucase.utils.getCertList(ca_crt),
+    user_key=user_key,
+  )
+
+
+def _get_caucase_csr_list(ca_url, ca_crt, user_key):
+  csr_list = []
+  for entry in _get_caucase_client(
+    ca_url, ca_crt, user_key).getPendingCertificateRequestList():
+    csr = caucase.utils.load_certificate_request(
+      caucase.utils.toBytes(entry['csr']))
+    csr_list.append({
+      'csr_id': entry['id'],
+      'csr': csr.public_bytes(serialization.Encoding.PEM).decode()
+    })
+  return csr_list
+
+
+def _csr_match(*csr_list):
+  number_list = set([])
+  for csr in csr_list:
+    number_list.add(
+      x509.load_pem_x509_csr(str(csr)).public_key().public_numbers())
+  return len(number_list) == 1
+
+
+def _sign_csr(ca_url, ca_crt, user_key, csr, csr_list):
+  signed = False
+  client = _get_caucase_client(ca_url, ca_crt, user_key)
+  for csr_entry in csr_list:
+    if _csr_match(csr, csr_entry['csr']):
+      client.createCertificate(int(csr_entry['csr_id']))
+      print('Signed csr with id %s' % (csr_entry['csr_id'],))
+      signed = True
+      break
+  return signed
+
+
+def _mark_done(filename):
+  with open(filename, 'w') as fh:
+    fh.write('done')
+  print('Marked file %s' % (filename,))
+
+
+def _is_done(filename):
+  if os.path.exists(filename):
+    return True
+  return False
+
+
+def smart_sign():
+  ca_url, ca_crt, done_file, user_key, csr_url, \
+    csr_url_certificate = sys.argv[1:]
+  if _is_done(done_file):
+    return
+  exposed_csr = _get_exposed_csr(csr_url, csr_url_certificate)
+  caucase_csr_list = _get_caucase_csr_list(ca_url, ca_crt, user_key)
+  if _sign_csr(
+    ca_url, ca_crt, user_key, exposed_csr, caucase_csr_list):
+    _mark_done(done_file)
+  else:
+    print('Failed to sign %s' % (csr_url,))
+
+
+def caucase_csr_sign_check():
+  ca_url, ca_crt, user_key = sys.argv[1:]
+  if len(_get_caucase_csr_list(ca_url, ca_crt, user_key)) != 0:
+    print('ERR There are CSR to sign on %s' % (ca_url,))
+    sys.exit(1)
+  else:
+    print('OK No CSR to sign on %s' % (ca_url,))

software/caddy-frontend/instance-apache-frontend.cfg.in

@@ -89,10 +89,10 @@ bbb-ssl-dir = ${:srv}/bbb-ssl
 
 frontend_cluster = ${:var}/frontend_cluster
 
-# csr_id publication
-csr_id = ${:srv}/csr_id
-certificate-csr_id = ${:etc}/certificate-csr_id
-expose-csr_id-var = ${:var}/expose-csr_id
+# CSR publication
+expose-csr = ${:srv}/expose-csr
+expose-csr-etc = ${:etc}/expose-csr
+expose-csr-var = ${:var}/expose-csr
 
 # slave introspection
 slave-introspection-var = ${:var}/slave-introspection
@@ -179,6 +179,7 @@ template-empty = {{ software_parameter_dict['template_empty'] }}
 template-default-slave-virtualhost = {{ software_parameter_dict['template_default_slave_virtualhost'] }}
 template-backend-haproxy-configuration = {{ software_parameter_dict['template_backend_haproxy_configuration'] }}
 template-backend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_backend_haproxy_rsyslogd_conf'] }}
+template-expose-csr-nginx-conf = {{ software_parameter_dict['template_expose_csr_nginx_conf'] }}
 
 [kedifa-login-config]
 d = ${directory:ca-dir}
@@ -295,11 +296,12 @@ extra-context =
     key master_key_download_url :master_key_download_url
     key autocert caddy-directory:autocert
     key caddy_log_directory caddy-directory:slave-log
-    key expose_csr_id_organization :organization
-    key expose_csr_id_organizational_unit :organizational-unit
+    key expose_csr_organization :organization
+    key expose_csr_organizational_unit :organizational-unit
     key global_ipv6 slap-configuration:ipv6-random
     key empty_template software-release-path:template-empty
     key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
+    key template_expose_csr_nginx_conf software-release-path:template-expose-csr-nginx-conf
     key software_type :software_type
     key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
     key monitor_base_url monitor-instance-parameter:monitor-base-url 

software/caddy-frontend/instance-caddy-input-schema.json

@@ -69,7 +69,7 @@
     },
     "automatic-internal-kedifa-caucase-csr": {
       "default": "true",
-      "description": "Automatically signs CSRs sent to KeDiFa's caucase, based on csr_id and matching certificate.",
+      "description": "Automatically signs CSRs sent to KeDiFa's caucase, based on CSR comparison.",
       "enum": [
         "true",
         "false"
@@ -79,7 +79,7 @@
     },
     "automatic-internal-backend-client-caucase-csr": {
       "default": "true",
-      "description": "Automatically signs CSRs sent to Backend Client's caucase, based on csr_id and matching certificate.",
+      "description": "Automatically signs CSRs sent to Backend Client's caucase, based on CSR comparison.",
       "enum": [
         "true",
         "false"

software/caddy-frontend/instance-kedifa.cfg.in

@@ -17,8 +17,7 @@ parts =
   caucased
   caucased-promise
   caucase-updater
-  expose-csr_id
-  promise-expose-csr_id-ip-port
+  promise-expose-csr-ip-port
   promise-logrotate-setup
 
 [monitor-instance-parameter]
@@ -74,10 +73,10 @@ backup-caucased = ${:backup}/caucased
 # reservation
 reservation = ${:srv}/reservation
 
-# csr_id publication
-csr_id = ${:srv}/csr_id
-certificate-csr_id = ${:var}/certificate-csr_id
-expose-csr_id-var = ${:var}/expose-csr_id
+# CSR publication
+expose-csr = ${:srv}/expose-csr
+expose-csr-etc = ${:etc}/expose-csr
+expose-csr-var = ${:var}/expose-csr
 
 [kedifa-csr]
 recipe = plone.recipe.command
@@ -113,30 +112,19 @@ stop-on-error = True
      template_csr='${kedifa-csr:template-csr}'
 )}}
 
-[store-csr_id]
+[expose-csr-link-csr]
 recipe = plone.recipe.command
-
-csr_id_path = ${directory:csr_id}/csr_id.txt
-csr_work_path = ${directory:tmp}/${:_buildout_section_name_}
-
+filename = csr.pem
+csr_path = ${directory:expose-csr}/${:filename}
 stop-on-error = False
 update-command = ${:command}
 command =
-  [ -f {:csr_id_path} ] && exit 0
-  {{ software_parameter_dict['bin_directory'] }}/caucase \
-    --ca-url {{ caucase_url }} \
-    --ca-crt ${kedifa-config:ca-certificate} \
-    --crl ${kedifa-config:crl} \
-    --mode service \
-{#- XXX: Need to use caucase-updater-csr:csr, as there is no way to obatin csr_id from caucase-updater -#}
-{#- XXX: nor directly path to the generated CSR #}
-    --send-csr ${caucase-updater-csr:csr} > ${:csr_work_path} && \
-  cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path}
-
-[certificate-csr_id]
+  ln -sf ${caucase-updater-csr:csr} ${:csr_path}
+
+[expose-csr-certificate]
 recipe = plone.recipe.command
-certificate = ${directory:certificate-csr_id}/certificate.pem
-key = ${directory:certificate-csr_id}/key.pem
+certificate = ${directory:expose-csr-etc}/certificate.pem
+key = ${directory:expose-csr-etc}/key.pem
 
 {#- Can be stopped on error, as does not rely on self provided service #}
 stop-on-error = True
@@ -148,70 +136,44 @@ command =
       -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
   fi
 
-[expose-csr_id-configuration]
+[expose-csr-configuration]
 ip = {{ instance_parameter_dict['ipv6-random'] }}
 port = 17000
-key = ${certificate-csr_id:key}
-certificate = ${certificate-csr_id:certificate}
-error-log = ${directory:log}/expose-csr_id.log
-
-[expose-csr_id-template]
+key = ${expose-csr-certificate:key}
+certificate = ${expose-csr-certificate:certificate}
+error-log = ${directory:log}/expose-csr.log
+var = ${directory:expose-csr-var}
+pid = ${directory:var}/nginx-expose-csr.pid
+root = ${directory:expose-csr}
+nginx_mime = {{ software_parameter_dict['nginx_mime'] }}
+
+[expose-csr-template]
 recipe = slapos.recipe.template:jinja2
-var = ${directory:expose-csr_id-var}
-pid = ${directory:var}/nginx-expose-csr_id.pid
-rendered = ${directory:etc}/nginx-expose-csr_id.conf
-template = inline:
-  daemon off;
-  pid ${:pid};
-  error_log ${expose-csr_id-configuration:error-log};
-  events {
-  }
-  http {
-    include {{ software_parameter_dict['nginx_mime'] }};
-    server {
-      server_name_in_redirect off;
-      port_in_redirect off;
-      error_log ${expose-csr_id-configuration:error-log};
-      access_log /dev/null;
-      listen [${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port} ssl;
-      ssl_certificate ${expose-csr_id-configuration:certificate};
-      ssl_certificate_key ${expose-csr_id-configuration:key};
-      default_type application/octet-stream;
-      client_body_temp_path ${:var} 1 2;
-      proxy_temp_path ${:var} 1 2;
-      fastcgi_temp_path ${:var} 1 2;
-      uwsgi_temp_path ${:var} 1 2;
-      scgi_temp_path ${:var} 1 2;
-
-      location / {
-        alias ${directory:csr_id}/;
-        autoindex off;
-        sendfile on;
-        sendfile_max_chunk 1m;
-      }
-    }
-  }
-
-[promise-expose-csr_id-ip-port]
+rendered = ${directory:expose-csr-etc}/nginx.conf
+template = {{ software_parameter_dict['template_expose_csr_nginx_conf'] }}
+context =
+  section configuration expose-csr-configuration
+
+[promise-expose-csr-ip-port]
 <= monitor-promise-base
 promise = check_socket_listening
-name = expose-csr_id-ip-port-listening.py
-config-host = ${expose-csr_id-configuration:ip}
-config-port = ${expose-csr_id-configuration:port}
+name = expose-csr-ip-port-listening.py
+config-host = ${expose-csr-configuration:ip}
+config-port = ${expose-csr-configuration:port}
 
-[expose-csr_id]
-depends = ${store-csr_id:command}
+[expose-csr]
 recipe = slapos.cookbook:wrapper
 command-line = {{ software_parameter_dict['nginx'] }}
-  -c ${expose-csr_id-template:rendered}
+  -c ${expose-csr-template:rendered}
+url = https://[${expose-csr-configuration:ip}]:${expose-csr-configuration:port}
 
-wrapper-path = ${directory:service}/expose-csr_id
+wrapper-path = ${directory:service}/expose-csr
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 
-[get-csr_id-certificate]
+[expose-csr-certificate-get]
 recipe = collective.recipe.shelloutput
 commands =
-  certificate = cat ${certificate-csr_id:certificate}
+  certificate = cat ${expose-csr-certificate:certificate}
 
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
@@ -326,8 +288,8 @@ caucase-url = {{ caucase_url }}
 master-key-generate-auth-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}/generateauth
 master-key-upload-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}?auth=
 master-key-download-url = https://[${kedifa-config:ip}]:${kedifa-config:port}/${master-auth-random:passwd}
-csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt
-csr_id-certificate = ${get-csr_id-certificate:certificate}
+kedifa-csr-url = ${expose-csr:url}/${expose-csr-link-csr:filename}
+csr-certificate = ${expose-csr-certificate-get:certificate}
 monitor-base-url = ${monitor-instance-parameter:monitor-base-url}
 
 [promise-logrotate-setup]

software/caddy-frontend/instance-output-schema.json

@@ -46,24 +46,28 @@
       "description": "Total amount of Slaves allocated to the Instance (include blocked ones)",
       "type": "integer"
     },
-    "kedifa-csr_id-url": {
-      "description": "URL on which KeDiFa publishes its csr_id sent to caucase.",
+    "kedifa-csr-url": {
+      "description": "URL on which KeDiFa publishes its CSR sent to caucase.",
       "type": "string"
     },
-    "kedifa-csr_id-certificate": {
-      "description": "Certificate used to serve data on kedifa-csr_id-url.",
+    "kedifa-csr-certificate": {
+      "description": "Certificate used to serve data on kedifa-csr-url.",
       "type": "string"
     },
     "kedifa-caucase-url": {
       "description": "Url to caucase used by KeDiFa.",
       "type": "string"
     },
-    "caddy-frontend-N-csr_id-url": {
-      "description": "URL on which frontend node number N publishes its csr_id sent to caucase.",
+    "caddy-frontend-N-kedifa-csr-url": {
+      "description": "URL on which frontend node number N publishes its Kedifa CSR sent to caucase.",
       "type": "string"
     },
-    "caddy-frontend-N-csr_id-certificate": {
-      "description": "Certificate used to serve data on caddy-frontend-N-csr_id-url.",
+    "caddy-frontend-N-backend-client-csr-url": {
+      "description": "URL on which frontend node number N publishes its Backend Client CSR sent to caucase.",
+      "type": "string"
+    },
+    "caddy-frontend-N-csr-certificate": {
+      "description": "Certificate used to serve data on CSRs.",
       "type": "string"
     },
     "warning-slave-dict": {

software/caddy-frontend/setup.py

@@ -9,10 +9,15 @@ setup(
     'validators',
     'furl',
     'orderedmultidict',
+    'caucase',
   ],
   entry_points={
     'zc.buildout': [
       'default = caddyprofiledummy:Recipe',
+    ],
+    'console_scripts': [
+      'smart-caucase-signer = caddyprofiledummy:smart_sign',
+      'caucase-csr-sign-check = caddyprofiledummy:caucase_csr_sign_check'
     ]
   }
 )

software/caddy-frontend/software.cfg

@@ -99,6 +99,7 @@ template_trafficserver_records_config = ${template-trafficserver-records-config:
 template_trafficserver_storage_config = ${template-trafficserver-storage-config:target}
 template_validate_script = ${template-validate-script:target}
 template_wrapper = ${template-wrapper:output}
+template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
 
 # directories
 bin_directory = ${buildout:bin-directory}
@@ -123,6 +124,8 @@ kedifa-updater = ${:bin_directory}/kedifa-updater
 kedifa-csr = ${:bin_directory}/kedifa-csr
 xz_location = ${xz-utils:location}
 htpasswd = ${:bin_directory}/htpasswd
+smart_caucase_signer = ${:bin_directory}/smart-caucase-signer
+caucase_csr_sign_check = ${:bin_directory}/caucase-csr-sign-check
 
 [template]
 recipe = slapos.recipe.template:jinja2
@@ -203,6 +206,9 @@ output = ${buildout:directory}/template-wrapper.cfg
 [template-backend-haproxy-rsyslogd-conf]
 <=download-template
 
+[template-expose-csr-nginx-conf]
+<=download-template
+
 [versions]
 kedifa = 0.0.6
 # Modern KeDiFa requires zc.lockfile

software/caddy-frontend/templates/apache-custom-slave-list.cfg.in

@@ -453,9 +453,9 @@ recipe = slapos.cookbook:publish.serialised
 slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
 {%- endif %}
 monitor-base-url = {{ monitor_base_url }}
-csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt
-backend-client-csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/backend-haproxy-csr_id.txt
-csr_id-certificate = ${get-csr_id-certificate:certificate}
+kedifa-csr-url = ${expose-csr:url}/${expose-csr-link-csr-kedifa:filename}
+backend-client-csr-url = ${expose-csr:url}/${expose-csr-link-csr-backend-haproxy:filename}
+csr-certificate = ${expose-csr-certificate-get:certificate}
 {%-   set furled = furl_module.furl(backend_haproxy_configuration['statistic-frontend-secure_access']) %}
 {%-   do furled.set(username = backend_haproxy_configuration['statistic-username']) %}
 {%-   do furled.set(password = backend_haproxy_configuration['statistic-password']) %}
@@ -514,23 +514,23 @@ request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
 backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
 backend-connect-retries =  {{ dumps('' ~ configuration['backend-connect-retries']) }}
 
-[store-backend-haproxy-csr_id]
+[template-expose-csr-link-csr]
 recipe = plone.recipe.command
-
-csr_id_path = {{ directory['csr_id'] }}/backend-haproxy-csr_id.txt
-csr_work_path = {{ directory['tmp'] }}/${:_buildout_section_name_}
-
 stop-on-error = False
 update-command = ${:command}
+csr_path = {{ directory['expose-csr'] }}/${:filename}
 command =
-  [ -f ${:csr_id_path} ] && exit 0
-  {{ software_parameter_dict['bin_directory'] }}/caucase \
-    --ca-url {{ backend_haproxy_configuration['caucase-url'] }} \
-    --ca-crt {{ backend_haproxy_configuration['cas-ca-certificate'] }} \
-    --crl {{ backend_haproxy_configuration['crl'] }} \
-    --mode service \
-    --send-csr {{ backend_haproxy_configuration['csr'] }} > ${:csr_work_path} && \
-  cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path}
+  ln -sf ${:csr} ${:csr_path}
+
+[expose-csr-link-csr-backend-haproxy]
+<= template-expose-csr-link-csr
+filename = backend-haproxy-csr.pem
+csr = {{ backend_haproxy_configuration['csr'] }}
+
+[expose-csr-link-csr-kedifa]
+<= template-expose-csr-link-csr
+filename = kedifa-csr.pem
+csr = {{ kedifa_configuration['csr'] }}
 
 ##<Backend haproxy>
 
@@ -551,33 +551,14 @@ parts +=
     publish-caddy-information
     tunnel-6to4-base-http_port
     tunnel-6to4-base-https_port
-    expose-csr_id
-    promise-expose-csr_id-ip-port
+    promise-expose-csr-ip-port
 
 cache-access = {{ cache_access }}
 
-[store-csr_id]
+[expose-csr-certificate]
 recipe = plone.recipe.command
-
-csr_id_path = {{ directory['csr_id'] }}/csr_id.txt
-csr_work_path = {{ directory['tmp'] }}/${:_buildout_section_name_}
-
-stop-on-error = False
-update-command = ${:command}
-command =
-  [ -f ${:csr_id_path} ] && exit 0
-  {{ software_parameter_dict['bin_directory'] }}/caucase \
-    --ca-url {{ kedifa_configuration['caucase-url'] }} \
-    --ca-crt {{ kedifa_configuration['cas-ca-certificate'] }} \
-    --crl {{ kedifa_configuration['crl'] }} \
-    --mode service \
-    --send-csr {{ kedifa_configuration['csr'] }} > ${:csr_work_path} && \
-  cut -d ' ' -f 1 ${:csr_work_path} > ${:csr_id_path}
-
-[certificate-csr_id]
-recipe = plone.recipe.command
-certificate = {{ directory['certificate-csr_id'] }}/certificate.pem
-key = {{ directory['certificate-csr_id'] }}/key.pem
+certificate = {{ directory['expose-csr-etc'] }}/certificate.pem
+key = {{ directory['expose-csr-etc'] }}/key.pem
 
 {#- Can be stopped on error, as does not rely on self provided service #}
 stop-on-error = True
@@ -585,76 +566,48 @@ update-command = ${:command}
 command =
   if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then
     openssl req -new -newkey rsa:2048 -sha256 -subj \
-      "/O={{ expose_csr_id_organization }}/OU={{ expose_csr_id_organizational_unit }}/CN=${slap-configuration:ipv6-random}" \
+      "/O={{ expose_csr_organization }}/OU={{ expose_csr_organizational_unit }}/CN=${slap-configuration:ipv6-random}" \
       -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
   fi
 
-[expose-csr_id-configuration]
+[expose-csr-configuration]
 ip = ${slap-configuration:ipv6-random}
 port = 17001
-key = ${certificate-csr_id:key}
-certificate = ${certificate-csr_id:certificate}
-error-log = {{ directory['log'] }}/expose-csr_id.log
-
-[expose-csr_id-template]
+key = ${expose-csr-certificate:key}
+certificate = ${expose-csr-certificate:certificate}
+error-log = {{ directory['log'] }}/expose-csr.log
+var = {{ directory['expose-csr-var'] }}
+pid = {{ directory['var'] }}/nginx-expose-csr.pid
+root = {{ directory['expose-csr'] }}
+nginx_mime = {{ software_parameter_dict['nginx_mime'] }}
+
+[expose-csr-template]
 recipe = slapos.recipe.template:jinja2
-var = {{ directory['expose-csr_id-var'] }}
-pid = {{ directory['var'] }}/nginx-expose-csr_id.pid
-rendered = {{ directory['etc'] }}/nginx-expose-csr_id.conf
-template = inline:
-  daemon off;
-  pid ${:pid};
-  error_log ${expose-csr_id-configuration:error-log};
-  events {
-  }
-  http {
-    include {{ software_parameter_dict['nginx_mime'] }};
-    server {
-      server_name_in_redirect off;
-      port_in_redirect off;
-      error_log ${expose-csr_id-configuration:error-log};
-      access_log /dev/null;
-      listen [${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port} ssl;                                                          
-      ssl_certificate ${expose-csr_id-configuration:certificate};
-      ssl_certificate_key ${expose-csr_id-configuration:key};
-      default_type application/octet-stream;
-      client_body_temp_path ${:var} 1 2;
-      proxy_temp_path ${:var} 1 2;
-      fastcgi_temp_path ${:var} 1 2;
-      uwsgi_temp_path ${:var} 1 2;
-      scgi_temp_path ${:var} 1 2;
-
-      location / {
-        alias {{ directory['csr_id'] }}/;
-        autoindex off;
-        sendfile on;
-        sendfile_max_chunk 1m;
-      }
-    }
-  }
-
-[promise-expose-csr_id-ip-port]
+rendered = {{ directory['expose-csr-etc'] }}/nginx.conf
+template = {{ template_expose_csr_nginx_conf }}
+context =
+  section configuration expose-csr-configuration
+
+[promise-expose-csr-ip-port]
 <= monitor-promise-base
 promise = check_socket_listening
-name = expose-csr_id-ip-port-listening.py
-config-host = ${expose-csr_id-configuration:ip}
-config-port = ${expose-csr_id-configuration:port}
-
-[expose-csr_id]
-depends =
-  ${store-csr_id:command}
-  ${store-backend-haproxy-csr_id:command}
+name = expose-csr-ip-port-listening.py
+config-host = ${expose-csr-configuration:ip}
+config-port = ${expose-csr-configuration:port}
+
+[expose-csr]
 recipe = slapos.cookbook:wrapper
 command-line = {{ software_parameter_dict['nginx'] }}
-  -c ${expose-csr_id-template:rendered}
+  -c ${expose-csr-template:rendered}
+url = https://[${expose-csr-configuration:ip}]:${expose-csr-configuration:port}
 
-wrapper-path = {{ directory['service'] }}/expose-csr_id
+wrapper-path = {{ directory['service'] }}/expose-csr
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 
-[get-csr_id-certificate]
+[expose-csr-certificate-get]
 recipe = collective.recipe.shelloutput
 commands =
-  certificate = cat ${certificate-csr_id:certificate}
+  certificate = cat ${expose-csr-certificate:certificate}
 
 [promise-logrotate-setup]
 <= monitor-promise-base

software/caddy-frontend/templates/expose-csr-nginx.conf.in

+daemon off;
+pid {{ configuration['pid'] }};
+error_log {{ configuration['error-log'] }};
+events {
+}
+http {
+  include {{ configuration['nginx_mime'] }};
+  server {
+    server_name_in_redirect off;
+    port_in_redirect off;
+    error_log {{ configuration['error-log'] }};
+    access_log /dev/null;
+    listen [{{ configuration['ip'] }}]:{{ configuration['port'] }} ssl;
+    ssl_certificate {{ configuration['certificate'] }};
+    ssl_certificate_key {{ configuration['key'] }};
+    default_type application/octet-stream;
+    client_body_temp_path {{ configuration['var'] }} 1 2;
+    proxy_temp_path {{ configuration['var'] }} 1 2;
+    fastcgi_temp_path {{ configuration['var'] }} 1 2;
+    uwsgi_temp_path {{ configuration['var'] }} 1 2;
+    scgi_temp_path {{ configuration['var'] }} 1 2;
+
+    location / {
+      alias {{ configuration['root'] }}/;
+      autoindex off;
+      sendfile on;
+      sendfile_max_chunk 1m;
+    }
+  }
+}

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_dummy-cached_access_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_dummy-cached_access_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_dummy-cached_access_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_dummy-cached_access_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_etc_cron_d-CADDY.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_log-CADDY.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
+T-2/var/log/expose-csr.log
+T-2/var/log/frontend-access.log
+T-2/var/log/frontend-error.log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/slave-introspection-access.log
+T-2/var/log/slave-introspection-error.log
+T-2/var/log/trafficserver/manager.log

software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_plugin-CADDY.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
+T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-logrotate-setup.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend-haproxy-statistic-frontend.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caddy_frontend_ipv4_http.py
+T-2/etc/plugin/caddy_frontend_ipv4_https.py
+T-2/etc/plugin/caddy_frontend_ipv6_http.py
+T-2/etc/plugin/caddy_frontend_ipv6_https.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
+T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-logrotate-setup.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/slave-introspection-configuration.py
+T-2/etc/plugin/slave_introspection_https.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_run-CADDY.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid
+T-2/var/run/slave-introspection.pid
+T-2/var/run/slave_introspection_configuration_last_state
+T-2/var/run/slave_introspection_graceful_configuration_state_signature

software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_supervisor_state-CADDY.txt

+T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
+T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
+T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
+T-2:slave-introspection-safe-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/monitor-httpd-access.log

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/monitor-httpd-access.log

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_default_access_log

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_default_access_log

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_replicate_access_log
@@ -18,7 +18,7 @@ T-2/var/log/slave-introspection-access.log
 T-2/var/log/slave-introspection-error.log
 T-2/var/log/trafficserver/manager.log
 T-3/var/log/backend-haproxy.log
-T-3/var/log/expose-csr_id.log
+T-3/var/log/expose-csr.log
 T-3/var/log/frontend-access.log
 T-3/var/log/frontend-error.log
 T-3/var/log/httpd/_replicate_access_log

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -15,7 +17,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -34,7 +36,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
@@ -58,7 +60,7 @@ T-3/etc/plugin/caddy_frontend_ipv6_http.py
 T-3/etc/plugin/caddy_frontend_ipv6_https.py
 T-3/etc/plugin/caucase-updater.py
 T-3/etc/plugin/check-free-disk-space.py
-T-3/etc/plugin/expose-csr_id-ip-port-listening.py
+T-3/etc/plugin/expose-csr-ip-port-listening.py
 T-3/etc/plugin/frontend-caddy-configuration-promise.py
 T-3/etc/plugin/monitor-bootstrap-status.py
 T-3/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
@@ -46,7 +46,7 @@ T-3:backend-haproxy-safe-graceful EXITED
 T-3:bootstrap-monitor EXITED
 T-3:certificate_authority-{hash-generic}-on-watch STOPPED
 T-3:crond-{hash-generic}-on-watch STOPPED
-T-3:expose-csr_id-{hash-generic}-on-watch STOPPED
+T-3:expose-csr-{hash-generic}-on-watch STOPPED
 T-3:frontend-caddy-safe-graceful EXITED
 T-3:frontend_caddy-{hash-caddy-T-3}-on-watch STOPPED
 T-3:kedifa-login-certificate-caucase-updater-on-watch STOPPED

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_Url_access_log
@@ -58,9 +58,9 @@ T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
-T-2/var/log/httpd/_enable_cache-https-only_access_log
-T-2/var/log/httpd/_enable_cache-https-only_backend_log
-T-2/var/log/httpd/_enable_cache-https-only_error_log
+T-2/var/log/httpd/_enable_cache-https-only-false_access_log
+T-2/var/log/httpd/_enable_cache-https-only-false_backend_log
+T-2/var/log/httpd/_enable_cache-https-only-false_error_log
 T-2/var/log/httpd/_enable_cache_access_log
 T-2/var/log/httpd/_enable_cache_backend_log
 T-2/var/log/httpd/_enable_cache_custom_domain_access_log

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -35,7 +37,7 @@ T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
 T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlave.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_default_ciphers_access_log

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_Url_access_log
@@ -58,9 +58,9 @@ T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
-T-2/var/log/httpd/_enable_cache-https-only_access_log
-T-2/var/log/httpd/_enable_cache-https-only_backend_log
-T-2/var/log/httpd/_enable_cache-https-only_error_log
+T-2/var/log/httpd/_enable_cache-https-only-false_access_log
+T-2/var/log/httpd/_enable_cache-https-only-false_backend_log
+T-2/var/log/httpd/_enable_cache-https-only-false_error_log
 T-2/var/log/httpd/_enable_cache_access_log
 T-2/var/log/httpd/_enable_cache_backend_log
 T-2/var/log/httpd/_enable_cache_custom_domain_access_log

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -35,7 +37,7 @@ T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
 T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_health-check-connect_access_log

software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_wildcard_access_log

software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_log-CADDY.txt

 T-0/var/log/monitor-httpd-access.log
 T-0/var/log/monitor-httpd-error.log
 T-0/var/log/slapgrid-T-0-error.log
-T-1/var/log/expose-csr_id.log
+T-1/var/log/expose-csr.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
-T-2/var/log/expose-csr_id.log
+T-2/var/log/expose-csr.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_ssl_from_master_access_log

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
 T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
 T-0/etc/plugin/caucased-backend-client.py
@@ -14,7 +16,7 @@ T-1/etc/plugin/__init__.py
 T-1/etc/plugin/buildout-T-1-status.py
 T-1/etc/plugin/caucased.py
 T-1/etc/plugin/check-free-disk-space.py
-T-1/etc/plugin/expose-csr_id-ip-port-listening.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
 T-1/etc/plugin/kedifa-http-reply.py
 T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
@@ -33,7 +35,7 @@ T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
-T-2/etc/plugin/expose-csr_id-ip-port-listening.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
 T-2/etc/plugin/frontend-caddy-configuration-promise.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_supervisor_state-CADDY.txt

@@ -12,7 +12,7 @@ T-1:caucase-updater-on-watch RUNNING
 T-1:caucased-{hash-generic}-on-watch RUNNING
 T-1:certificate_authority-{hash-generic}-on-watch RUNNING
 T-1:crond-{hash-generic}-on-watch RUNNING
-T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
 T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -26,7 +26,7 @@ T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
-T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
 T-2:frontend-caddy-safe-graceful EXITED
 T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING

software/kvm/buildout.hash.cfg

@@ -19,7 +19,7 @@ md5sum = 087f226ba90928dcc5a722d7008c867a
 
 [template-kvm]
 filename = instance-kvm.cfg.jinja2
-md5sum = baa3ee5b653731124bfc2ac2fa835787
+md5sum = 2ff55931eab48f7992e8e1cb16b44b95
 
 [template-kvm-cluster]
 filename = instance-kvm-cluster.cfg.jinja2.in
@@ -55,7 +55,7 @@ md5sum = a8cf453d20f01c707f02c4b4014580d8
 
 [template-kvm-run]
 filename = template/template-kvm-run.in
-md5sum = 875261817970d0f83335824373288b9d
+md5sum = 395ee373ccda3382d257fde1ff4222b0
 
 [template-kvm-controller]
 filename = template/kvm-controller-run.in
@@ -79,11 +79,11 @@ md5sum = d57764bb7135037b4d21543b2f56ce1d
 
 [image-download-controller]
 filename = template/image-download-controller.py
-md5sum = 9c67058edcc4edae0b57956c0932a9fc
+md5sum = 4d48b3da5bc611fc6533335b5953c840
 
 [image-download-config-creator]
 filename = template/image-download-config-creator.py
-md5sum = 54261e418ab9860efe73efd514c4d47f
+md5sum = 8fbe05c4175a7f31b6bffced9ad4e91d
 
 [whitelist-firewall-download-controller]
 filename = template/whitelist-firewall-download-controller.py

software/kvm/instance-kvm.cfg.jinja2

@@ -162,7 +162,8 @@ config-filename = ${boot-image-url-select-json-config:error-state-file}
 # wrapper to execute boot-image-url-select-download on each run
 recipe = slapos.cookbook:wrapper
 wrapper-path = ${directory:scripts}/boot-image-url-select-updater
-command-line = {{ python_executable }} {{ image_download_controller }} ${boot-image-url-select-json-config:rendered} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${boot-image-url-select-processed-config:processed-md5sum}
+command-line = {{ python_executable }} {{ image_download_controller }} ${:config} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${boot-image-url-select-processed-config:processed-md5sum}
+config = ${boot-image-url-select-json-config:rendered}
 md5sum-state-filename = boot-image-url-select-download-controller-md5sum-fail.json
 md5sum-state-file = ${directory:boot-image-url-select-expose}/${:md5sum-state-filename}
 error-state-filename = boot-image-url-select-download-controller-error.text
@@ -258,7 +259,8 @@ config-filename = ${boot-image-url-list-json-config:error-state-file}
 # wrapper to execute boot-image-url-list-download on each run
 recipe = slapos.cookbook:wrapper
 wrapper-path = ${directory:scripts}/boot-image-url-list-updater
-command-line = {{ python_executable }} {{ image_download_controller }} ${boot-image-url-list-json-config:rendered} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${boot-image-url-list-processed-config:processed-md5sum}
+command-line = {{ python_executable }} {{ image_download_controller }} ${:config} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${boot-image-url-list-processed-config:processed-md5sum}
+config = ${boot-image-url-list-json-config:rendered}
 md5sum-state-filename = boot-image-url-list-download-controller-md5sum-fail.json
 md5sum-state-file = ${directory:boot-image-url-list-expose}/${:md5sum-state-filename}
 error-state-filename = boot-image-url-list-download-controller-error.text
@@ -355,7 +357,8 @@ config-filename = ${virtual-hard-drive-url-json-config:error-state-file}
 # wrapper to execute virtual-hard-drive-url-download on each run
 recipe = slapos.cookbook:wrapper
 wrapper-path = ${directory:scripts}/virtual-hard-drive-url-updater
-command-line = {{ python_executable }} {{ image_download_controller }} ${virtual-hard-drive-url-json-config:rendered} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${virtual-hard-drive-url-processed-config:processed-md5sum}
+command-line = {{ python_executable }} {{ image_download_controller }} ${:config} {{ curl_executable_location }} ${:md5sum-state-file} ${:error-state-file} ${virtual-hard-drive-url-processed-config:processed-md5sum}
+config = ${virtual-hard-drive-url-json-config:rendered}
 md5sum-state-filename = virtual-hard-drive-url-download-controller-md5sum-fail.json
 md5sum-state-file = ${directory:virtual-hard-drive-url-expose}/${:md5sum-state-filename}
 error-state-filename = virtual-hard-drive-url-download-controller-error.text
@@ -547,13 +550,13 @@ command = [ ! -f {{ '${' + key + '}' }} ] && touch {{ '${' +  key + '}' }}
 {%- endmacro %}
 {#- Create depending sections, as state files appear late, so it's better to have empty file which will impact the hash anyway #}
 {%- if boot_image_url_list_enabled %}
-{{    generate_depend_section('boot-image-url-list-depend', 'boot-image-url-list-download-wrapper:md5sum-state-file') }}
+{{    generate_depend_section('boot-image-url-list-depend', 'boot-image-url-list-download-wrapper:config') }}
 {%- endif %}
 {%- if boot_image_url_select_enabled %}
-{{    generate_depend_section('boot-image-url-select-depend', 'boot-image-url-select-download-wrapper:md5sum-state-file') }}
+{{    generate_depend_section('boot-image-url-select-depend', 'boot-image-url-select-download-wrapper:config') }}
 {%- endif %}
 {%- if virtual_hard_drive_url_enabled %}
-{{    generate_depend_section('virtual-hard-drive-url-depend', 'virtual-hard-drive-url-download-wrapper:md5sum-state-file') }}
+{{    generate_depend_section('virtual-hard-drive-url-depend', 'virtual-hard-drive-url-download-wrapper:config') }}
 {%- endif %}
 
 [kvm-instance]

software/kvm/template/image-download-config-creator.py

@@ -51,7 +51,7 @@ if __name__ == "__main__":
           'url': url,
           'destination': md5sum,
           'destination-tmp': md5sum + '_tmp',
-          'link': 'image_%03i' % (image_number,),
+          'image-number': '%03i' % (image_number,),
         })
       else:
         print('INF: checksum %s repeated, used url %s' % (url, ))

software/kvm/template/image-download-controller.py

@@ -41,11 +41,13 @@ if __name__ == "__main__":
     print('ERR: There are problems with configuration')
 
   print('INF: Storing errors in %s' % (error_state_file,))
+  # switch to error state during image download
+  with open(error_state_file, 'w') as fh:
+    fh.write('\n'.join(['INF Download in progress']))
   # clean the destination directory
   file_to_keep_list = []
   for image in config['image-list']:
     file_to_keep_list.append(image['destination'])
-    file_to_keep_list.append(image['link'])
   for fname in os.listdir(config['destination-directory']):
     if fname not in file_to_keep_list:
       print('INF: Removing obsolete %s' % (fname,))
@@ -118,20 +120,6 @@ if __name__ == "__main__":
       os.rename(destination_tmp, destination)
       print('INF: %s : Stored with checksum %s' % (
         image['url'], image['md5sum']))
-  for image in config['image-list']:
-    destination = os.path.join(
-      config['destination-directory'], image['destination'])
-    link = os.path.join(config['destination-directory'], image['link'])
-    if os.path.exists(destination):
-      if os.path.lexists(link):
-        if not os.path.islink(link):
-          os.remove(link)
-        if os.path.islink(link) and os.readlink(link) != destination:
-            os.remove(link)
-      if not os.path.lexists(link):
-        print('INF: %s : Symlinking %s -> %s' % (
-          image['url'], link, destination))
-        os.symlink(destination, link)
   with open(md5sum_fail_file, 'w') as fh:
     if new_md5sum_state_dict != {}:
       json.dump(new_md5sum_state_dict, fh, indent=2)

software/kvm/template/template-kvm-run.in

@@ -329,6 +329,22 @@ if cpu_model:
   if rgx.match(cpu_model):
     kvm_argument_list.extend(['-cpu', cpu_model])
 
+def handle_image(config, name):
+  with open(config) as fh:
+    image_config = json.load(fh)
+  if image_config['error-amount'] == 0:
+    for image in sorted(image_config['image-list'], key=lambda k: k['image-number']):
+      destination = os.path.join(image_config['destination-directory'], image['destination'])
+      if os.path.exists(destination):
+        kvm_argument_list.extend([
+          '-drive',
+          'file=%s,media=cdrom' % (destination,)
+        ])
+      else:
+       raise ValueError('%s not ready yet' % (name,))
+  else:
+    raise ValueError('%s not ready yet' % (name,))
+
 # Try to connect to NBD server (and second nbd if defined).
 # If not available, don't even specify it in qemu command line parameters.
 # Reason: if qemu starts with unavailable NBD drive, it will just crash.
@@ -350,33 +366,10 @@ else:
   #       Debian installation CDs, rendering it uninstallable
   if boot_image_url_select_json_config:
     # Support boot-image-url-select
-    with open(boot_image_url_select_json_config) as fh:
-      image_config = json.load(fh)
-    if image_config['error-amount'] == 0:
-      for image in sorted(image_config['image-list'], key=lambda k: k['link']):
-        link = os.path.join(image_config['destination-directory'], image['link'])
-        if os.path.exists(link) and os.path.islink(link):
-          kvm_argument_list.extend([
-            '-drive',
-            'file=%s,media=cdrom' % (link,)
-          ])
-    else:
-      raise ValueError('boot-image-url-select not ready yet')
-
+    handle_image(boot_image_url_select_json_config, 'boot-image-url-select')
   if boot_image_url_list_json_config:
     # Support boot-image-url-list
-    with open(boot_image_url_list_json_config) as fh:
-      image_config = json.load(fh)
-    if image_config['error-amount'] == 0:
-      for image in sorted(image_config['image-list'], key=lambda k: k['link']):
-        link = os.path.join(image_config['destination-directory'], image['link'])
-        if os.path.exists(link) and os.path.islink(link):
-          kvm_argument_list.extend([
-            '-drive',
-            'file=%s,media=cdrom' % (link,)
-          ])
-    else:
-      raise ValueError('boot-image-url-list not ready yet')
+    handle_image(boot_image_url_list_json_config, 'boot-image-url-list')
   # Always add by default the default image
   kvm_argument_list.extend([
       '-drive', 'file=%s,media=cdrom' % default_cdrom_iso

software/matomo/apache-httpd.conf.in

+<VirtualHost *:{{ parameter_dict['port'] }}>
+  ServerAdmin admin@example.com
+  DocumentRoot {{ parameter_dict['document-root'] }}/matomo
+
+  SetEnvIf Origin "^http(s)?://(.+\.)?(app\.officejs\.com)$" ORIGIN_DOMAIN=$0
+  Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
+  Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
+  Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
+  Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
+  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+
+  <Directory {{ parameter_dict['document-root'] }}>
+      Options +FollowSymlinks
+      AllowOverride All
+      Require all granted
+      SetEnv HOME {{ parameter_dict['document-root'] }}
+      SetEnv HTTP_HOME {{ parameter_dict['document-root'] }}
+      Dav off
+
+  </Directory>
+  ErrorLog "{{ parameter_dict['log-dir'] }}/matomo-error.log"
+  CustomLog "{{ parameter_dict['log-dir'] }}/matomo-access.log" combined
+
+</VirtualHost>

software/matomo/buildout.hash.cfg

+# THIS IS NOT A BUILDOUT FILE, despite purposedly using a compatible syntax.
+# The only allowed lines here are (regexes):
+# - "^#" comments, copied verbatim
+# - "^[" section beginings, copied verbatim
+# - lines containing an "=" sign which must fit in the following categorie.
+#   - "^\s*filename\s*=\s*path\s*$" where "path" is relative to this file
+#     Copied verbatim.
+#   - "^\s*hashtype\s*=.*" where "hashtype" is one of the values supported
+#     by the re-generation script.
+#     Re-generated.
+# - other lines are copied verbatim
+# Substitution (${...:...}), extension ([buildout] extends = ...) and
+# section inheritance (< = ...) are NOT supported (but you should really
+# not need these here).
+
+[template-apache-httpd]
+filename = apache-httpd.conf.in
+md5sum = 9940e05d5e624a7884f4e6e062355798
+
+[template-matomo-instance]
+filename = matomo-instance.cfg.in
+md5sum = cd5d8b83fef478b2fbb4ccc9489f47ed
+
+[template-matomo-backup.sh]
+filename = matomo-backup.sh.in
+md5sum = d11e34a576e580d4253fbe787f85e5cc

software/matomo/matomo-backup.sh.in

+#!/bin/bash
+
+set -e
+set -x
+
+#checkout if directory and matomo resources exist
+
+if [ ! -d {{ parameter_dict['document-root'] }}/matomo/config ]; then
+  exit 1;
+fi
+
+if [ ! -f {{ parameter_dict['document-root'] }}/matomo/config/config.ini.php ]; then
+  exit 0;
+fi
+
+#create plugins backup file
+touch {{ parameter_dict['dir-backup'] }}/plugins_list
+
+#remove backup file before
+if [ -d {{ parameter_dict['dir-backup'] }}/config ]; then     
+  rm -rf {{ parameter_dict['dir-backup'] }}/config   
+fi  
+
+if [ -d {{ parameter_dict['dir-backup'] }}/plugins ]; then     
+  rm -rf {{ parameter_dict['dir-backup'] }}/plugins   
+fi    
+
+#backup
+{{ php_bin }} {{ parameter_dict['document-root'] }}/matomo/console plugin:list > {{ parameter_dict['dir-backup'] }}/plugins_list
+cp -rf {{ parameter_dict['document-root'] }}/matomo/config {{ parameter_dict['dir-backup'] }}
+cp -rf {{ parameter_dict['document-root'] }}/matomo/plugins {{ parameter_dict['dir-backup'] }}
+exit 0

software/matomo/matomo-instance.cfg.in

+# parameters required by the configuration instance
+[instance-parameter]
+matomo = ${:document-root}
+dir-backup = ${directory:backup}
+
+#php.ini parameters
+php.memory_limit = 512M
+php.date.timezone = Europe/Paris
+php.upload_max_filesize = 10240M
+php.post_max_size = 10240M
+php.session.cookie_secure = True
+php.max_execution_time = 1800
+php.max_input_time = 3600
+php.output_buffering = 'Off'
+php.max_file_uploads = 100
+
+[php-bin]
+recipe = slapos.cookbook:wrapper
+wrapper-path = ${directory:bin}/php
+command-line = ${instance-parameter:php-bin} -c ${php.ini-conf:rendered} 
+
+[matomo-backup-cron]
+recipe = slapos.cookbook:cron.d
+cron-entries = ${cron:cron-entries}
+name = matomo-backup
+frequency = 0 0 * * *
+command = ${matomo-backup.sh:rendered}
+
+[matomo-apache-httpd]
+recipe = slapos.recipe.template:jinja2
+template = {{ matomo_apache_httpd }}
+rendered = ${directory:apache.d}/matomo.conf
+context =
+  section parameter_dict apache-php-configuration
+
+[matomo-backup.sh]
+recipe = slapos.recipe.template:jinja2
+template = {{ matomo_backup_sh }}
+rendered = ${directory:scripts}/matomo-backup
+context =
+  section parameter_dict instance-parameter
+  key php_bin php-bin:wrapper-path
+depends =
+  ${matomo-apache-httpd:recipe}
+  ${matomo-backup-cron:recipe}
+
+[slap-parameter]
+instance.cli-url = ${apache-php-configuration:url}
+
+
+

software/matomo/software.cfg

+[buildout]
+extends =
+  buildout.hash.cfg
+#apache-php mariadb zilb ...
+  ../../stack/lamp/buildout.cfg
+# "slapos" stack describes basic things needed for 99.9% of SlapOS Software
+  ../../stack/slapos.cfg
+  
+parts =
+# Call installation of slapos.cookbook egg defined in stack/slapos.cfg (needed
+# in 99,9% of Slapos Software Releases)
+  slapos-cookbook
+# to create file instance-matomo.cfg in instance of apache-php
+  template-matomo-instance
+# to create file instance.cfg of all instances
+  instance
+
+# download bas
+# inherited by modules that need to download files
+[matomo-download]
+recipe = slapos.recipe.build:download
+url = ${:_profile_base_location_}/${:filename}
+
+# download matomo
+# The specific process of downloading and decompressing is defined in stack lamp
+[application]
+url = https://builds.matomo.org/matomo-4.7.1.zip
+md5sum = 8d592676bc2c0d51363ad7b2caf171fe
+
+# give the location of the instance-matomo.cfg fil
+# Without it the instance-matomo.cfg file will not be executed
+[custom-application-deployment]
+path = ${template-matomo-instance:rendered}
+part-list = matomo-backup.sh
+
+[template-matomo-instance]
+recipe = slapos.recipe.template:jinja2
+template = ${:_profile_base_location_}/${:filename}
+rendered = ${buildout:directory}/instance-matomo.cfg
+extensions = jinja2.ext.do
+context =
+          key gzip_location gzip:location
+          key python3_location python3:location
+          key php_location apache-php:location
+          key matomo_apache_httpd template-apache-httpd:target
+          key matomo_backup_sh template-matomo-backup.sh:target
+
+# download apache-httpd.conf.in
+[template-apache-httpd]
+<= matomo-download
+
+# download matomo-backup.sh.in
+[template-matomo-backup.sh] 
+<= matomo-download
+
+

software/matomo/test/README.md

+Tests for matomo software release

software/matomo/test/setup.py

+##############################################################################
+#
+# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+from setuptools import setup, find_packages
+
+version = '0.0.1.dev0'
+name = 'slapos.test.matomo'
+with open("README.md") as f:
+  long_description = f.read()
+
+setup(
+    name=name,
+    version=version,
+    description="Test for SlapOS' matomo",
+    long_description=long_description,
+    long_description_content_type='text/markdown',
+    maintainer="Nexedi",
+    maintainer_email="info@nexedi.com",
+    url="https://lab.nexedi.com/nexedi/slapos",
+    packages=find_packages(),
+    install_requires=[
+        'slapos.core',
+        'slapos.libnetworkcache',
+        'erp5.util',
+        'requests',
+    ],
+    zip_safe=True,
+    test_suite='test',
+)

software/matomo/test/test.py

+##############################################################################
+# coding: utf-8
+#
+# Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 3
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+import os
+import requests
+import glob
+
+from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
+
+setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass(
+    os.path.abspath(
+        os.path.join(os.path.dirname(__file__), '..', 'software.cfg')))
+
+
+class MatomoTestCase(SlapOSInstanceTestCase):
+
+  #check where matomo installed
+  def setUp(self):
+    partition_path_list = glob.glob(os.path.join(self.slap.instance_directory, '*'))
+    for partition_path in partition_path_list:
+      path = os.path.join(partition_path, 'srv/www')
+      if os.path.exists(path):
+        self.matomo_path = path
+        break
+    self.assertTrue(self.matomo_path,"matomo path not found in %r" % (partition_path_list,))
+    self.connection_parameters = self.computer_partition.getConnectionParameterDict()
+
+  #Check if matomo root directory is empty
+  def test_matomo_dir(self):
+    self.assertEqual(os.path.isfile(self.matomo_path),False)
+    
+  #Check deployement matomo works
+  def test_matomo_url_get(self):
+    resp = requests.get(self.connection_parameters['backend-url'], verify=False)
+    self.assertEqual(requests.codes.ok, resp.status_code)
+
+  #Check deployement moniter works
+  def test_monitor_url_get(self):
+    resp = requests.get(self.connection_parameters['monitor-setup-url'], verify=False)
+    self.assertEqual(requests.codes.ok, resp.status_code)
+
+
+

software/ors-amarisoft/buildout.hash.cfg

@@ -28,11 +28,11 @@ md5sum = e4c224da723ad56091f27ed5c0b0bbca
 
 [template-lte-gnb-epc]
 _update_hash_filename_ = instance-gnb-epc.jinja2.cfg
-md5sum = b9a58fa4037d32fc1dc4f5ef89e6211a
+md5sum = b15e678779dee0a26746487990fedc01
 
 [template-lte-gnb]
 _update_hash_filename_ = instance-gnb.jinja2.cfg
-md5sum = 0b74993990a0dfa3c6429dc4ac716826
+md5sum = 9c275dde5c485c05f92a9be053f10593
 
 [template-lte-epc]
 _update_hash_filename_ = instance-epc.jinja2.cfg
@@ -48,7 +48,7 @@ md5sum = 8cac0de54f54236e750ee85b98de8a31
 
 [gnb.jinja2.cfg]
 filename = config/gnb.jinja2.cfg
-md5sum = 28cc9fc7b1fa7cccb16315a732d9a15f
+md5sum = 655186dae112b1baf561ae320ed86eef
 
 [ltelogs.jinja2.sh]
 filename = ltelogs.jinja2.sh

software/ors-amarisoft/config/gnb.jinja2.cfg

@@ -17,7 +17,7 @@
 #define USE_SRS             0
 
 {
-  log_options: "all.level=debug,all.max_size=32",
+  log_options: "all.level=info,all.max_size=32,file.rotate=1G,file.path={{ directory['tmp'] }}",
   log_filename: "{{ directory['log'] }}/gnb.log",
 
   /* Enable remote API and Web interface */
@@ -42,7 +42,7 @@
   ],
   /* GTP bind address (=address of the ethernet interface connected to
      the AMF). Must be modified if the AMF runs on a different host. */
-{% if slapparameter_dict.get('mme_addr', '') %}
+{% if slapparameter_dict.get('amf_addr', '') %}
   gtp_addr: "{{ gtp_addr }}",
 {% else %}
   gtp_addr: "127.0.1.1",

software/ors-amarisoft/instance-gnb-epc.jinja2.cfg

@@ -79,11 +79,11 @@ config-nr_band = {{ dumps(slapparameter_dict["nr_band"]) }}
 {% if slapparameter_dict.get("nr_bandwidth", None) %}
 config-nr_bandwidth = {{ dumps(slapparameter_dict["nr_bandwidth"]) }}
 {% endif %}
-{% if slapparameter_dict.get("mme_addr", None) %}
-config-mme_addr = {{ dumps(slapparameter_dict["mme_addr"]) }}
+{% if slapparameter_dict.get("amf_addr", None) %}
+config-amf_addr = {{ dumps(slapparameter_dict["amf_addr"]) }}
 {% endif %}
-{% if slapparameter_dict.get("enb_id", None) %}
-config-enb_id = {{ dumps(slapparameter_dict["enb_id"]) }}
+{% if slapparameter_dict.get("gnb_id", None) %}
+config-gnb_id = {{ dumps(slapparameter_dict["gnb_id"]) }}
 {% endif %}
 {% if slapparameter_dict.get("gnb_config_link", None) %}
 config-gnb_config_link = {{ dumps(slapparameter_dict["gnb_config_link"]) }}

software/ors-amarisoft/instance-gnb.jinja2.cfg

@@ -5,6 +5,7 @@ parts =
   lte-gnb-config
   lte-enb-service
   sdr-busy-promise
+  remove-tmp
   monitor-base
   publish-connection-information
 
@@ -14,6 +15,11 @@ eggs-directory = {{ eggs_directory }}
 develop-eggs-directory = {{ develop_eggs_directory }}
 offline = true
 
+[remove-tmp]
+# Remove old logs stored in tmp directory to prevent disk from becoming full
+recipe = plone.recipe.command
+command = rm -rf ${directory:tmp}/*
+
 [slap-configuration]
 recipe = slapos.cookbook:slapconfiguration
 computer = {{ slap_connection['computer-id'] }}
@@ -45,6 +51,7 @@ etc = ${:home}/etc
 var = ${:home}/var
 etc = ${:home}/etc
 bin = ${:home}/bin
+tmp = ${:home}/tmp
 run = ${:var}/run
 script = ${:etc}/run
 service = ${:etc}/service

software/slapos-sr-testing/software-py3.cfg

@@ -25,3 +25,4 @@ extra =
   restic-rest-server ${slapos.test.restic_rest_server-setup:setup}
   headless-chromium ${slapos.test.headless-chromium-setup:setup}
   hugo ${slapos.test.hugo-setup:setup}
+  matomo ${slapos.test.matomo-setup:setup}

software/slapos-sr-testing/software.cfg

@@ -145,6 +145,12 @@ setup = ${slapos-repository:location}/software/html5as-base/test/
 egg = slapos.test.hugo
 setup = ${slapos-repository:location}/software/hugo/test/
 
+[slapos.test.matomo-setup]
+<= setup-develop-egg
+egg = slapos.test.matomo
+setup = ${slapos-repository:location}/software/matomo/test/
+
+
 [slapos.test.jupyter-setup]
 <= setup-develop-egg
 egg = slapos.test.jupyter
@@ -282,6 +288,7 @@ extra-eggs =
   ${slapos.test.headless-chromium-setup:egg}
   ${slapos.test.erp5testnode-setup:egg}
   ${slapos.test.hugo-setup:egg}
+  ${slapos.test.matomo-setup:egg}
 
 # We don't name this interpreter `python`, so that when we run slapos node
 # software, installation scripts running `python` use a python without any