Update Release Candidate

component/gcc/buildout.cfg

@@ -71,6 +71,12 @@ patches =
 <= gcc-common
 version = 8.2.0
 md5sum = 4ab282f414676496483b3e1793d07862
+patch-binary = ${patch:location}/bin/patch
+patch-options = -p1
+# glibc-2.31-libsanitizer comes from https://github.com/spack/spack/pull/15403
+patches =
+  ${:_profile_base_location_}/glibc-2.31-libsanitizer-1.patch
+  ${:_profile_base_location_}/glibc-2.31-libsanitizer-2.patch
 
 [gcc-minimal]
 <= gcc-5.5

component/gcc/glibc-2.31-libsanitizer-1.patch

+From ce9568e9e9cf6094be30e748821421e703754ffc Mon Sep 17 00:00:00 2001
+From: Jakub Jelinek <jakub@redhat.com>
+Date: Fri, 8 Nov 2019 19:53:18 +0100
+Subject: [PATCH] backport: re PR sanitizer/92154 (new glibc breaks arm
+ bootstrap due to libsanitizer)
+
+	Backported from mainline
+	2019-10-22  Tamar Christina  <tamar.christina@arm.com>
+
+	PR sanitizer/92154
+	* sanitizer_common/sanitizer_platform_limits_posix.cc:
+	Cherry-pick compiler-rt revision r375220.
+
+From-SVN: r277981
+---
+ libsanitizer/ChangeLog                                   | 9 +++++++++
+ .../sanitizer_common/sanitizer_platform_limits_posix.cc  | 6 +++++-
+ 2 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
+index 6cd4a5bac8b0..06a605ff4670 100644
+--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
++++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
+@@ -1156,8 +1156,12 @@ CHECK_SIZE_AND_OFFSET(ipc_perm, uid);
+ CHECK_SIZE_AND_OFFSET(ipc_perm, gid);
+ CHECK_SIZE_AND_OFFSET(ipc_perm, cuid);
+ CHECK_SIZE_AND_OFFSET(ipc_perm, cgid);
+-#if !defined(__aarch64__) || !SANITIZER_LINUX || __GLIBC_PREREQ (2, 21)
++#if (!defined(__aarch64__) || !SANITIZER_LINUX || __GLIBC_PREREQ (2, 21)) && \
++    !defined(__arm__)
+ /* On aarch64 glibc 2.20 and earlier provided incorrect mode field.  */
++/* On Arm glibc 2.31 and later provide a different mode field, this field is
++   never used by libsanitizer so we can simply ignore this assert for all glibc
++   versions.  */
+ CHECK_SIZE_AND_OFFSET(ipc_perm, mode);
+ #endif
+ 

component/gcc/glibc-2.31-libsanitizer-2.patch

+From 75003cdd23c310ec385344e8040d490e8dd6d2be Mon Sep 17 00:00:00 2001
+From: Jakub Jelinek <jakub@redhat.com>
+Date: Fri, 20 Dec 2019 17:58:35 +0100
+Subject: [PATCH] backport: re PR sanitizer/92154 (new glibc breaks arm
+ bootstrap due to libsanitizer)
+
+	Backported from mainline
+	2019-11-26  Jakub Jelinek  <jakub@redhat.com>
+
+	PR sanitizer/92154
+	* sanitizer_common/sanitizer_platform_limits_posix.h: Cherry-pick
+	llvm-project revision 947f9692440836dcb8d88b74b69dd379d85974ce.
+	* sanitizer_common/sanitizer_platform_limits_posix.cc: Likewise.
+
+From-SVN: r279653
+---
+ libsanitizer/ChangeLog                            | 10 ++++++++++
+ .../sanitizer_platform_limits_posix.cc            |  9 +++------
+ .../sanitizer_platform_limits_posix.h             | 15 +--------------
+ 3 files changed, 14 insertions(+), 20 deletions(-)
+
+diff --git a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
+index 06a605ff4670..d823a12190c0 100644
+--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
++++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
+@@ -1156,12 +1156,9 @@ CHECK_SIZE_AND_OFFSET(ipc_perm, uid);
+ CHECK_SIZE_AND_OFFSET(ipc_perm, gid);
+ CHECK_SIZE_AND_OFFSET(ipc_perm, cuid);
+ CHECK_SIZE_AND_OFFSET(ipc_perm, cgid);
+-#if (!defined(__aarch64__) || !SANITIZER_LINUX || __GLIBC_PREREQ (2, 21)) && \
+-    !defined(__arm__)
+-/* On aarch64 glibc 2.20 and earlier provided incorrect mode field.  */
+-/* On Arm glibc 2.31 and later provide a different mode field, this field is
+-   never used by libsanitizer so we can simply ignore this assert for all glibc
+-   versions.  */
++#if !SANITIZER_LINUX || __GLIBC_PREREQ (2, 31)
++/* glibc 2.30 and earlier provided 16-bit mode field instead of 32-bit
++   on many architectures.  */
+ CHECK_SIZE_AND_OFFSET(ipc_perm, mode);
+ #endif
+ 
+diff --git a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h
+index 73af92af1e8f..6a673a7c9959 100644
+--- a/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h
++++ b/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.h
+@@ -211,26 +211,13 @@ namespace __sanitizer {
+     u64 __unused1;
+     u64 __unused2;
+ #elif defined(__sparc__)
+-#if defined(__arch64__)
+     unsigned mode;
+-    unsigned short __pad1;
+-#else
+-    unsigned short __pad1;
+-    unsigned short mode;
+     unsigned short __pad2;
+-#endif
+     unsigned short __seq;
+     unsigned long long __unused1;
+     unsigned long long __unused2;
+-#elif defined(__mips__) || defined(__aarch64__) || defined(__s390x__)
+-    unsigned int mode;
+-    unsigned short __seq;
+-    unsigned short __pad1;
+-    unsigned long __unused1;
+-    unsigned long __unused2;
+ #else
+-    unsigned short mode;
+-    unsigned short __pad1;
++    unsigned int mode;
+     unsigned short __seq;
+     unsigned short __pad2;
+ #if defined(__x86_64__) && !defined(_LP64)

component/gdbm/buildout.cfg

 [buildout]
+extends =
+  ../patch/buildout.cfg
 parts =
   gdbm
 
 [gdbm]
 recipe = slapos.recipe.cmmi
 shared = true
-version = 1.11
+version = 1.18
 url = ftp://ftp.gnu.org/gnu/gdbm/gdbm-${:version}.tar.gz
-md5sum = 72c832680cf0999caedbe5b265c8c1bd
+md5sum = e316f8e4a3e7e4f23955be65d54fec48
+patch-options = -p1
+patches =
+  ${:_profile_base_location_}/extern_parseopt.patch#30baeaaa0c6a6e6be8cf56a875726619
 configure-options =
   --disable-static
   --enable-libgdbm-compat
+environment =
+  PATH=${patch:location}/bin:%(PATH)s
 # install as parts/gdbm/include/gdbm/*.h etc. because some softwares
 # (eg. python's dbmmodule.c extension) assume the location like this.
 includedir = @@LOCATION@@/include
 make-targets =
   install includedir=${:includedir}/gdbm && rm -f ${:includedir}/*.h && ln -sf gdbm/gdbm.h ${:includedir}/gdbm.h
-# it seems that parallel build sometimes fails for gdbm.
-make-options =
-  -j1

component/gdbm/extern_parseopt.patch

+--- a/src/parseopt.c
++++ b/src/parseopt.c
+@@ -255,8 +255,8 @@
+ }
+ 
+ char *parseopt_program_name;
+-char *parseopt_program_doc;
+-char *parseopt_program_args;
++extern char *parseopt_program_doc;
++extern char *parseopt_program_args;
+ const char *program_bug_address = "<" PACKAGE_BUGREPORT ">";
+ void (*parseopt_help_hook) (FILE *stream);
+ 

component/golang/buildout.cfg

@@ -64,7 +64,7 @@ environment-extra =
 url = https://dl.google.com/go/go1.12.9.src.tar.gz
 md5sum = 6132109d4050da349eadc9f7b0304ef4
 
-# go1.11 needs go1.4 to bootstrap
+# go1.12 needs go1.4 to bootstrap
 environment-extra =
   GOROOT_BOOTSTRAP=${golang14:location}
 
@@ -77,6 +77,15 @@ md5sum = 4ad8b04f962be93a32f3021e6f35b3b9
 environment-extra =
   GOROOT_BOOTSTRAP=${golang14:location}
 
+[golang1.14]
+<= golang-common
+url = https://dl.google.com/go/go1.14.3.src.tar.gz
+md5sum = 6b1fb42d219e2ea8925002013c76d4c7
+
+# go1.14 needs go1.4 to bootstrap
+environment-extra =
+  GOROOT_BOOTSTRAP=${golang14:location}
+
 # ---- infrastructure to build Go workspaces / projects ----
 
 # gowork is a top-level section representing workspace

component/java-jdk/buildout.cfg

+[buildout]
+
+extends = 
+  ../patchelf/buildout.cfg
+  ../zlib/buildout.cfg
+
+parts = 
+  java-jdk
+
+
+[java-jdk]
+recipe = plone.recipe.command
+command = echo "Error: unsupported platform" && false
+stop-on-error = true
+location =
+
+
+[java-jdk:linux and bits64]
+recipe = slapos.recipe.cmmi
+shared = true
+url = https://download.java.net/java/GA/jdk12.0.2/e482c34c86bd4bf8b56c0b35558996b9/10/GPL/openjdk-12.0.2_linux-x64_bin.tar.gz
+md5sum = f5da6f4dec81bdd2a096184ec1d69216
+configure-command = :
+make-binary = :
+pre-install =
+  mkdir -p @@LOCATION@@
+  cp -r * @@LOCATION@@
+post-install =
+  for file in @@LOCATION@@/bin/* ; do
+    echo appending rpath to $file
+	  ${patchelf:location}/bin/patchelf --set-rpath ${:rpath} $file
+  done
+rpath = ${zlib:location}/lib:@@LOCATION@@/lib
+location = @@LOCATION@@

component/patchelf/buildout.cfg

+[buildout]
+extends =
+  ../autoconf/buildout.cfg
+  ../automake/buildout.cfg
+  ../pkgconfig/buildout.cfg
+
+parts = 
+  patchelf
+
+[patchelf]
+recipe = slapos.recipe.cmmi
+shared = true
+url = https://github.com/NixOS/patchelf/archive/0.11.tar.gz
+md5sum = 6cffb77ee7a95bd314d954a6aeb53a02
+pre-configure = 
+  autoreconf -vif
+environment =
+  PATH=${pkgconfig:location}/bin:${autoconf:location}/bin:${automake:location}/bin:%(PATH)s

component/rsyslogd/buildout.cfg

@@ -10,8 +10,8 @@ extends =
 
 [rsyslogd]
 recipe = slapos.recipe.cmmi
-url = https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2004.0.tar.gz
-md5sum = 375a60ab0f461367f84f07a5dbda6de2
+url = https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2006.0.tar.gz
+md5sum = 33de768941953ceeca9d1a437b47891b
 shared = true
 configure-options =
   --disable-klog

component/slapos/obs.cfg

@@ -13,6 +13,10 @@ extensions =
 extends-cache = extends-cache
 download-cache = download-cache
 
+[gcc]
+# force usage of gcc from slapos
+max_version = 0
+
 # Uguu, upstream buildout.cfg must be patched as it works the other way
 # around from a packager point of view at least, thus at the end static
 # path, such as Python HOME directory, are wrong...

slapos/recipe/generic_mysql/mysql.py

@@ -43,7 +43,7 @@ def updateMysql(mysql_upgrade_binary, mysql_binary, mysql_script_file):
         break
       print 'SlapOS initialisation script succesfully applied on database.'
       return
-    sleep = max(sleep+1, 30)
+    sleep = min(sleep+1, 30)
     print 'Sleeping for %ss and retrying' % sleep
     sys.stdout.flush()
     sys.stderr.flush()

software/caddy-frontend/CHANGES.caddy_frontend.rst

+Changes
+=======
+
+Here are listed the most important changes, which might affect upgrades.
+
+1.0.XXX XXXX-XX-XX
+------------------
+
+ * manual customisation of profiles has been dropped, as not used, dropped keys are ``apache_custom_http``, ``apache_custom_https``, ``caddy_custom_http``, ``caddy_custom_https`` from slaves and ``-frontend-authorized-slave-string`` from master
+ * ``re6st-optimal-test`` has been dropped from slave
+ * QUIC is dropped, as was not used and has been superseded by HTTP/3, dropped key is ``enable-quic`` from master
+ * haproxy is used as a gateway to backends:
+
+   * ``automatic-internal-backend-client-caucase-csr`` switch for master is introduced to control it CSR signing
+   * ``proxy-try-duration`` and ``proxy-try-interval`` has been dropped, as Caddy is not used anymore to connect to the backend, and instead ``backend-connect-timeout`` and ``backend-connect-retries`` is used, as it comes from Haproxy
+   * ``backend-client-caucase-url`` is returned in master and slave, so that backends can use caucase to fetch CA from frontend cluster
+   * ``request-timeout`` is supported per slave, as now it became possible
+   * ``authenticate-to-backend`` is added for master and slave, defaulting to False, to have control over cluster default authentication, and make it possible to do it per slave
+
+1.0.149 (2020-05-05)
+--------------------
+
+ * no changes noted

software/caddy-frontend/README.caddy_frontend.rst

@@ -4,7 +4,7 @@ Caddy Frontend
 
 Frontend system using Caddy, based on apache-frontend software release, allowing to rewrite and proxy URLs like myinstance.myfrontenddomainname.com to real IP/URL of myinstance.
 
-Caddy Frontend works using the master instance / slave instance design.  It means that a single main instance of Caddy will be used to act as frontend for many slaves.
+Caddy Frontend works using the master instance / slave instance design. It means that a single main instance of Caddy will be used to act as frontend for many slaves.
 
 Software type
 =============
@@ -21,7 +21,7 @@ About frontend replication
 
 Slaves of the root instance are sent as a parameter to requested frontends which will process them. The only difference is that they will then return the would-be published information to the root instance instead of publishing it. The root instance will then do a synthesis and publish the information to its slaves. The replicate instance only use 5 type of parameters for itself and will transmit the rest to requested frontends.
 
-These parameters are :
+These parameters are:
 
   * ``-frontend-type`` : the type to deploy frontends with. (default to 2)
   * ``-frontend-quantity`` : The quantity of frontends to request (default to "default")
@@ -30,7 +30,7 @@ These parameters are :
   * ``-frontend-software-release-url``: Software release to be used for frontends, default to the current software release
   * ``-sla-i-foo`` : where "i" is the number of the concerned frontend (between 1 and "-frontend-quantity") and "foo" a sla parameter.
 
-for example::
+For example::
 
   <parameter id="-frontend-quantity">3</parameter>
   <parameter id="-frontend-type">custom-personal</parameter>
@@ -170,24 +170,6 @@ This replaces old request parameters:
 (*Note*: They are still supported for backward compatibility, but any value send to the ``key-upload-url`` will supersede information from SlapOS Master.)
 
 
-How to have custom configuration in frontend server - XXX - to be written
-=========================================================================
-
-In your instance directory, you, as sysadmin, can directly edit two
-configuration files that won't be overwritten by SlapOS to customize your
-instance:
-
- * ``$PARTITION_PATH/srv/srv/apache-conf.d/apache_frontend.custom.conf``
- * ``$PARTITION_PATH/srv/srv/apache-conf.d/apache_frontend.virtualhost.custom.conf``
-
-The first one is included in the end of the main apache configuration file.
-The second one is included in the virtualhost of the main apache configuration file.
-
-SlapOS will just create those two files for you, then completely forget them.
-
-*Note*: make sure that the UNIX user of the instance has read access to those
-files if you edit them.
-
 Instance Parameters
 ===================
 
@@ -460,6 +442,18 @@ Then specify in the master instance parameters:
  * set ``port`` to ``443``
  * set ``plain_http_port`` to ``80``
 
+Authentication to the backend
+=============================
+
+The cluster generates CA served by caucase, available with ``backend-client-caucase-url`` return parameter.
+
+Then, each slave configured with ``authenticate-to-backend`` to true, will use a certificate signed by this CA while accessing https backend.
+
+This allows backends to:
+
+ * restrict access only from some frontend clusters
+ * trust values (like ``X-Forwarded-For``) sent by the frontend
+
 Technical notes
 ===============
 
@@ -472,11 +466,22 @@ Instantiating caddy-frontend results with a cluster in various partitions:
  * kedifa (contains kedifa server)
  * caddy-frontend-N which contains the running processes to serve sites - this partition can be replicated by ``-frontend-quantity`` parameter
 
-So it means sites are served in `caddy-frontend-N` partition, and this partition is structured as:
+It means sites are served in ``caddy-frontend-N`` partition, and this partition is structured as:
+
+ * Caddy serving the browser [client-facing-caddy]
+ * (optional) Apache Traffic Server for caching [ats]
+ * Haproxy as a way to communicate to the backend [backend-facing-haproxy]
+ * some other additional tools (6tunnel, monitor, etc)
+
+In case of slaves without cache (``enable_cache = False``) the request will travel as follows::
+
+  client-facing-caddy --> backend-facing-haproxy --> backend
+
+In case of slaves using cache (``enable_cache = True``) the request will travel as follows::
 
- * Caddy serving the browser
- * (optional) Apache Traffic Server for caching
- * Caddy connected to the backend
+  client-facing-caddy --> ats --> backend-facing-haproxy --> backend
+
+Usage of Haproxy as a relay to the backend allows much better control of the backend, removes the hassle of checking the backend from Caddy and allows future developments like client SSL certificates to the backend or even health checks.
 
 Kedifa implementation
 ---------------------
@@ -493,3 +498,32 @@ Support for X-Real-Ip and X-Forwarded-For
 -----------------------------------------
 
 X-Forwarded-For and X-Real-Ip are transmitted to the backend, but only for IPv4 access to the frontend. In case of IPv6 access, the provided IP will be wrong, because of using 6tunnel.
+
+Automatic Internal Caucase CSR
+------------------------------
+
+Cluster is composed on many instances, which are landing on separate partitions, so some way is needed to bootstrap trust between the partitions.
+
+There are two ways to achieve it:
+
+ * use default, Automatic Internal Caucase CSR used to replace human to sign CSRs against internal CAUCASEs automatic bootstrap, which leads to some issues, described later
+ * switch to manual bootstrap, which requires human to create and manage user certificate (with caucase-updater) and then sign new frontend nodes appearing in the system
+
+The issues during automatic bootstrap are:
+
+ * rouge or hacked SlapOS Master can result with adding rouge frontend nodes to the cluster, which will be trusted, so it will be possible to fetch all certificates and keys from Kedifa or to login to backends
+ * when new node is added there is short window, when rouge person is able to trick automatic signing, and have it's own node added
+
+In both cases promises will fail on node which is not able to get signed, but in case of Kedifa the damage already happened (certificates and keys are compromised). So in case if cluster administrator wants to stay on the safe side, both automatic bootstraps shall be turned off.
+
+How the automatic signing works
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Having in mind such structure:
+
+ * instance with caucase: ``caucase-instance``
+ * N instances which want to get their CSR signed: ``csr-instance``
+
+In ``caucase-instance`` CAUCASE user is created by automatically signing one user certificate, which allows to sign service certificates.
+
+The ``csr-instance`` creates CSR, extracts the ID of the CSR, exposes it via HTTP and ask caucase on ``caucase-instance`` to sign it. The ``caucase-instance`` checks that exposed CSR id matches the one send to caucase and by using created user to signs it.

software/caddy-frontend/buildout.hash.cfg

@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = 20f7a925e686949092823595c79a0523
+md5sum = 99f2f6d8818da4a98ca48412453c4f90
 
 [template-common]
 filename = instance-common.cfg.in
@@ -22,15 +22,15 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
 
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = 1eae89931b305d9b9e34769946203c1c
+md5sum = 23237969bbd9e974ac674b2052e8d67c
 
 [template-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 6d7113ebf0c46b0e4c72c128ebb647db
+md5sum = 19debfbc27c464f451b1eb5bb5ce3c84
 
 [template-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = 9a5919a00a166fb8e902a72707ebc407
+md5sum = e142dad44db1a25d46a31661aa2f075f
 
 [template-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
@@ -38,7 +38,7 @@ md5sum = 7e3ee70c447f8203273d78f66ab519c3
 
 [template-caddy-frontend-configuration]
 _update_hash_filename_ = templates/Caddyfile.in
-md5sum = f0faf6d2e6c187df7e25bf717676f9df
+md5sum = 2503056e35463e045db3329bb8b6fae8
 
 [caddy-backend-url-validator]
 filename = templates/caddy-backend-url-validator.in
@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 
 [template-default-slave-virtualhost]
 _update_hash_filename_ = templates/default-virtualhost.conf.in
-md5sum = 8137d3da8658d7b2d8c99c9a283a4e5e
+md5sum = 266f175dbdfc588af7a86b0b1884fe73
 
-[template-cached-slave-virtualhost]
-_update_hash_filename_ = templates/cached-virtualhost.conf.in
-md5sum = e839ca3cb308f7fcdfa06c2f1b95e93f
+[template-backend-haproxy-configuration]
+_update_hash_filename_ = templates/backend-haproxy.cfg.in
+md5sum = 68a7758ca8f8b544ba9bc756824be3d3
 
 [template-log-access]
 _update_hash_filename_ = templates/template-log-access.conf.in
@@ -94,7 +94,7 @@ md5sum = 061cc244558fd3af2b6bacf17cae5555
 
 [template-validate-script]
 _update_hash_filename_ = templates/validate-script.sh.in
-md5sum = f26e11574f266c7437c9c89e3c93825a
+md5sum = 53e5d7ba2827bff003051f74f24ffe4f
 
 [template-configuration-state-script]
 _update_hash_filename_ = templates/configuration-state-script.sh.in
@@ -115,3 +115,7 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8
 [template-kedifa]
 filename = instance-kedifa.cfg.in
 md5sum = 9d6111a5d6bc07e708116ca331925241
+
+[template-rsyslogd-conf]
+_update_hash_filename_ = templates/rsyslogd.conf.in
+md5sum = 6f0fd930ffb3230b7e8c781f88693d69

software/caddy-frontend/common.cfg

@@ -10,6 +10,8 @@ extends =
   ../../component/trafficserver/buildout.cfg
   ../../component/6tunnel/buildout.cfg
   ../../component/xz-utils/buildout.cfg
+  ../../component/rsyslogd/buildout.cfg
+  ../../component/haproxy/buildout.cfg
 
   ../../stack/caucase/buildout.cfg
 # Monitoring stack (keep on bottom)
@@ -94,6 +96,8 @@ bin_directory = ${buildout:bin-directory}
 sixtunnel = ${6tunnel:location}
 caddy = ${caddy:output}
 caddy_location = ${caddy:location}
+haproxy_executable = ${haproxy:location}/sbin/haproxy
+rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
 curl = ${curl:location}
 dash = ${dash:location}
 gzip = ${gzip:location}
@@ -108,7 +112,8 @@ kedifa-csr = ${:bin_directory}/kedifa-csr
 xz_location = ${xz-utils:location}
 
 monitor_template = ${monitor-template:output}
-template_cached_slave_virtualhost = ${template-cached-slave-virtualhost:target}
+template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
+template_rsyslogd_conf = ${template-rsyslogd-conf:target}
 template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target}
 template_graceful_script = ${template-graceful-script:target}
 template_validate_script = ${template-validate-script:target}
@@ -184,7 +189,7 @@ mode = 640
 [template-default-slave-virtualhost]
 <=download-template
 
-[template-cached-slave-virtualhost]
+[template-backend-haproxy-configuration]
 <=download-template
 
 [template-log-access]
@@ -222,3 +227,6 @@ mode = 0644
 
 [template-configuration-state-script]
 <=download-template
+
+[template-rsyslogd-conf]
+<=download-template

software/caddy-frontend/instance-caddy-input-schema.json

@@ -66,16 +66,16 @@
       "title": "Test Verification URL",
       "type": "string"
     },
-    "proxy-try-duration": {
+    "backend-connect-timeout": {
       "default": 5,
-      "description": "A time during which Caddy will try to establish connection with a backend. Setting it to 0 will result with immediate return of 502 EOF error to the browser, even if it would be possible to (re)connect to the backend during few moments. More info in https://caddyserver.com/docs/proxy try_durtion.",
-      "title": "Duration in seconds of trying a backend",
+      "description": "Time in seconds for establishing connection to the backend.",
+      "title": "Timeout for backend connection (seconds)",
       "type": "integer"
     },
-    "proxy-try-interval": {
-      "default": 250,
-      "description": "How often Caddy will try to establish connection with a backend during proxy-try-duration. More info in https://caddyserver.com/docs/proxy try_interval",
-      "title": "Interval in milliseconds of tries during proxy-try-duration",
+    "backend-connect-retries": {
+      "default": 3,
+      "description": "Amount of retries to connect to the backend. The amount of backend-connect-timeout*backend-connect-retries seconds will be spent to connect to the backend.",
+      "title": "Amount of retries to connect to the backend.",
       "type": "integer"
     },
     "automatic-internal-kedifa-caucase-csr": {
@@ -88,6 +88,16 @@
       "title": "Automatic Internal KeDiFa's Caucase CSR",
       "type": "string"
     },
+    "automatic-internal-backend-client-caucase-csr": {
+      "default": "true",
+      "description": "Automatically signs CSRs sent to Backend Client's caucase, based on csr_id and matching certificate.",
+      "enum": [
+        "true",
+        "false"
+      ],
+      "title": "Automatic Internal Backend Client's Caucase CSR",
+      "type": "string"
+    },
     "ciphers": {
       "description": "List of ciphers. Empty defaults to Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
       "title": "Ordered space separated list of ciphers",
@@ -98,6 +108,16 @@
       "description": "Timeout for HTTP requests.",
       "title": "HTTP Request timeout in seconds",
       "type": "integer"
+    },
+    "authenticate-to-backend": {
+      "default": "false",
+      "description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
+      "enum": [
+        "false",
+        "true"
+      ],
+      "title": "Authenticate to backend",
+      "type": "string"
     }
   },
   "title": "Input Parameters",

software/caddy-frontend/instance-output-schema.json

@@ -73,6 +73,10 @@
     "warning-list": {
       "description": "List of warning found during the request.",
       "type": "array"
+    },
+    "backend-client-caucase-url": {
+      "description": "URL to caucase used by authentication to the backend.",
+      "type": "string"
     }
   },
   "type": "object"

software/caddy-frontend/instance-slave-caddy-input-schema.json

@@ -195,10 +195,34 @@
       "title": "type:zope virtualhostroot-https-port",
       "type": "integer"
     },
+    "backend-connect-timeout": {
+      "description": "Time in seconds for establishing connection to the backend.",
+      "title": "Timeout for backend connection (seconds)",
+      "type": "integer"
+    },
+    "backend-connect-retries": {
+      "description": "Amount of retries to connect to the backend. The amount of backend-connect-timeout*backend-connect-retries seconds will be spent to connect to the backend.",
+      "title": "Amount of retries to connect to the backend.",
+      "type": "integer"
+    },
+    "request-timeout": {
+      "description": "Timeout for HTTP requests.",
+      "title": "HTTP Request timeout in seconds",
+      "type": "integer"
+    },
     "ciphers": {
       "description": "List of ciphers. Empty defaults to cluster list of ciphers, which by default are Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
       "title": "Ordered space separated list of ciphers",
       "type": "string"
+    },
+    "authenticate-to-backend": {
+      "description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
+      "enum": [
+        "false",
+        "true"
+      ],
+      "title": "Authenticate to backend",
+      "type": "string"
     }
   },
   "title": "Input Parameters",

software/caddy-frontend/instance-slave-output-schema.json

@@ -49,6 +49,10 @@
     "kedifa-caucase-url": {
       "description": "URL to caucase used by KeDiFa",
       "type": "string"
+    },
+    "backend-client-caucase-url": {
+      "description": "URL to caucase used by authentication to the backend.",
+      "type": "string"
     }
   },
   "type": "object"

software/caddy-frontend/instance.cfg.in

@@ -103,6 +103,7 @@ configuration.nginx_port = 9443
 configuration.kedifa_port = 7879
 # Warning: Caucase takes also cacuase_port+1
 configuration.caucase_port = 8890
+configuration.caucase_backend_client_port = 8990
 configuration.apache-key =
 configuration.apache-certificate =
 configuration.open-port = 80 443
@@ -117,5 +118,8 @@ configuration.ciphers =
 configuration.request-timeout = 600
 configuration.mpm-graceful-shutdown-timeout = 5
 configuration.frontend-name =
-configuration.proxy-try-duration = 5
-configuration.proxy-try-interval = 250
+configuration.backend-connect-timeout = 5
+configuration.backend-connect-retries = 3
+configuration.backend-haproxy-http-port = 21080
+configuration.backend-haproxy-https-port = 21443
+configuration.authenticate-to-backend = False

software/caddy-frontend/templates/Caddyfile.in

@@ -2,10 +2,8 @@
 
 import {{frontend_configuration.get('log-access-configuration')}}
 import {{ slave_configuration_directory }}/*.conf
-import {{ slave_with_cache_configuration_directory }}/*.conf
 
-{% for port in [https_port] %}
-:{{ port }} {
+:{{ https_port }} {
   tls {{ master_certificate }} {{ master_certificate }}
   bind {{ local_ipv4 }}
   status 404 /
@@ -17,10 +15,8 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
     * {{ not_found_file }}
   }
 }
-{%- endfor %}
 
-{% for port in [http_port, cached_port, ssl_cached_port] %}
-:{{ port }} {
+:{{ http_port }} {
   bind {{ local_ipv4 }}
   status 404 /
   log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
@@ -31,7 +27,6 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
     * {{ not_found_file }}
   }
 }
-{%- endfor %}
 
 # Access to server-status Caddy-style
 https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {

software/caddy-frontend/templates/backend-haproxy.cfg.in

+global
+  pidfile {{ configuration['pid-file'] }}
+  # master-worker is compatible with foreground with process management
+  master-worker
+
+log {{ configuration['log-socket'] }} local0
+defaults
+  log global
+  mode http
+  option httplog
+  timeout queue 60s
+  timeout server {{ configuration['request-timeout'] }}s
+  timeout client {{ configuration['request-timeout'] }}s
+  timeout connect {{ configuration['backend-connect-timeout'] }}s
+  retries {{ configuration['backend-connect-retries'] }}
+
+{%- macro frontend_entry(slave_instance, scheme) %}
+{%-   set host_list = (slave_instance.get('server-alias') or  '').split() %}
+{%-   if slave_instance.get('custom_domain') not in host_list %}
+{%-     do host_list.append(slave_instance.get('custom_domain')) %}
+{%-   endif %}
+{%-   for host in host_list %}
+{%-     if host.startswith('*.') %}
+{#-     hdr_sub has to be used, as anyway something.example.com shall match *.example.com[:port], with optional port #}
+  acl is_{{ slave_instance['slave_reference'] }} hdr_sub(host) -i {{ host[2:] }}
+{%-     else %}
+  acl is_{{ slave_instance['slave_reference'] }} hdr_dom(host) -i {{ host }}
+{%-     endif %}
+{%-   endfor %}
+  use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
+{%- endmacro %}
+
+frontend http-backend
+  bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
+{%- for slave_instance in backend_slave_list %}
+{{ frontend_entry(slave_instance, 'http') }}
+{%- endfor %}
+
+frontend https-backend
+  bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
+{%- for slave_instance in backend_slave_list %}
+{{ frontend_entry(slave_instance, 'https') }}
+{%- endfor %}
+
+{%- for slave_instance in backend_slave_list %}
+{%-   for (scheme, prefix) in [('http', 'http_backend'), ('https', 'https_backend')] %}
+{%-     set info_dict = slave_instance[prefix] %}
+{%-     if info_dict['scheme'] == 'https' %}
+{%-       set ssl = [] %}
+{%-       if slave_instance['authenticate-to-backend'] %}
+{%-         set ssl = ['crt %s' % (configuration['certificate'],)] %}
+{%-       endif %}
+{%-       do ssl.append('ssl verify') %}
+{%-       set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
+{%-       if slave_instance['ssl_proxy_verify'] %}
+{%-         if path_to_ssl_proxy_ca_crt %}
+{%-           do ssl.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
+{%-         else %}
+{#-         Backend SSL shall be verified, but not CA provided, disallow connection #}
+{#-         Simply dropping hostname from the dict will result with ignoring it... #}
+{%-         do info_dict.__setitem__('hostname', '') %}
+{%-         endif %}
+{%-       else %}
+{%-         do ssl.append('none') %}
+{%-       endif %}
+{%-       set ssl = ' '.join(ssl) %}
+{%-     else %}
+{%-       set ssl = '' %}
+{%-     endif %}
+
+backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
+{%-     set hostname = info_dict['hostname'] %}
+{%-     set port = info_dict['port'] %}
+{%-     set path = info_dict['path'].rstrip('/') %}
+{%-     if hostname and port %}
+  timeout server {{ slave_instance['request-timeout'] }}s
+  timeout connect {{ slave_instance['backend-connect-timeout'] }}s
+  retries {{ slave_instance['backend-connect-retries'] }}
+  server backend {{ hostname }}:{{ port }} {{ ssl }}
+{%-       if path %}
+  http-request set-path {{ path }}%[path]
+{%-       endif %}
+{%-     endif %}
+{%-   endfor %}
+{%- endfor %}

software/caddy-frontend/templates/cached-virtualhost.conf.in

-{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
-{%- set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
-{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES %}
-{%- set host_list = [] %}
-{%- for host in [slave_parameter.get('custom_domain')] + server_alias_list %}
-{%-   if host not in host_list %}
-{%-     do host_list.append(host) %}
-{%-   endif %}
-{%- endfor %}
-{%- set http_backend_host_list = [] %}
-{%- set https_backend_host_list = [] %}
-{%- for host in host_list %}
-{%-   do http_backend_host_list.append('http://%s:%s' % (host, slave_parameter['cached_port'])) %}
-{%-   do https_backend_host_list.append('http://%s:%s' % (host, slave_parameter['ssl_cached_port'])) %}
-{%- endfor %}
-
-# SSL-disabled backends
-{{ http_backend_host_list|join(', ') }} {
-  bind {{ slave_parameter['local_ipv4'] }}
-# Rewrite part
-  proxy / {{ slave_parameter.get('backend_url', '') }} {
-    try_duration {{ slave_parameter['proxy_try_duration'] }}s
-    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
-
-    header_upstream Host {host}
-{#    header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
-    header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
-    header_upstream -X-Forwarded-For-Real
-    timeout {{ slave_parameter['request_timeout'] }}s
-{%- if ssl_proxy_verify %}
-{%-   if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
-    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
-{%-   endif %}
-{%- else %}
-    insecure_skip_verify
-{%- endif %}
-  }
-  log / {{ slave_parameter.get('access_log_cache_direct') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
-    rotate_size 0
-  }
-
-  errors {{ slave_parameter.get('error_log_cache_direct') }} {
-    rotate_size 0
-  }
-}
-
-# SSL-enabled backends
-{{ https_backend_host_list|join(', ') }} {
-  bind {{ slave_parameter['local_ipv4'] }}
-  proxy / {{ slave_parameter.get('https_backend_url', '') }} {
-    try_duration {{ slave_parameter['proxy_try_duration'] }}s
-    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
-    header_upstream Host {host}
-{#    header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
-    header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
-    header_upstream -X-Forwarded-For-Real
-    timeout {{ slave_parameter['request_timeout'] }}s
-{%- if ssl_proxy_verify %}
-{%-   if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
-    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
-{%-   endif %}
-{%- else %}
-    insecure_skip_verify
-{%- endif %}
-  }
-  log / {{ slave_parameter.get('access_log_cache_direct') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
-    rotate_size 0
-  }
-
-  errors {{ slave_parameter.get('error_log_cache_direct') }} {
-    rotate_size 0
-  }
-}

software/caddy-frontend/templates/default-virtualhost.conf.in

@@ -9,7 +9,6 @@
 {%- endif %} {#- if prefer_gzip #}
 {%- set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
 {%- set enable_h2 = slave_parameter['global_disable_http2'].lower() not in TRUE_VALUES and slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default']).lower() in TRUE_VALUES %}
-{%- set ssl_proxy_verify = slave_parameter.get('ssl-proxy-verify', '').lower() in TRUE_VALUES %}
 {%- set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() %}
 {%- set https_only = slave_parameter.get('https-only', 'true').lower() in TRUE_VALUES %}
 {%- set slave_type = slave_parameter.get('type', '') %}
@@ -41,31 +40,18 @@
 {%- endif %}
 
 {%- macro proxy_header() %}
-    try_duration {{ slave_parameter['proxy_try_duration'] }}s
-    try_interval {{ slave_parameter['proxy_try_interval'] }}ms
-    timeout {{ slave_parameter['request_timeout'] }}s
-{%-   if ssl_proxy_verify %}
-{%-     if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
-    ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
-{%-     endif %} {#-     if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
-{%-   else %} {#-   if ssl_proxy_verify #}
-    insecure_skip_verify
-{%-   endif %} {#-   if ssl_proxy_verify #}
+    timeout {{ slave_parameter['request-timeout'] }}s
     # force reset of X-Forwarded-For
     header_upstream X-Forwarded-For {remote}
-{%-     if enable_cache %}
-    # provide a header for other components
-    header_upstream X-Forwarded-For-Real {remote}
-{%-     endif %}
 {%- endmacro %} {# proxy_header #}
 
 {%- for tls in [True, False] %}
 {%- if tls %}
-{%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')).rstrip('/') %}
+{%-   set backend_url = slave_parameter.get('backend-https-url', slave_parameter.get('backend-http-url')) %}
 # SSL enabled hosts
 {{ https_host_list|join(', ') }} {
 {%- else %}
-{%- set backend_url = slave_parameter.get('url', '').rstrip('/') %}
+{%-   set backend_url = slave_parameter['backend-http-url'] %}
 # SSL-disabled hosts
 {{ http_host_list|join(', ') }} {
 {%- endif %}
@@ -178,11 +164,13 @@
 {%- endif %}
   } {# rewrite #}
 {%- endif %} {#- if prefer_gzip #}
-{%- elif slave_type ==  'redirect' and backend_url %} {#- if slave_type ==  'zope' and backend_url #}
+{%- elif slave_type == 'redirect' %}
+{%-   if backend_url %}
   # Redirect configuration
   redir 302 {
     /  {{ backend_url }}{rewrite_uri}
-  } {# redir #}
+  }
+{%-   endif %}
 {%- elif slave_type == 'notebook' %}
   proxy / {{ backend_url }} {
 {{ proxy_header() }}
@@ -204,6 +192,8 @@
 {{ proxy_header() }}
 {%-     if websocket_transparent %}
     transparent
+{%-     else %}
+    header_upstream Host {host}
 {%-     endif %}
   }
 {%-     for websocket_path in websocket_path_list %}
@@ -212,6 +202,8 @@
     websocket
 {%-       if websocket_transparent %}
     transparent
+{%-       else %}
+    header_upstream Host {host}
 {%-       endif %}
   }
 {%-     endfor %}
@@ -221,6 +213,8 @@
     websocket
 {%-   if websocket_transparent %}
     transparent
+{%-   else %}
+    header_upstream Host {host}
 {%-   endif %}
   }
 {%-   endif %}

software/caddy-frontend/templates/rsyslogd.conf.in

+module(
+  load="imuxsock"
+  SysSock.Name="{{ socket }}")
+
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+$FileCreateMode 0600
+$DirCreateMode 0700
+$Umask 0022
+
+$WorkDirectory {{ spool_directory }}
+
+*.* {{ log_file }}

software/caddy-frontend/templates/validate-script.sh.in

@@ -10,10 +10,10 @@ if [ -f $LAST_STATE_FILE ] ; then
   old_found=$(find $LAST_STATE_FILE -mmin +120 | wc -l)
 fi
 
-if [ "$old_found" -eq 1 ] || {{ caddy_configuration_state }} ; then
+if [ "$old_found" -eq 1 ] || {{ configuration_state_command }} ; then
   # do not catch errors during validation
   set +e
-  {{ wrapper }} -validate
+  {{ validate_command }}
   echo $? > $LAST_STATE_FILE
   set -e
 fi

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_log-CADDY.txt

@@ -5,10 +5,9 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
-T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_error_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -5,10 +5,9 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
-T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_error_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_log-CADDY.txt

@@ -5,10 +5,9 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
-T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_error_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -5,10 +5,9 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
-T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_error_log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_log-CADDY.txt

@@ -5,6 +5,7 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd-csr_id/expose-csr_id.log

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_log-CADDY.txt

@@ -5,6 +5,7 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
 T-2/var/log/httpd-csr_id/expose-csr_id.log

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_log-CADDY.txt

@@ -5,10 +5,9 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_default_access_log
-T-2/var/log/httpd-cache-direct/_default_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_default_access_log
 T-2/var/log/httpd/_default_error_log

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt

@@ -5,27 +5,18 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_Url_access_log
 T-2/var/log/httpd/_Url_error_log
+T-2/var/log/httpd/_auth-to-backend-backend-ignore_access_log
+T-2/var/log/httpd/_auth-to-backend-backend-ignore_error_log
+T-2/var/log/httpd/_auth-to-backend-not-configured_access_log
+T-2/var/log/httpd/_auth-to-backend-not-configured_error_log
+T-2/var/log/httpd/_auth-to-backend_access_log
+T-2/var/log/httpd/_auth-to-backend_error_log
 T-2/var/log/httpd/_ciphers_access_log
 T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
@@ -74,6 +65,8 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
 T-2/var/log/httpd/_server-alias-duplicated_access_log
 T-2/var/log/httpd/_server-alias-duplicated_error_log
+T-2/var/log/httpd/_server-alias-empty_access_log
+T-2/var/log/httpd/_server-alias-empty_error_log
 T-2/var/log/httpd/_server-alias-wildcard_access_log
 T-2/var/log/httpd/_server-alias-wildcard_error_log
 T-2/var/log/httpd/_server-alias_access_log
@@ -94,6 +87,8 @@ T-2/var/log/httpd/_ssl_ca_crt_only_access_log
 T-2/var/log/httpd/_ssl_ca_crt_only_error_log
 T-2/var/log/httpd/_type-notebook_access_log
 T-2/var/log/httpd/_type-notebook_error_log
+T-2/var/log/httpd/_type-redirect-custom_domain_access_log
+T-2/var/log/httpd/_type-redirect-custom_domain_error_log
 T-2/var/log/httpd/_type-redirect_access_log
 T-2/var/log/httpd/_type-redirect_error_log
 T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_access_log

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
 T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestSlave.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_log-CADDY.txt

@@ -5,12 +5,9 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_default_ciphers_access_log
-T-2/var/log/httpd-cache-direct/_default_ciphers_error_log
-T-2/var/log/httpd-cache-direct/_own_ciphers_access_log
-T-2/var/log/httpd-cache-direct/_own_ciphers_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_default_ciphers_access_log
 T-2/var/log/httpd/_default_ciphers_error_log

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt

@@ -5,27 +5,18 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache_error_log
-T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_access_log
-T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_Url_access_log
 T-2/var/log/httpd/_Url_error_log
+T-2/var/log/httpd/_auth-to-backend-backend-ignore_access_log
+T-2/var/log/httpd/_auth-to-backend-backend-ignore_error_log
+T-2/var/log/httpd/_auth-to-backend-not-configured_access_log
+T-2/var/log/httpd/_auth-to-backend-not-configured_error_log
+T-2/var/log/httpd/_auth-to-backend_access_log
+T-2/var/log/httpd/_auth-to-backend_error_log
 T-2/var/log/httpd/_ciphers_access_log
 T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
@@ -74,6 +65,8 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
 T-2/var/log/httpd/_server-alias-duplicated_access_log
 T-2/var/log/httpd/_server-alias-duplicated_error_log
+T-2/var/log/httpd/_server-alias-empty_access_log
+T-2/var/log/httpd/_server-alias-empty_error_log
 T-2/var/log/httpd/_server-alias-wildcard_access_log
 T-2/var/log/httpd/_server-alias-wildcard_error_log
 T-2/var/log/httpd/_server-alias_access_log
@@ -94,6 +87,8 @@ T-2/var/log/httpd/_ssl_ca_crt_only_access_log
 T-2/var/log/httpd/_ssl_ca_crt_only_error_log
 T-2/var/log/httpd/_type-notebook_access_log
 T-2/var/log/httpd/_type-notebook_error_log
+T-2/var/log/httpd/_type-redirect-custom_domain_access_log
+T-2/var/log/httpd/_type-redirect-custom_domain_error_log
 T-2/var/log/httpd/_type-redirect_access_log
 T-2/var/log/httpd/_type-redirect_error_log
 T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_access_log

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
 T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_log-CADDY.txt

@@ -5,10 +5,9 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_ssl_from_master_access_log
-T-2/var/log/httpd-cache-direct/_ssl_from_master_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_log-CADDY.txt

@@ -5,10 +5,9 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_ssl_from_master_kedifa_overrides_master_certificate_access_log
-T-2/var/log/httpd-cache-direct/_ssl_from_master_kedifa_overrides_master_certificate_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log
 T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_log-CADDY.txt

@@ -5,10 +5,9 @@ T-1/var/log/expose-csr_id.log
 T-1/var/log/kedifa.log
 T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
 T-2/var/log/frontend-access.log
 T-2/var/log/frontend-error.log
-T-2/var/log/httpd-cache-direct/_ssl_from_master_access_log
-T-2/var/log/httpd-cache-direct/_ssl_from_master_error_log
 T-2/var/log/httpd-csr_id/expose-csr_id.log
 T-2/var/log/httpd/_ssl_from_master_access_log
 T-2/var/log/httpd/_ssl_from_master_error_log

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin-CADDY.txt

 T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
 T-0/etc/plugin/aikc-user-caucase-updater.py
 T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
 T-0/etc/plugin/check-free-disk-space.py
 T-0/etc/plugin/monitor-bootstrap-status.py
 T-0/etc/plugin/monitor-http-frontend.py
@@ -17,13 +19,15 @@ T-1/etc/plugin/monitor-bootstrap-status.py
 T-1/etc/plugin/monitor-http-frontend.py
 T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
 T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_cached.py
 T-2/etc/plugin/caddy_frontend_ipv4_http.py
 T-2/etc/plugin/caddy_frontend_ipv4_https.py
 T-2/etc/plugin/caddy_frontend_ipv6_http.py
 T-2/etc/plugin/caddy_frontend_ipv6_https.py
-T-2/etc/plugin/caddy_ssl_cached.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr_id-ip-port-listening.py

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_run-CADDY.txt

 T-0/var/run/monitor-httpd.pid
 T-1/var/run/kedifa.pid
 T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_supervisor_state-CADDY.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
 T-0:aikc-user-caucase-updater-on-watch RUNNING
 T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
 T-0:certificate_authority-{hash-generic}-on-watch RUNNING
 T-0:crond-{hash-generic}-on-watch RUNNING
 T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -17,8 +19,10 @@ T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
 T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
 T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
 T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING

software/metabase/software.cfg

@@ -17,8 +17,8 @@ part = python3
 
 [metabase.jar]
 recipe = slapos.recipe.build:download
-url = https://downloads.metabase.com/v0.35.3/metabase.jar
-md5sum = 73c98cdf5cecde80463ef868e77d3b0e
+url = https://downloads.metabase.com/v0.36.0/metabase.jar
+md5sum = 0a5e780dcf7d9ffe73f1ed789f863a57
 
 [instance-profile]
 recipe = slapos.recipe.template

software/theia/buildout.hash.cfg

@@ -15,11 +15,11 @@
 
 [instance]
 filename = instance.cfg.in
-md5sum = 42d21dc3f5d3e57e142eea8e016195f0
+md5sum = d8ad39bc93c492026a93c28b33a5dc3a
 
 [yarn.lock]
 filename = yarn.lock
-md5sum = ae1b596804715acd3512f1e8e6cbae3b
+md5sum = 89d0a4d0c3ae90b9c5c0923b57766f0f
 
 [python-language-server-requirements.txt]
 filename = python-language-server-requirements.txt

software/theia/instance.cfg.in

@@ -121,7 +121,7 @@ recipe = slapos.cookbook:userinfo
 recipe = slapos.cookbook:wrapper
 wrapper-path = $${directory:services}/$${:_buildout_section_name_}
 command-line =
-  env LC_ALL=C.UTF-8 TMP=$${directory:tmp} THEIA_WEBVIEW_EXTERNAL_ENDPOINT='{{hostname}}' THEIA_SHELL=$${theia-shell:wrapper-path} ${theia-wrapper:rendered} --hostname=$${:hostname} --port=$${:port} $${directory:project}
+  env LC_ALL=C.UTF-8 TMP=$${directory:tmp} THEIA_WEBVIEW_EXTERNAL_ENDPOINT='{{hostname}}' THEIA_SHELL=$${theia-shell:rendered} ${theia-wrapper:rendered} --hostname=$${:hostname} --port=$${:port} $${directory:project}
 
 ip =  $${instance-parameter:ipv4-random}
 hostname =  $${:ip}
@@ -132,12 +132,18 @@ hash-existing-files =
   ${theia-wrapper:rendered}
 
 [theia-shell]
-recipe = slapos.cookbook:wrapper
-wrapper-path = $${directory:bin}/$${:_buildout_section_name_}
-# reset GIT_EXEC_PATH to workaround https://github.com/eclipse-theia/theia/issues/7555
-# activate slapos configuration
-command-line =
-  ${bash:location}/bin/bash -c ". $${slapos-standalone-activate:rendered} && exec env GIT_EXEC_PATH= ${bash:location}/bin/bash"
+recipe = slapos.recipe.template:jinja2
+rendered = $${directory:bin}/$${:_buildout_section_name_}
+mode = 0700
+template = inline:
+  #!${python:location}/bin/python
+  import sys
+  import os
+  args = sys.argv[1:]
+  # when running interactively, activate slapos configuration and reset GIT_EXEC_PATH to workaround https://github.com/eclipse-theia/theia/issues/7555
+  if not args: args = ["-c", ". $${slapos-standalone-activate:rendered} && exec env GIT_EXEC_PATH= ${bash:location}/bin/bash", ]
+  os.execv('${bash:location}/bin/bash', ['${bash:location}/bin/bash']  + args)
+
 
 [slapos-standalone-activate]
 recipe = slapos.recipe.template:jinja2
@@ -147,7 +153,16 @@ mode = 0700
 template =
   inline:#!/bin/sh
   export PATH=${buildout:bin-directory}:$PATH
-  ${slapos-standalone:script-path} $${directory:slapos} $${:ipv4} $${:ipv6} $${:port}
+  ${slapos-standalone:script-path} \
+      $${directory:slapos} \
+      $${:ipv4} \
+      $${:ipv6} \
+      $${:port} \
+      $${slap-connection:server-url} \
+      $${slap-connection:computer-id} \
+      $${slap-connection:partition-id} \
+      --key='$${slap-connection:key-file}' \
+      --cert='$${slap-connection:cert-file}'
   export SLAPOS_CONFIGURATION=$${directory:slapos}/etc/slapos.cfg
   export SLAPOS_CLIENT_CONFIGURATION=$SLAPOS_CONFIGURATION
 

software/theia/software.cfg

@@ -10,15 +10,11 @@ extends =
    ../../component/vim/buildout.cfg
    ../../component/curl/buildout.cfg
    ../../component/coreutils/buildout.cfg
+   ../../component/java-jdk/buildout.cfg
    ../../stack/slapos.cfg
    ../../stack/monitor/buildout.cfg
-   ./gowork.cfg
+   ../../component/defaults.cfg
    ./buildout.hash.cfg
-# this gowork.cfg includes the one from caddy, because they share the only gowork
-# workspace (not intentionnaly, as far as I see there's only one gowork per SR)
-# it is included after caddy, otherwise only caddy is installed. The problem of this
-# approach is that caddy's version will be the one pinned here, so we have to update
-# here as well.
 
 parts =
   theia-wrapper
@@ -28,6 +24,11 @@ parts =
 # default for slapos-standalone
 shared-part-list =
 
+# We keep the gcc part in sync with the one from erp5 software, so that when we install
+# erp5 inside theia's slapos parts can be shared.
+[gcc]
+max_version = 0
+
 
 [nodejs]
 <= nodejs-10.19.0
@@ -64,14 +65,33 @@ initialization =
   parser.add_argument('ipv4')
   parser.add_argument('ipv6')
   parser.add_argument('server_port', type=int)
+  forwarded_arguments = parser.add_argument_group('forwarded')
+  forwarded_arguments.add_argument('master_url')
+  forwarded_arguments.add_argument('computer')
+  forwarded_arguments.add_argument('partition')
+  # cert and key are optional
+  forwarded_arguments.add_argument('--cert')
+  forwarded_arguments.add_argument('--key')
   args = parser.parse_args()
   shared_part_list = [x.strip() for x in '''${buildout:shared-part-list}'''.splitlines() if x.strip()]
-
+  partition_forward_configuration = (
+      slapos.slap.standalone.PartitionForwardAsPartitionConfiguration(
+          master_url=args.master_url,
+          computer=args.computer,
+          partition=args.partition,
+          cert=args.cert,
+          key=args.key,
+          software_release_list=(
+            'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg',
+          ),
+      ),
+  )
   standalone = slapos.slap.standalone.StandaloneSlapOS(
       args.base_directory,
       args.ipv4,
       args.server_port,
-      shared_part_list=shared_part_list
+      shared_part_list=shared_part_list,
+      partition_forward_configuration=partition_forward_configuration,
   )
   standalone.start()
   partition_count = 20
@@ -139,7 +159,8 @@ mode = 0644
 
 [package.json]
 recipe = slapos.recipe.template:jinja2
-# this comes from https://github.com/theia-ide/theia-apps/blob/2991e3a433f031b22bc80e274f80620d1e6898e5/theia-full-docker/latest.package.json
+# this comes from https://github.com/theia-ide/theia-apps/blob/3391dd07cba7ddc5cc833420349a27beb66a5433/theia-full-docker/latest.package.json
+# but with a more recent version of vscode-java-redhat, where https://github.com/redhat-developer/vscode-java/issues/1301 was fixed
 template =
   inline:{
       "private": true,
@@ -163,17 +184,20 @@ template =
                         "**/node_modules/**": true
                       },
                       "editor.multiCursorModifier": "ctrlCmd",
-                      "plantuml.webservice": "//plantuml.host.vifib.net/svg/",
+                      "editor.tabSize": 2,
                       "plantuml.monochrome": false,
-                      "editor.tabSize": 2
+                      "plantuml.webservice": "//plantuml.host.vifib.net/svg/",
+                      "gitlens.remotes": [{ "domain": "lab.nexedi.com", "type": "GitLab" }],
+                      "java.home": "${java-jdk:location}"
                   }
               }
           }
       },
       "dependencies": {
           "@theia/callhierarchy": "latest",
+          "@theia/console": "latest",
           "@theia/core": "latest",
-          "@theia/cpp": "latest",
+          "@theia/cpp-debug": "latest",
           "@theia/debug": "latest",
           "@theia/editor": "latest",
           "@theia/editor-preview": "latest",
@@ -200,9 +224,11 @@ template =
           "@theia/preview": "latest",
           "@theia/process": "latest",
           "@theia/rust": "latest",
+          "@theia/scm": "latest",
           "@theia/search-in-workspace": "latest",
           "@theia/task": "latest",
           "@theia/terminal": "latest",
+          "@theia/typehierarchy": "latest",
           "@theia/userstorage": "latest",
           "@theia/variable-resolver": "latest",
           "@theia/vsx-registry": "latest",
@@ -211,8 +237,9 @@ template =
       "resolutions": {
           "vscode-json-languageserver": "1.2.2",
           "vscode-languageserver-protocol": "3.15.0-next.9",
-          "vscode-languageserver-types": "3.15.0-next.4",
-          "**/vscode-json-languageserver/**/vscode-languageserver": "6.0.0-next.1"
+          "vscode-languageserver-types": "3.15.0-next.5",
+          "**/vscode-json-languageserver/**/vscode-languageserver": "6.0.0-next.1",
+          "**/moment": "2.24.0"
       },
       "devDependencies": {
           "@theia/cli": "latest"
@@ -285,7 +312,7 @@ template =
           "vscode-go": "https://github.com/microsoft/vscode-go/releases/download/0.12.0/Go-0.12.0.vsix",
           "vscode-java-debug": "https://github.com/microsoft/vscode-java-debug/releases/download/0.24.0/vscjava.vscode-java-debug-0.24.0.vsix",
           "vscode-java-dependency-viewer": "https://github.com/microsoft/vscode-java-dependency/releases/download/0.6.0/vscode-java-dependency-0.6.0.vsix",
-          "vscode-java-redhat": "https://github.com/redhat-developer/vscode-java/releases/download/v0.54.2/redhat.java-0.54.2.vsix",
+          "vscode-java-redhat": "https://github.com/redhat-developer/vscode-java/releases/download/v0.61.0/redhat.java-0.61.0.vsix",
           "vscode-java-test": "https://github.com/microsoft/vscode-java-test/releases/download/0.22.0/vscjava.vscode-java-test-0.22.0.vsix",
           "vscode-python": "https://github.com/microsoft/vscode-python/releases/download/2020.1.58038/ms-python-release.vsix",
           "vscode-ruby": "https://github.com/rubyide/vscode-ruby/releases/download/v0.25.0/ruby-0.25.0.vsix",
@@ -297,29 +324,15 @@ mode = 0644
 
 
 [gowork]
-# Install go-language-server in workspace
-# Note that this is the same workspace as caddy.
-# install list comes from https://github.com/theia-ide/go-language-server/blob/d259749c8f263c4d845055833b03b1d2dbefa5b3/README.md#prerequisites
-install +=
-  github.com/ramya-rao-a/go-outline
-  github.com/acroca/go-symbols
-  github.com/nsf/gocode
-  github.com/rogpeppe/godef
-  golang.org/x/tools/cmd/godoc
-  github.com/zmb3/gogetdoc
-  golang.org/x/lint/golint
-  github.com/fatih/gomodifytags
-  github.com/uudashr/gopkgs/cmd/gopkgs
-  golang.org/x/tools/cmd/gorename
-  sourcegraph.com/sqs/goreturns
-  github.com/cweill/gotests/...
-  golang.org/x/tools/cmd/guru
-  github.com/josharian/impl
-  github.com/haya14busa/goplay/cmd/goplay
-  github.com/davidrjenni/reftools/cmd/fillstruct
+golang = ${golang1.14:location}
+
+[gowork.goinstall]
+command =
+  bash -c ". ${gowork:env.sh} && GO111MODULE=on go get golang.org/x/tools/gopls@v0.4.3"
+
 
 [cli-utilities]
-PATH = ${nodejs:location}/bin/:${bash:location}/bin/:${fish-shell:location}/bin/:${tig:location}/bin/:${vim:location}/bin/:${tmux:location}/bin/:${git:location}/bin/:${curl:location}/bin
+PATH = ${nodejs:location}/bin/:${bash:location}/bin/:${fish-shell:location}/bin/:${tig:location}/bin/:${vim:location}/bin/:${tmux:location}/bin/:${git:location}/bin/:${curl:location}/bin:${python2.7:location}/bin/
 
 [theia-wrapper]
 recipe = slapos.recipe.template:jinja2
@@ -329,7 +342,7 @@ template =
   inline:
   #!/bin/bash
   . ${gowork:env.sh}
-  export PATH=${python-language-server:location}/bin/:${cli-utilities:PATH}:$PATH
+  export PATH=${python-language-server:location}/bin/:${java-jdk:location}/bin/:${cli-utilities:PATH}:$PATH
   export THEIA_DEFAULT_PLUGINS="local-dir:${theia:THEIA_DEFAULT_PLUGINS}"
   # reset PS1 from gowork
   export PS1='$ '

software/theia/test/test.py

@@ -29,6 +29,7 @@ from __future__ import unicode_literals
 import os
 import textwrap
 import logging
+import subprocess
 import tempfile
 import time
 from six.moves.urllib.parse import urlparse, urljoin
@@ -89,6 +90,15 @@ class TestTheia(SlapOSInstanceTestCase):
     # use a large enough terminal so that slapos proxy show table fit in the screen
     process.setwinsize(5000, 5000)
 
+    # log process output for debugging
+    logger = logging.getLogger('theia-shell')
+    class DebugLogFile:
+      def write(self, msg):
+        logger.info("output from theia-shell: %s", msg)
+      def flush(self):
+        pass
+    process.logfile = DebugLogFile()
+
     process.expect_exact('Standalone SlapOS: Formatting 20 partitions')
     process.expect_exact('Standalone SlapOS for computer `local` activated')
 
@@ -122,3 +132,13 @@ class TestTheia(SlapOSInstanceTestCase):
 
     process.terminate()
     process.wait()
+
+  def test_theia_shell_execute_tasks(self):
+    # shell needs to understand -c "comamnd" arguments for theia tasks feature
+    test_file = '{}/test file'.format(self.computer_partition_root_path)
+    subprocess.check_call([
+        '{}/bin/theia-shell'.format(self.computer_partition_root_path),
+        '-c',
+        'touch "{}"'.format(test_file)
+    ])
+    self.assertTrue(os.path.exists(test_file))