Update Release Candidate

CHANGES.rst

 Changes
 =======
 
-1.0.75-dev (unreleased)
+1.0.84 (2018-12-28)
 -----------------------
 
 * Drop ``slapos.recipe:xvfb``, use simple ``slapos.recipe:wrapper`` instead.
 * Drop ``slapos.recipe:seleniumrunner`` and ``slapos.recipe:firefox``, they
   were not used.
+* Encode unicode to UTF-8 on ``slapos.recipe:request`` and 
+  ``slapos.recipe:slapconfiguration`` 
 
 1.0.75 (2018-09-04)
 -------------------

setup.py

@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
 import glob
 import os
 
-version = '1.0.75'
+version = '1.0.84'
 name = 'slapos.cookbook'
 long_description = open("README.rst").read() + "\n" + \
     open("CHANGES.rst").read() + "\n"

slapos/recipe/request.py

@@ -190,12 +190,15 @@ class Recipe(object):
 
     # Then try to get all the parameters. In case of problem, put empty string.
     for param in return_parameters:
-      options['connection-%s' % param] = ''
+      value = ''
       try:
-        options['connection-%s' % param] = return_parameter_dict[param]
+        value = return_parameter_dict[param]
       except KeyError:
         if self.failed is None:
           self.failed = param
+      if isinstance(value, unicode):
+        value = value.encode('UTF-8')
+      options['connection-%s' % param] = value
 
   def _filterForStorage(self, partition_parameter_kw):
     return partition_parameter_kw

slapos/recipe/slapconfiguration.py

@@ -264,6 +264,8 @@ class Recipe(object):
           # be very careful with overriding master's information
           for key, value in flatten_dict(partition_params).items():
             if key not in options:
+              if isinstance(value, unicode):
+                value = value.encode('UTF-8')
               options[key] = value
       # print out augmented options to see what we are passing
       logger.debug(str(options))

slapos/test/recipe/test_request.py

@@ -83,6 +83,7 @@ class RecipeTestMixin(object):
     result = recipe.install()
     self.assertEqual([], result)
     self.assertEqual(options['connection-anything'], 'done')
+    self.assertIsInstance(options['connection-anything'], str)
     self.request_instance.assert_called_with(
       '', 'RootSoftwareInstance', '', filter_kw={},
       partition_parameter_kw=self.called_partition_parameter_kw,

slapos/test/recipe/test_slaposconfiguration.py

@@ -18,7 +18,7 @@ class SlapConfigurationTest(unittest.TestCase):
     self.resource_file = os.path.join(self.instance_root, slapformat.Partition.resource_file)
     self.resource = {
       "tun": {
-        "ipv4": "192.168.0.1"
+        "ipv4": u"192.168.0.1"
       },
       "address_list": [
         10, 20
@@ -48,6 +48,7 @@ class SlapConfigurationTest(unittest.TestCase):
 
     self.assertEqual(options['tun-ipv4'], "192.168.0.1",
       "Folded attrs should be separated by -")
+    self.assertIsInstance(options['tun-ipv4'], str)
 
     self.assertEqual(options['address-list'], [10, 20],
       "All underscores should be replaced with -")

software/caddy-frontend/buildout.hash.cfg

@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = b7879a40ed7f8a49b764c82e7283811f
+md5sum = e21bf673c35f049e7457ec78de9a1964
 
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in

software/caddy-frontend/instance-slave-caddy-simplified-input-schema.json

+{
+  "$schema": "http://json-schema.org/draft-04/schema",
+  "properties": {
+    "url": {
+      "description": "Url of the backend",
+      "pattern": "^(http|https|ftp)://",
+      "title": "Backend URL",
+      "type": "string"
+    },
+    "type": {
+      "default": "",
+      "description": "Type of slave. If redirect, the slave will redirect to the given url. If zope, the rewrite rules will be compatible with Virtual Host Monster. Implemented are default, zope and redirect, not implemneted are notebook and eventsource.",
+      "enum": [
+        "",
+        "zope"
+      ],
+      "title": "Backend Type",
+      "type": "string"
+    },
+    "custom_domain": {
+      "description": "Custom Domain to use for the website",
+      "pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
+      "title": "Custom Domain",
+      "type": "string"
+    },
+    "server-alias": {
+      "default": "",
+      "description": "Server Alias List separated by space",
+      "title": "Server Alias",
+      "type": "string"
+    },
+    "default-path": {
+      "default": "",
+      "description": "Provide default path to redirect user to when user access / (the site root)",
+      "title": "type:zope Default Path",
+      "type": "string"
+    },
+    "disable-no-cache-request": {
+      "default": "false",
+      "description": "If set to true, Cache-Control and Pragma requests headers will not be sent to cache and backend servers. This prevents clients from bypassing cache when enable_cache is true",
+      "enum": [
+        "false",
+        "true"
+      ],
+      "title": "enable_cache: Disable 'no-cache' requests",
+      "type": "string"
+    },
+    "disable-via-header": {
+      "default": "false",
+      "description": "If set to true, Via response headers will not be sent to client",
+      "enum": [
+        "false",
+        "true"
+      ],
+      "title": "enable_cache: Disable 'Via' headers from cache",
+      "type": "string"
+    },
+    "disabled-cookie-list": {
+      "default": "",
+      "description": "List of Cookies separated by space that will not be sent to cache and backend servers. This is especially useful to discard analytics tracking cookies when using Vary: Cookie cache headers",
+      "title": "Disabled Cookies",
+      "type": "string"
+    },
+    "enable_cache": {
+      "default": "false",
+      "description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend Caddy and backend",
+      "enum": [
+        "false",
+        "true"
+      ],
+      "title": "Enable Cache",
+      "type": "string"
+    },
+    "https-only": {
+      "default": "false",
+      "description": "If set to true, http requests will be redirected to https",
+      "enum": [
+        "false",
+        "true"
+      ],
+      "title": "HTTPS Only",
+      "type": "string"
+    },
+    "path": {
+      "default": "",
+      "description": "Path to proxy to in the backend",
+      "title": "type:zope Backend Path",
+      "type": "string"
+    },
+    "prefer-gzip-encoding-to-backend": {
+      "default": "false",
+      "description": "If set to true, frontend will rewrite Accept-Encoding request header to simply 'gzip' for all variants of Accept-Encoding containing 'gzip', in order to maximize cache hits for resources cached with Vary: Accept-Encoding when enable_cache is used",
+      "enum": [
+        "false",
+        "true"
+      ],
+      "title": "Prefer gzip Encoding for Backend",
+      "type": "string"
+    },
+    "ssl_ca_crt": {
+      "default": "",
+      "description": "Content of the CA certificate file",
+      "textarea": true,
+      "title": "SSL Certificate Authority's Certificate",
+      "type": "string"
+    },
+    "ssl_crt": {
+      "default": "",
+      "description": "Content of the SSL Certificate file",
+      "textarea": true,
+      "title": "SSL Certificate",
+      "type": "string"
+    },
+    "ssl_key": {
+      "default": "",
+      "description": "Content of the SSL Key file",
+      "textarea": true,
+      "title": "SSL Key",
+      "type": "string"
+    }
+  },
+  "title": "Input Parameters",
+  "type": "object"
+}

software/caddy-frontend/software.cfg.json

@@ -35,6 +35,15 @@
       "shared": true,
       "software-type": "default",
       "title": "Default (slave)"
+    },
+    "default-simplified-slave": {
+      "description": "Default",
+      "index": 5,
+      "request": "instance-slave-caddy-simplified-input-schema.json",
+      "response": "instance-output-schema.json",
+      "shared": true,
+      "software-type": "default",
+      "title": "Default Basic (slave)"
     }
   }
 }

software/caddy-frontend/templates/default-virtualhost.conf.in

@@ -42,12 +42,12 @@
   log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
   errors {{ slave_parameter.get('error_log') }}
 
-{%- if prefer_gzip %}
+{%- if prefer_gzip and not (slave_type == 'zope' and backend_url) %}
   rewrite {
     if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
     to /prefer-gzip{uri}
   }
-{%- endif %} {#- if prefer_gzip #}
+{%- endif %} {#- if prefer_gzip and not (slave_type == 'zope' and backend_url) #}
 
 {%- if slave_type ==  'zope' and backend_url %}
   # Zope configuration
@@ -90,10 +90,18 @@
     / {scheme}://{host}/{{ default_path }}
   } {# redir #}
   {%- endif %} {#- if default_path #}
+{%- if prefer_gzip  %}
+  rewrite {
+    regexp (.*)
+    if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
+    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
+  }
+{%- else %}
   rewrite {
     regexp (.*)
     to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
   } {# rewrite #}
+{%- endif %} {#- if prefer_gzip #}
 {%- elif slave_type ==  'redirect' and backend_url %} {#- if slave_type ==  'zope' and backend_url #}
   # Redirect configuration
   redir 302 {
@@ -155,12 +163,12 @@
   log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
   errors {{ slave_parameter.get('error_log') }}
 
-{%- if prefer_gzip %}
+{%- if prefer_gzip and not (slave_type == 'zope' and backend_url) %}
   rewrite {
     if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
     to /prefer-gzip{uri}
   }
-{%- endif %} {#- if prefer_gzip #}
+{%- endif %} {#- if prefer_gzip and not (slave_type == 'zope' and backend_url) #}
 
 {%- if https_only %}
   # Enforced redirection to SSL-enabled host
@@ -211,10 +219,18 @@
     / {scheme}://{host}/{{ default_path }}
   } {# redir #}
 {%-   endif %} {#-   if default_path #}
+{%- if prefer_gzip  %}
+  rewrite {
+    regexp (.*)
+    if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
+    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
+  }
+{%- else %}
   rewrite {
     regexp (.*)
     to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
   } {# rewrite #}
+{% endif %} {#- if prefer_gzip #}
 {%- else %} {#- if https_only #}
   # Default configuration
 {%-   if default_path %}

software/caddy-frontend/test/test.py

@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source
 import json
 import multiprocessing
 import subprocess
-from unittest import skip
+from unittest import skip, expectedFailure
 import ssl
 import signal
 from BaseHTTPServer import HTTPServer
@@ -337,7 +337,9 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
 
   @classmethod
   def getSoftwareURLList(cls):
-    return (os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'software.cfg')), )
+    return (
+      os.path.abspath(
+        os.path.join(os.path.dirname(__file__), '..', 'software.cfg')), )
 
   @classmethod
   def setUpClass(cls):
@@ -833,6 +835,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
         'url': cls.backend_url,
         'type': 'zope',
       },
+      'type-zope-prefer-gzip-encoding-to-backend': {
+        'url': cls.backend_url,
+        'prefer-gzip-encoding-to-backend': 'true',
+        'type': 'zope',
+      },
       'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt': {
         'url': cls.backend_https_url,
         'type': 'zope',
@@ -990,9 +997,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     expected_parameter_dict = {
       'monitor-base-url': None,
       'domain': 'example.com',
-      'accepted-slave-amount': '43',
+      'accepted-slave-amount': '44',
       'rejected-slave-amount': '4',
-      'slave-amount': '47',
+      'slave-amount': '48',
       'rejected-slave-dict': {
         "_apache_custom_http_s-rejected": ["slave not authorized"],
         "_caddy_custom_http_s": ["slave not authorized"],
@@ -1639,6 +1646,93 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
       '/VirtualHostRoot/test-path'
     )
 
+  def test_type_zope_prefer_gzip_encoding_to_backend(self):
+    parameter_dict = self.parseSlaveParameterDict(
+      'type-zope-prefer-gzip-encoding-to-backend')
+    self.assertLogAccessUrlWithPop(parameter_dict)
+    self.assertEqual(
+      {
+        'domain': 'typezopeprefergzipencodingtobackend.example.com',
+        'replication_number': '1',
+        'url': 'http://typezopeprefergzipencodingtobackend.example.com',
+        'site_url': 'http://typezopeprefergzipencodingtobackend.example.com',
+        'secure_access':
+        'https://typezopeprefergzipencodingtobackend.example.com',
+        'public-ipv4': SLAPOS_TEST_IPV4,
+      },
+      parameter_dict
+    )
+
+    result = self.fakeHTTPSResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
+
+    self.assertEqual(
+      self.certificate_pem,
+      der2pem(result.peercert))
+
+    try:
+      j = result.json()
+    except Exception:
+      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+
+    self.assertEqualResultJson(
+      result,
+      'Path',
+      '/VirtualHostBase/https//'
+      'typezopeprefergzipencodingtobackend.example.com:443/'
+      '/VirtualHostRoot/test-path'
+    )
+
+    result = self.fakeHTTPResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
+
+    self.assertEqualResultJson(
+      result,
+      'Path',
+      '/VirtualHostBase/http//'
+      'typezopeprefergzipencodingtobackend.example.com:80/'
+      '/VirtualHostRoot/test-path'
+    )
+
+    result = self.fakeHTTPSResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
+      headers={'Accept-Encoding': 'gzip, deflate'})
+
+    self.assertEqual(
+      self.certificate_pem,
+      der2pem(result.peercert))
+
+    try:
+      j = result.json()
+    except Exception:
+      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+
+    self.assertEqualResultJson(
+      result,
+      'Path',
+      '/VirtualHostBase/https//'
+      'typezopeprefergzipencodingtobackend.example.com:443/'
+      '/VirtualHostRoot/test-path'
+    )
+    self.assertEqual(
+      'gzip', result.json()['Incoming Headers']['accept-encoding'])
+
+    result = self.fakeHTTPResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
+      headers={'Accept-Encoding': 'gzip, deflate'})
+
+    self.assertEqualResultJson(
+      result,
+      'Path',
+      '/VirtualHostBase/http//'
+      'typezopeprefergzipencodingtobackend.example.com:80/'
+      '/VirtualHostRoot/test-path'
+    )
+    self.assertEqual(
+      'gzip', result.json()['Incoming Headers']['accept-encoding'])
+
   def test_type_zope_virtualhostroot_http_port(self):
     parameter_dict = self.parseSlaveParameterDict(
       'type-zope-virtualhostroot-http-port')
@@ -2673,6 +2767,20 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
     self.assertEqual(
       'deflate', result.json()['Incoming Headers']['accept-encoding'])
 
+    result = self.fakeHTTPSResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
+
+    self.assertEqual(
+      self.certificate_pem,
+      der2pem(result.peercert))
+
+    self.assertEqualResultJson(result, 'Path', '/test-path')
+
+    result = self.fakeHTTPSResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
+
+    self.assertEqualResultJson(result, 'Path', '/test-path')
+
   def test_disabled_cookie_list(self):
     parameter_dict = self.parseSlaveParameterDict('disabled-cookie-list')
     self.assertLogAccessUrlWithPop(parameter_dict)
@@ -3434,6 +3542,9 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
       q for q in glob.glob(os.path.join(self.instance_path, '*',))
       if os.path.exists(os.path.join(q, 'etc', 'trafficserver'))][0]
 
+  # It is known problem that QUIC does not work after sending reload signal,
+  # SIGUSR1, see https://github.com/mholt/caddy/issues/2394
+  @expectedFailure
   def test_url(self):
     parameter_dict = self.parseSlaveParameterDict('url')
     self.assertLogAccessUrlWithPop(parameter_dict)

software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt

@@ -69,6 +69,8 @@ TestSlave-1/var/log/httpd/_type-zope-default-path_access_log
 TestSlave-1/var/log/httpd/_type-zope-default-path_error_log
 TestSlave-1/var/log/httpd/_type-zope-path_access_log
 TestSlave-1/var/log/httpd/_type-zope-path_error_log
+TestSlave-1/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
+TestSlave-1/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
 TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log
 TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_error_log
 TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log

software/caddy-frontend/test/test_data/test.TestSlave.test_monitor_promise_list-CADDY.txt

@@ -73,6 +73,8 @@ TestSlave-1/etc/monitor-promise/check-_type-zope-error-log-last-day
 TestSlave-1/etc/monitor-promise/check-_type-zope-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_type-zope-path-error-log-last-day
 TestSlave-1/etc/monitor-promise/check-_type-zope-path-error-log-last-hour
+TestSlave-1/etc/monitor-promise/check-_type-zope-prefer-gzip-encoding-to-backend-error-log-last-day
+TestSlave-1/etc/monitor-promise/check-_type-zope-prefer-gzip-encoding-to-backend-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-day
 TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-hour
 TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day

software/erp5testnode/buildout.hash.cfg

@@ -18,4 +18,4 @@ md5sum = 307663d73ef3ef94b02567ecd322252e
 
 [template-default]
 filename = instance-default.cfg
-md5sum = ff368286a75243d0536ee6a974107b6f
+md5sum = c85bd43145c7d21321546f988aebbfc7

software/erp5testnode/instance-default.cfg

@@ -233,4 +233,4 @@ port = $${shellinabox-frontend:port}
 node-quantity = 1
 test-suite-master-url =
 instance-dict =
-software-path-list = ["https://lab.nexedi.com/nexedi/slapos/raw/master/software/seleniumrunner/software.cfg"]
+software-path-list = ["https://lab.nexedi.com/nexedi/slapos/raw/1.0.83/software/seleniumrunner/software.cfg"]

software/neoppod/instance-neo-input-schema.json

@@ -85,9 +85,12 @@
             "type": "boolean"
           },
           "storage-type": {
-              "description": "Storage type. Defaults to MySQL if available, else SQLite.",
-              "enum": ["MySQL", "SQLite"],
-              "type": "string"
+            "description": "Storage type. Defaults to MySQL if available, else SQLite.",
+            "enum": [
+              "MySQL",
+              "SQLite"
+            ],
+            "type": "string"
           },
           "mysql": {
             "description": "Dictionary containing parameters for MySQL.",

software/slapos-master/apache-backend.conf.in

@@ -181,3 +181,28 @@ Listen {{ ip }}:{{ port }}
   RewriteRule ^/(.*) {{ backend }}/$1 [L,P]
 </VirtualHost>
 {% endfor -%}
+
+
+{% for (ip, port), (enable_authentication, path_mapping) in parameter_dict.get('zope-virtualhost-monster-backend-dict', {}).items() -%}
+Listen {{ ip }}:{{ port }}
+<VirtualHost {{ ip }}:{{ port }}>
+  SSLEngine on
+{%   if enable_authentication and parameter_dict['ca-cert'] and parameter_dict['crl'] -%}
+  SSLVerifyClient require
+  SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
+  SSLCARevocationCheck chain
+  SSLCARevocationFile {{ parameter_dict['crl'] }}
+
+  LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
+
+  # We would like to separate the the authentificated logs.
+  # XXX filename ? is it log-rotated ?
+  ErrorLog "{{ parameter_dict['log-dir'] }}/apache-service-virtual-host-error.log"
+  CustomLog "{{ parameter_dict['log-dir'] }}/apache-service-virtual-host-access.log" combined
+{%   endif -%}
+
+{%   for path, backend in path_mapping.items() %}
+  RewriteRule ^/{{path}}(.*) {{ backend }}/VirtualHostBase/https/{{ ip }}:{{ port }}/VirtualHostRoot/_vh_{{ path }}$1 [L,P]
+{%   endfor -%}
+</VirtualHost>
+{% endfor -%}

software/slapos-master/buildout.hash.cfg

@@ -22,4 +22,4 @@ md5sum = 0f0ff00eca0b2ba1f1626b6415acb719
 
 [template-apache-backend-conf]
 filename = apache-backend.conf.in
-md5sum = e0a7b027cb52e5fa21ab64cfa7298f35
+md5sum = 7d1d13f4a888c2735ff8d7a4a961d9b2

stack/erp5/buildout.hash.cfg

@@ -22,11 +22,11 @@ md5sum = 0c0d98a68230cd0ad36046bb25b35f4a
 
 [mariadb-start-clone-from-backup]
 filename = instance-mariadb-start-clone-from-backup.sh.in
-md5sum = e405227118a70fbf949a6414469989db
+md5sum = d95e8500bdc72d1f40b97cc414656e7e
 
 [template-mariadb]
 filename = instance-mariadb.cfg.in
-md5sum = fc814dc35ee1a970d5f092cc0bb3a7a7
+md5sum = b27b034e7c9ab13e446e4ac59cda9f38
 
 [template-kumofs]
 filename = instance-kumofs.cfg.in
@@ -78,11 +78,11 @@ md5sum = eefce8adf37430b63559299699732b31
 
 [template-zeo]
 filename = instance-zeo.cfg.in
-md5sum = f9151066df96527d4c7f75c3079b2c10
+md5sum = d400c3d449ce437a0ded77ee3d5c5df2
 
 [template-zope]
 filename = instance-zope.cfg.in
-md5sum = ac26b478d353ce76cdad137e04e34217
+md5sum = 36f72fcff7b2ebed8343f4ec3f3568f8
 
 [template-balancer]
 filename = instance-balancer.cfg.in

stack/erp5/instance-mariadb-start-clone-from-backup.sh.in

@@ -89,7 +89,7 @@ zcat "$BACKUP" | "$CLIENT" -u root
 echo "Configuring server as slave..."
 if [ "$MASTER_USE_GTID" -eq 1 ]; then
   "$CLIENT" -u root -e "$SQL_SET_GTID"
-  MASTER_USE_GTID_SQL="current_pos"
+  MASTER_USE_GTID_SQL="slave_pos"
 else
   MASTER_USE_GTID_SQL="NO"
 fi

stack/erp5/instance-mariadb.cfg.in

@@ -278,10 +278,8 @@ rendered = ${directory:srv}/exporter.exclude
 
 [{{ section("resiliency-identity-signature-script")}}]
 # Generate identity script used by webrunner to check data integrity
-# It excludes repozo files as they already include a hash function
-# used to check backups when rebuilding the datafs
 recipe = slapos.cookbook:wrapper
-command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate"
+command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate/**"
 wrapper-path = ${directory:srv}/.backup_identity_script
 mode = 770
 

stack/erp5/instance-zeo.cfg.in

@@ -117,7 +117,7 @@ rendered = ${directory:srv}/exporter.exclude
 # It excludes repozo files as they already include a hash function
 # used to check backups when rebuilding the datafs
 recipe = slapos.cookbook:wrapper
-command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate" --exclude-path "srv/backup/zodb"
+command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate/**" --exclude-path "srv/backup/zodb/*/*fsz"
 wrapper-path = ${directory:srv}/.backup_identity_script
 mode = 770
 

stack/erp5/instance-zope.cfg.in

@@ -120,10 +120,8 @@ rendered = ${directory:srv}/exporter.exclude
 
 [{{ section("resiliency-identity-signature-script")}}]
 # Generate identity script used by webrunner to check data integrity
-# It excludes repozo files as they already include a hash function
-# used to check backups when rebuilding the datafs
 recipe = slapos.cookbook:wrapper
-command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate"
+command-line = {{ bin_directory }}/backup-identity-script-excluding-path --exclude-path "srv/backup/logrotate/**"
 wrapper-path = ${directory:srv}/.backup_identity_script
 mode = 770
 

stack/slapos.cfg

@@ -134,7 +134,7 @@ pyparsing = 2.2.0
 pytz = 2016.10
 requests = 2.13.0
 six = 1.11.0
-slapos.cookbook = 1.0.75
+slapos.cookbook = 1.0.84
 slapos.core = 1.4.15
 slapos.extension.strip = 0.4
 slapos.extension.shared = 1.0
@@ -210,7 +210,7 @@ pyrsistent = 0.14.5
 ipaddress = 1.0.18
 
 # Required by:
-# slapos.cookbook==1.0.62
+# slapos.cookbook==1.0.84
 jsonschema = 3.0.0a3
 
 # Required by: