Update Release Candidate

component/ceph/buildout.cfg

@@ -35,6 +35,11 @@ recipe = slapos.recipe.build
 shared = true
 pyyaml = ${pyyaml-download:target}
 pyaml = ${pyaml-download:target}
+init =
+  # add the python executable in the options dict so that
+  # buildout signature changes if python executable changes
+  import sys
+  options['python-executable'] = sys.executable
 
 install =
   import os, sys

component/golang/buildout.cfg

@@ -48,11 +48,20 @@ md5sum = dbf727a4b0e365bf88d97cbfde590016
 environment-extra =
 # build Go without testing it
 # NOTE go1.4 does not have build cache
-make-targets= cd src && unset GOBIN && ./make.bash && cp -alf .. ${:location}
+setarch =
+make-targets= cd src && unset GOBIN && ${:setarch} ./make.bash && cp -alf .. ${:location}
+
+# go1.4 is used for bootstrap and does not support CGO
+environment-extra =
+  CGO_ENABLED=0
 
 # skip-chown-tests.patch does not apply to go1.4, but we don't run go1.4 tests.
 patches =
 
+# go1.4 does not have support for arm64 - build it in arm32 mode
+[golang14:platform.machine() == 'aarch64']
+setarch = setarch arm
+
 
 [golang1.12]
 <= golang-common

component/haproxy/buildout.cfg

@@ -13,8 +13,8 @@ parts = haproxy
 [haproxy]
 recipe = slapos.recipe.cmmi
 shared = true
-url = http://www.haproxy.org/download/2.0/src/haproxy-2.0.29.tar.gz
-md5sum = a4c4983c7ed51946bdde1d0eceedd527
+url = http://www.haproxy.org/download/2.6/src/haproxy-2.6.7.tar.gz
+md5sum = cfa36413f2bc5187ab34ffcdf71914d4
 configure-command = true
 # for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET,
 # otherwise use "generic".
@@ -22,22 +22,43 @@ configure-command = true
 # CPU is generic, and not native, as in SlapOS software released are
 # distributed in binary form, which may lead to incompatibility of such
 # compilation optimisation across various CPUs
+TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
+CPU=generic
+ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
+
+# By default haproxy is build w/o QUIC support
+SSL_INC=${openssl:location}/include
+SSL_LIB=${openssl:location}/lib
+SSL_ADDLIB=-Wl,-rpath=${openssl:location}/lib
+QUIC=
+
 make-options =
-  TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
-  CPU=generic
-  ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
+  TARGET=${:TARGET}
+  CPU=${:CPU}
+  ARCH=${:ARCH}
   PREFIX=@@LOCATION@@
   USE_DL=1
   USE_LUA=1
   LUA_INC=${lua:location}/include
   LUA_LIB=${lua:location}/lib
   USE_OPENSSL=1
-  SSL_INC=${openssl:location}/include
-  SSL_LIB=${openssl:location}/lib
+  SSL_INC=${:SSL_INC}
+  SSL_LIB=${:SSL_LIB}
+  ${:QUIC}
   USE_PCRE=1
   USE_ZLIB=1
   ZLIB_INC=${zlib:location}/include
   ZLIB_LIB=${zlib:location}/lib
-  ADDLIB="-Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
+  ADDLIB="${:SSL_ADDLIB} -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
 environment =
   PATH=${pcre:location}/bin:%(PATH)s
+
+[haproxy-quic]
+<= haproxy
+
+SSL_INC=${openssl-quictls:location}/include
+SSL_LIB=${openssl-quictls:location}/lib
+SSL_ADDLIB=-Wl,-rpath=${openssl-quictls:location}/lib
+QUIC=USE_QUIC=1
+
+

component/jupyter-py2/buildout.cfg

 [buildout]
-extends = 
+extends =
   buildout.hash.cfg
   ../../stack/slapos.cfg
   ../openssl/buildout.cfg
@@ -62,48 +62,26 @@ context =
 
 [versions]
 Pygments = 2.2.0
-astor = 0.5
-backports-abc = 0.5
-backports.shutil-get-terminal-size = 1.0.0
 ipykernel = 4.5.2
 ipython = 5.3.0
-ipython-genutils = 0.1.0
-ipywidgets = 6.0.0
 jupyter-client = 5.0.0
 jupyter-core = 4.3.0
-jupyterlab = 0.26.3
-jupyterlab-launcher = 0.3.1
-matplotlib = 2.1.2
 mistune = 0.7.3
 nbformat = 4.3.0
 notebook = 4.4.1
 prompt-toolkit = 1.0.13
-ptyprocess = 0.5.1
 pyzmq = 16.0.2
 scikit-learn = 0.18.1
-seaborn = 0.7.1
-simplegeneric = 0.8.1
 statsmodels = 0.8.0
 terminado = 0.6
 tornado = 4.4.2
-widgetsnbextension = 2.0.0
+traitlets = 4.3.3
 
 # nbconvert 4.2.0 depends on entrypoints egg that is not available as tar/zip source.
 nbconvert = 4.1.0
 pathlib2 = 2.2.1
 patsy = 0.4.1
 pexpect = 4.2.1
-pickleshare = 0.7.4
 scandir = 1.5
-singledispatch = 3.4.0.3
 wcwidth = 0.1.7
-jupyter = 1.0.0
 jupyter-console = 5.1.0
-qtconsole = 4.3.0
-et-xmlfile = 1.0.1
-h5py = 2.7.1
-mpmath = 1.0.0
-openpyxl = 2.5.2
-sympy = 1.1.1
-xlrd = 1.1.0
-jdcal = 1.4

component/jupyter/buildout.cfg

@@ -63,24 +63,24 @@ setup-eggs =
   ${numpy:egg}
   ${python-pyzmq:egg}
   ${ipython:egg}
-  
-scripts = 
+
+scripts =
   jupyter-kernelspec
   pythonjupyter
   jupyter
   jupyter-trust
-  jupyter-nbconvert
   jupyter-console
   jupyter-migrate
   jupyter-troubleshoot
   jupyter-run
-  
+
 [jupyter-notebook-initialized-scripts]
 recipe = zc.recipe.egg:scripts
 eggs = ${jupyter:eggs}
 environment = jupyter-env
 
-scripts = 
+scripts =
+  jupyter-nbconvert
   jupyter-nbextension
   jupyter-notebook
   jupyter-serverextension

component/libiconv/buildout.cfg

 [buildout]
-extends =
-  ../patch/buildout.cfg
 parts =
   libiconv
 
 [libiconv]
-patch-binary = ${patch:location}/bin/patch
-patch-options = -p1
-patches =
-  ${:_profile_base_location_}/libiconv.gets.patch#8a20d8afe0617fce56f77537d2b84621
 recipe = slapos.recipe.cmmi
 shared = true
-url = http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz
-md5sum = e34509b1623cec449dfeb73d7ce9c6c6
+url = http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.17.tar.gz
+md5sum = d718cd5a59438be666d1575855be72c3

component/libiconv/libiconv.gets.patch

---- libiconv-1.14.orig/srclib/stdio.in.h        2011-08-07 13:42:06.000000000 +0000
-+++ libiconv-1.14/srclib/stdio.in.h     2013-01-09 19:56:21.115819812 +0000
-@@ -680,22 +680,7 @@
- #endif
- 
- #if @GNULIB_GETS@
--# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
--#  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
--#   undef gets
--#   define gets rpl_gets
--#  endif
--_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1)));
--_GL_CXXALIAS_RPL (gets, char *, (char *s));
--# else
--_GL_CXXALIAS_SYS (gets, char *, (char *s));
--#  undef gets
--# endif
--_GL_CXXALIASWARN (gets);
--/* It is very rare that the developer ever has full control of stdin,
--   so any use of gets warrants an unconditional warning.  Assume it is
--   always declared, since it is required by C89.  */
--_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
-+#undef gets
- #endif

component/openssl/buildout.cfg

@@ -46,6 +46,11 @@ make-targets =
 environment =
   PERL=${perl:location}/bin/perl
 
+[openssl-quictls]
+<= openssl
+url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1s+quic1.tar.gz
+md5sum = 8ee8e1828879e2b527eca5dcc7923769
+
 [openssl-output]
 # Shared binary location to ease migration
 recipe = plone.recipe.command

component/python3/buildout.cfg

@@ -18,7 +18,7 @@ parts =
     python3
 
 [python3]
-<= python3.8
+<= python3.9
 
 [python3-common]
 recipe = slapos.recipe.cmmi

component/selenium/buildout.cfg

+[buildout]
+parts =
+  selenium
+
+[selenium]
+recipe = zc.recipe.egg
+egg = selenium
+# patch to support python3.9
+selenium-patches = https://github.com/SeleniumHQ/selenium/commit/ddd163b681776292a72c39352581cf5c9d4f88f4.patch#c801fade1cd2019c063a0f0ef7cca3fe
+selenium-patch-options = -p2
+
+[versions]
+selenium = 3.141.0+SlapOSPatched001

component/theia/buildout.cfg

@@ -38,6 +38,7 @@ environment =
   PATH=${nodejs:location}/bin:${pkgconfig:location}/bin:${python3:location}/bin:%(PATH)s
   PKG_CONFIG_PATH=${libsecret:pkg-config-path}
   LDFLAGS=-Wl,-rpath=${libsecret:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib
+  NODE_OPTIONS=--max_old_space_size=4096
 pre-configure =
   mkdir -p $TMPDIR
   echo '${package.json:content}' > %(location)s/package.json

component/xorg/buildout.cfg

@@ -97,8 +97,8 @@ environment =
 [xcbproto]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://xcb.freedesktop.org/dist/xcb-proto-1.13.tar.bz2
-md5sum = abe9aa4886138150bbc04ae4f29b90e3
+url = https://xcb.freedesktop.org/dist/xcb-proto-1.15.1.tar.gz
+md5sum = 3ee98337cda244996fab03df47e09df8
 environment =
   PATH=${libxml2:location}/bin:%(PATH)s
   PYTHON=${buildout:executable}

software/beremiz-runtime/software.cfg

@@ -7,7 +7,7 @@ extends =
   ../../stack/monitor/buildout.cfg
   ../../stack/slapos.cfg
 
-parts = 
+parts =
   beremiz-source
   slapos-cookbook
   instance-profile
@@ -95,7 +95,6 @@ Automat = 0.3.0
 zope.interface = 4.4.2
 Nevow = 0.14.5
 PyHamcrest = 2.0.2
-Pygments = 2.9.0
 Pyro = 3.16
 bitarray = 2.1.3
 constantly = 15.1.0
@@ -103,7 +102,6 @@ future = 0.18.2
 hyperlink = 21.0.0
 incremental = 21.3.0
 pathlib = 1.0.1
-prompt-toolkit = 3.0.19
 zeroconf-py2compat = 0.19.10
 
 # Required by:

software/caddy-frontend/CHANGES.caddy_frontend.rst

-Changes
-=======
-
-Here are listed the most important changes, which might affect upgrades.
-
-1.0.XXX (XXXX-XX-XX)
---------------------
-
- * fix: exposed log file names are stabilised
- * feature: in case of not found instance more information are provided
- * feature: telemetry is fully disabled
- * feature: Apache Traffic Server 8.0 is used
- * feature: backend-haproxy statistic for haproxy's frontend is available
- * fix: slave publication has been fixed in case of mixed case slave reference
- * feature: running test/test.py resolves with starting backend used in tests
- * fix: automatic caucase-updater usage has been fixed
- * fix/workaround: reconnect to backend-haproxy from Caddy and Apache Traffic Server
- * fix/feature: use explicitly Apache Traffic Server simulation of stale-if-error, as in reality Apache Traffic Server does not support it
- * feature: dropped not used parameters
- * feature: Strict-Transport-Security aka HSTS
- * fix: use kedifa with with for file with multiple CAs
- * feature: support query string (the characters after ? in the url) in url and https-url
- * fix: by having unique acl names fix rare bug of directing traffic to https-url instead of url or otherwise
- * feature: failover backend
-
-1.0.164 (2020-09-24)
---------------------
-
- * feature: serve a stale result up to 1 day if the origin server is down
- * feature: request real frontend for slave introspection (aka log access)
- * fix: Kedifa reloading, it was resulting with kedifa server disallowing access after some time
- * feature: allow to set software release for each node, instead for the whole cluster
- * fix: haproxy matches correct hostname in case of wildcards, instead of using wildcard host instead of the specific one
-
-1.0.160 (2020-08-25)
---------------------
-
- * haproxy updated from 2.0.15 to 2.0.17 in order to fix issue while accessing inaccessible backends
-
-1.0.159 (2020-07-30)
---------------------
-
- * logs are ensured to be available in slave's ``log-access-url``
- * logs from backend Haproxy are also available to slaves
-
-1.0.158 (2020-07-24)
---------------------
-
- * manual customisation of profiles has been dropped, as not used, dropped keys are ``apache_custom_http``, ``apache_custom_https``, ``caddy_custom_http``, ``caddy_custom_https`` from slaves and ``-frontend-authorized-slave-string`` from master
- * ``re6st-optimal-test`` has been dropped from slave
- * QUIC is dropped, as was not used and has been superseded by HTTP/3, dropped key is ``enable-quic`` from master
- * haproxy is used as a gateway to backends:
-
-   * ``automatic-internal-backend-client-caucase-csr`` switch for master is introduced to control it CSR signing
-   * ``proxy-try-duration`` and ``proxy-try-interval`` has been dropped, as Caddy is not used anymore to connect to the backend, and instead ``backend-connect-timeout`` and ``backend-connect-retries`` is used, as it comes from Haproxy
-   * ``backend-client-caucase-url`` is returned in master and slave, so that backends can use caucase to fetch CA from frontend cluster
-   * ``request-timeout`` is supported per slave, as now it became possible
-   * ``authenticate-to-backend`` is added for master and slave, defaulting to False, to have control over cluster default authentication, and make it possible to do it per slave
-
-1.0.149 (2020-05-05)
---------------------
-
- * no changes noted

software/caddy-frontend/templates/Caddyfile.in

-import {{ slave_configuration_directory }}/*.conf
-
-:{{ https_port }} {
-  tls {{ master_certificate }} {{ master_certificate }} {
-    # Allow http2
-    alpn h2 http/1.1
-
-  }
-  bind {{ local_ipv4 }}
-  status 404 /
-  log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
-    rotate_size 10000000
-  }
-  errors {{ error_log }} {
-    rotate_size 10000000
-    * {{ not_found_file }}
-  }
-}
-
-:{{ http_port }} {
-  bind {{ local_ipv4 }}
-  status 404 /
-  log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
-    rotate_size 10000000
-  }
-  errors {{ error_log }} {
-    rotate_size 10000000
-    * {{ not_found_file }}
-  }
-}
-
-# Access to server-status Caddy-style
-https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
-  tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-certificate'] }} {
-    # Allow http2
-    alpn h2 http/1.1
-  }
-  bind {{ local_ipv4 }}
-  basicauth "{{ username }}" {{ password | trim }} {
-    "Server Status"
-    /
-  }
-  expvar
-  pprof
-  log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
-    rotate_size 10000000
-  }
-  errors {{ error_log }} {
-    rotate_size 10000000
-    * {{ not_found_file }}
-  }
-}

software/erp5/test/test/__init__.py

 ##############################################################################
 #
-# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
+# Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
 #
 # WARNING: This program as such is intended to be used by professional
 # programmers who take the whole responsibility of assessing all potential
@@ -25,8 +25,10 @@
 #
 ##############################################################################
 
+import itertools
 import json
 import os
+import sys
 
 from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
 
@@ -45,9 +47,138 @@ def setUpModule():
   setup_module_executed = True
 
 
-class ERP5InstanceTestCase(SlapOSInstanceTestCase):
+# Metaclass to parameterize our tests.
+# This is a rough adaption of the parameterized package:
+#   https://github.com/wolever/parameterized
+# Consult following note for rationale why we don't use parameterized:
+#   https://lab.nexedi.com/nexedi/slapos/merge_requests/1306
+class ERP5InstanceTestMeta(type):
+  """Adjust ERP5InstanceTestCase instances to be run in several flavours (e.g. NEO/ZEO)
+
+  Adjustements can be declared via setting the '__test_matrix__' attribute
+  of a test case.
+  A test matrix is a dict which maps the flavoured class name suffix to
+  a tuple of parameters.
+  A parameter is a function which receives the instance_parameter_dict
+  and modifies it in place (therefore no return value is needed).
+  You can use the 'matrix' helper function to construct a test matrix.
+  If .__test_matrix__ is 'None' the test case is ignored.
+  If the test case should be run without any adaptions, you can set
+  .__test_matrix__ to 'matrix((default,))'.
+  """
+
+  def __new__(cls, name, bases, attrs):
+    base_class = super().__new__(cls, name, bases, attrs)
+    if base_class._isParameterized():
+      cls._parameterize(base_class)
+    return base_class
+
+  # _isParameterized tells whether class is parameterized.
+  # All classes with 'metaclass=ERP5InstanceTestMeta' are parameterized
+  # except from a class which has been automatically instantiated from
+  # such user class. This exception prevents infinite recursion due to
+  # a parameterized class which tries to parameterize itself again.
+  def _isParameterized(self):
+    return not getattr(self, '.created_by_parametrize', False)
+
+  # Create multiple test classes from single definition.
+  @classmethod
+  def _parameterize(cls, base_class):
+    mod_dict = sys.modules[base_class.__module__].__dict__
+    for class_name_suffix, parameter_tuple in (base_class.__test_matrix__ or {}).items():
+      parameterized_cls_dict = dict(
+        base_class.__dict__,
+        **{
+          # Avoid infinite loop by a parameterized class which
+          # parameterize itself again and again and..
+          ".created_by_parametrize": True,
+          # Switch
+          #
+          #  .getInstanceParameterDict       to ._test_getInstanceParameterDict
+          #  ._base_getInstanceParameterDict to .getInstanceParameterDict
+          #
+          # so that we could inject base implementation to be called above
+          # user-defined getInstanceParameterDict.
+          "_test_getInstanceParameterDict": base_class.getInstanceParameterDict,
+          "getInstanceParameterDict": cls._getParameterizedInstanceParameterDict(parameter_tuple)
+        }
+      )
+      name = f"{base_class.__name__}_{class_name_suffix}"
+      mod_dict[name] = type(name, (base_class,), parameterized_cls_dict)
+
+  # _getParameterizedInstanceParameterDict returns a modified version of
+  # a test cases original 'getInstanceParameterDict'. The modified version
+  # applies parameters on the default instance parameters.
+  @staticmethod
+  def _getParameterizedInstanceParameterDict(parameter_tuple):
+    @classmethod
+    def getInstanceParameterDict(cls):
+      instance_parameter_dict = json.loads(
+        cls._test_getInstanceParameterDict().get("_", r"{}")
+      )
+      [p(instance_parameter_dict) for p in parameter_tuple]
+      return {"_": json.dumps(instance_parameter_dict)}
+    return getInstanceParameterDict
+
+  # Hide tests in unpatched base class: It doesn't make sense to run tests
+  # in original class, because parameters have not been assigned yet.
+  #
+  # We can't simply call 'delattr', because this wouldn't remove
+  # inherited tests. Overriding dir is sufficient, because this is
+  # the way how unittest discovers tests:
+  #   https://github.com/python/cpython/blob/3.11/Lib/unittest/loader.py#L237
+  def __dir__(self):
+    if self._isParameterized():
+      return [attr for attr in super().__dir__() if not attr.startswith('test')]
+    return super().__dir__()
+
+
+def matrix(*parameter_tuple):
+  """matrix creates a mapping of test_name -> parameter_tuple.
+
+  Each provided parameter_tuple won't be combined within itself,
+  but with any other provided parameter_tuple, for instance
+
+    >>> parameter_tuple0 = (param0, param1)
+    >>> parameter_tuple1 = (param2, param3)
+    >>> matrix(parameter_tuple0, parameter_tuple1)
+
+  will return all options of (param0 | param1) & (param2 | param3):
+
+    - param0_param2
+    - param0_param3
+    - param1_param2
+    - param1_param3
+  """
+  return {
+    "_".join([p.__name__ for p in params]): params
+    for params in itertools.product(*parameter_tuple)
+  }
+
+
+# Define parameters (function which receives instance params + modifies them).
+#
+# default runs tests without any adaption
+def default(instance_parameter_dict): ...
+
+
+def zeo(instance_parameter_dict):
+  instance_parameter_dict['zodb'] = [{"type": "zeo", "server": {}}]
+
+
+def neo(instance_parameter_dict):
+   # We don't provide encryption certificates in test runs for the sake
+  # of simplicity. By default SSL is turned on, we need to explicitly
+  # deactivate it:
+  #   https://lab.nexedi.com/nexedi/slapos/blob/a8150a1ac/software/neoppod/instance-neo-input-schema.json#L61-65
+  instance_parameter_dict['zodb'] = [{"type": "neo", "server": {"ssl": False}}]
+
+
+class ERP5InstanceTestCase(SlapOSInstanceTestCase, metaclass=ERP5InstanceTestMeta):
   """ERP5 base test case
   """
+  __test_matrix__ = matrix((zeo, neo))  # switch between NEO and ZEO mode
+
   @classmethod
   def getRootPartitionConnectionParameterDict(cls):
     """Return the output paramters from the root partition"""

software/erp5/test/test/test_balancer.py

@@ -25,7 +25,7 @@ from slapos.testing.testcase import ManagedResource
 from slapos.testing.utils import (CrontabMixin, ManagedHTTPServer,
                                   findFreeTCPPort)
 
-from . import ERP5InstanceTestCase, setUpModule
+from . import ERP5InstanceTestCase, setUpModule, matrix, default
 
 setUpModule  # pyflakes
 
@@ -132,6 +132,12 @@ class CaucaseService(ManagedResource):
 
 
 class BalancerTestCase(ERP5InstanceTestCase):
+  # We explicitly specify 'balancer' as our software type here,
+  # therefore we don't request ZODB. We therefore don't
+  # need to run these tests with both NEO and ZEO mode,
+  # it wouldn't make any difference.
+  #   https://lab.nexedi.com/nexedi/slapos/blob/273037c8/stack/erp5/instance.cfg.in#L216-230
+  __test_matrix__ = matrix((default,))
 
   @classmethod
   def getInstanceSoftwareType(cls):

software/erp5/test/test/test_erp5.py

 ##############################################################################
 #
-# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
+# Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
 #
 # WARNING: This program as such is intended to be used by professional
 # programmers who take the whole responsibility of assessing all potential
@@ -46,7 +46,7 @@ import xmlrpc.client
 import urllib3
 from slapos.testing.utils import CrontabMixin
 
-from . import ERP5InstanceTestCase, setUpModule
+from . import ERP5InstanceTestCase, setUpModule, matrix, default
 
 setUpModule # pyflakes
 
@@ -119,6 +119,7 @@ class TestDefaultParameters(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
   """Test ERP5 can be instantiated with no parameters
   """
   __partition_reference__ = 'defp'
+  __test_matrix__ = matrix((default,))
 
 
 class TestMedusa(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
@@ -310,6 +311,7 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac
   """Test override zope node parameters
   """
   __partition_reference__ = 'override'
+  __test_matrix__ = matrix((default,))
 
   @classmethod
   def getInstanceParameterDict(cls):

software/erp5/test/test/test_mariadb.py

@@ -45,6 +45,9 @@ from slapos.testing.utils import getPromisePluginParameterDict
 
 from . import ERP5InstanceTestCase
 from . import setUpModule
+from . import matrix
+from . import default
+
 setUpModule  # pyflakes
 
 
@@ -52,6 +55,12 @@ class MariaDBTestCase(ERP5InstanceTestCase):
   """Base test case for mariadb tests.
   """
   __partition_reference__ = 'm'
+  # We explicitly specify 'mariadb' as our software type here,
+  # therefore we don't request ZODB. We therefore don't
+  # need to run these tests with both NEO and ZEO mode,
+  # it wouldn't make any difference.
+  #   https://lab.nexedi.com/nexedi/slapos/blob/273037c8/stack/erp5/instance.cfg.in#L216-230
+  __test_matrix__ = matrix((default,))
 
   @classmethod
   def getInstanceSoftwareType(cls):

software/erp5/test/test/test_wcfs.py

-# Copyright (C) 2021  Nexedi SA and Contributors.
+# Copyright (C) 2022  Nexedi SA and Contributors.
 #
 # This program is free software: you can Use, Study, Modify and Redistribute
 # it under the terms of the GNU General Public License version 3, or (at your
@@ -43,6 +43,18 @@ class TestWCFS(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
   """
   __partition_reference__ = 'wcfs'
 
+  # Only run in ZEO mode; don't run with NEO.
+  # Current NEO/py and NEO/go versions have interoperability
+  # issues. Once these issues are fixed the following
+  # lines have to be removed so that test case runs agains NEO.
+  # Please see the following MR for more context:
+  # https://lab.nexedi.com/nexedi/slapos/merge_requests/1283#note_174854
+  @classmethod
+  def setUpClass(cls):
+    if json.loads(cls.getInstanceParameterDict()["_"])['zodb'][0]["type"] == "neo":
+      raise unittest.SkipTest("Not yet fixed WCFS+NEO interoperability issue.")
+    super().setUpClass()
+
   @classmethod
   def getInstanceParameterDict(cls):
     return {'_': json.dumps({'wcfs': {'enable': True}})}

software/erp5/upgrade_test/test.py

@@ -46,7 +46,7 @@ from slapos.testing.testcase import (
   makeModuleSetUpAndTestCaseClass,
 )
 
-old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.7/software/erp5/software.cfg'
+old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.8/software/erp5/software.cfg'
 new_software_release_url = os.path.abspath(
   os.path.join(os.path.dirname(__file__), '..', 'software.cfg'))
 

software/jstestnode/software.cfg

@@ -13,6 +13,7 @@ extends =
   ../../component/nginx/buildout.cfg
   ../../component/openssl/buildout.cfg
   ../../component/curl/buildout.cfg
+  ../../component/selenium/buildout.cfg
   ./buildout.hash.cfg
 
 parts =
@@ -36,7 +37,7 @@ parts =
 recipe = zc.recipe.egg
 eggs =
   erp5.util
-  selenium
+  ${selenium:egg}
   certifi
   ${lxml-python:egg}
 interpreter = pythonwitheggs
@@ -126,6 +127,3 @@ output = ${buildout:directory}/template-nginx.cfg.in
 [template-runTestSuite]
 <= macro-template
 output = ${buildout:directory}/runTestSuite.in
-
-[versions]
-selenium = 3.141.0

software/jupyter/software.cfg

@@ -43,64 +43,3 @@ output = ${buildout:directory}/template.cfg
 
 [instance-jupyter]
 <= download-file-base
-
-[versions]
-Pygments = 2.7.2
-astor = 0.5
-async-generator = 1.10
-backports-abc = 0.5
-backports.shutil-get-terminal-size = 1.0.0
-bleach = 3.2.1
-defusedxml = 0.6.0
-entrypoints = 0.3
-ipykernel = 5.3.4:whl
-ipython = 5.3.0
-ipython-genutils = 0.1.0
-ipywidgets = 6.0.0
-jupyter-client = 6.1.7
-jupyter-core = 4.7.0
-jupyterlab = 0.26.3
-jupyterlab-launcher = 0.3.1
-jupyterlab-pygments = 0.1.2
-matplotlib = 2.1.2
-mistune = 0.8.4
-nest-asyncio = 1.4.3
-nbclient = 0.5.1
-nbformat = 5.0.8
-notebook = 6.1.5
-pandocfilters = 1.4.3
-prompt-toolkit = 1.0.13
-ptyprocess = 0.5.1
-pyzmq = 20.0.0
-scikit-learn = 0.20.4
-seaborn = 0.7.1
-simplegeneric = 0.8.1
-statsmodels = 0.11.1
-testpath = 0.4.4
-terminado = 0.9.1
-tornado = 6.1
-traitlets = 5.0.5
-webencodings = 0.5.1
-widgetsnbextension = 2.0.0
-Send2Trash = 1.5.0
-argon2-cffi = 20.1.0
-nbconvert = 6.0.7
-pathlib2 = 2.2.1
-patsy = 0.5.1
-pexpect = 4.8.0
-pickleshare = 0.7.4
-prometheus-client = 0.9.0
-scandir = 1.5
-pytz = 2020.4
-singledispatch = 3.4.0.3
-wcwidth = 0.1.7
-jupyter = 1.0.0
-jupyter-console = 5.1.0
-qtconsole = 4.3.0
-et-xmlfile = 1.0.1
-h5py = 2.7.1
-mpmath = 1.0.0
-openpyxl = 2.5.2
-sympy = 1.1.1
-xlrd = 1.1.0
-jdcal = 1.4

software/jupyter/test/test.py

@@ -31,6 +31,7 @@ import json
 import os
 import requests
 import sqlite3
+import subprocess
 
 from slapos.proxy.db_version import DB_VERSION
 from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
@@ -268,3 +269,67 @@ class TestJupyterCustomAdditional(SelectMixin, InstanceTestCase):
 
     # clean up the fake master
     r.destroyed()
+
+
+class TestIPython(InstanceTestCase):
+
+  converted_notebook = 'test.nbconvert.ipynb'
+  notebook_filename = 'test.ipynb'
+  test_sentence = 'test'
+
+  def setUp(self):
+    super().setUp()
+    notebook_source = {
+      "cells": [
+        {
+        "cell_type": "code",
+        "execution_count": None,
+        "metadata": {},
+        "outputs": [],
+        "source": [
+          "import sys\n",
+          "print('" + self.test_sentence + "')"
+        ]
+        }
+      ],
+      "metadata": {},
+      "nbformat": 4,
+      "nbformat_minor": 4
+    }
+    with open(self.notebook_filename, 'w') as notebook:
+      notebook.write(json.dumps(notebook_source))
+
+  def tearDown(self):
+    os.remove(self.notebook_filename)
+    if os.path.exists(self.converted_notebook):
+      os.remove(self.converted_notebook)
+    super().tearDown()
+
+  def test(self):
+    conversion_output = subprocess.check_output([
+      os.path.join(
+        self.computer_partition_root_path,
+        'software_release',
+        'bin',
+        'jupyter-nbconvert',
+      ),
+      '--execute',
+      '--to',
+      'notebook',
+      self.notebook_filename,
+    ], stderr=subprocess.STDOUT, text=True)
+    self.assertIn(
+      '[NbConvertApp] Converting notebook %s to notebook' % self.notebook_filename,
+      conversion_output,
+    )
+    self.assertRegex(
+      conversion_output,
+      r'\[NbConvertApp\] Writing \d+ bytes to %s' % self.converted_notebook
+    )
+
+    self.assertTrue(os.path.exists(self.converted_notebook))
+    with open(self.converted_notebook) as json_result:
+      self.assertEqual(
+        json.loads(json_result.read())['cells'][0]['outputs'][0]['text'][0],
+        self.test_sentence + '\n',
+      )

software/caddy-frontend/buildout.hash.cfg → software/rapid-cdn/buildout.hash.cfg

@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = d408adbd12d4161c22fe9c29118fd83e
+md5sum = a7cd4f5e23208bd9bf37cec03ad92fcd
 
 [profile-common]
 filename = instance-common.cfg.in
@@ -22,35 +22,35 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 
 [profile-frontend]
 filename = instance-frontend.cfg.in
-md5sum = 7c966ea975cea4dcea09281466df8082
+md5sum = daf89318c2c155132c34b91105c68806
 
 [profile-master]
 filename = instance-master.cfg.in
-md5sum = cfd5212f27696311f12c92dfce32cc59
+md5sum = b026a6df40f3d1090ceaa3451a9293fe
 
 [profile-slave-list]
 filename = instance-slave-list.cfg.in
-md5sum = aba91817a1b58377597500f676603d23
+md5sum = ca2e775e7bd2a96e46113a628461a46f
 
 [profile-master-publish-slave-information]
 filename = instance-master-publish-slave-information.cfg.in
 md5sum = cba4d995962f7fbeae3f61c9372c4181
 
-[template-caddy-frontend-configuration]
-_update_hash_filename_ = templates/Caddyfile.in
-md5sum = 9600df12af5787227825ddffd715b9cf
+[template-frontend-haproxy-configuration]
+_update_hash_filename_ = templates/frontend-haproxy.cfg.in
+md5sum = 4af0e29ac2399aac10de116b4fa3ac25
+
+[template-frontend-haproxy-crt-list]
+_update_hash_filename_ = templates/frontend-haproxy-crt-list.in
+md5sum = 13c294af9950939c76021eb19305f3ab
 
 [template-not-found-html]
 _update_hash_filename_ = templates/notfound.html
-md5sum = 88af61e7abbf30dc99a1a2526161128d
-
-[template-default-slave-virtualhost]
-_update_hash_filename_ = templates/default-virtualhost.conf.in
-md5sum = 57c86795293b11300a036f5f8cf2c868
+md5sum = d56e2cfab274cbbbe5b387f2f6e417df
 
 [template-backend-haproxy-configuration]
 _update_hash_filename_ = templates/backend-haproxy.cfg.in
-md5sum = 81c73a4995409acb548621e5fb11d481
+md5sum = b4b55d931249f11e4e1256afeb74b503
 
 [template-empty]
 _update_hash_filename_ = templates/empty.in
@@ -104,6 +104,10 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
 filename = instance-kedifa.cfg.in
 md5sum = d790e23ebf7b07bb245322629d402551
 
+[template-frontend-haproxy-rsyslogd-conf]
+_update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
+md5sum = 420f66264d4cd24070a5a7b325e09ccd
+
 [template-backend-haproxy-rsyslogd-conf]
 _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
 md5sum = ba91b7778c3d730353d42d7804ef8050

software/caddy-frontend/instance-input-schema.json → software/rapid-cdn/instance-input-schema.json

@@ -34,12 +34,6 @@
       "title": "Enable HTTP2 by Default",
       "type": "string"
     },
-    "mpm-graceful-shutdown-timeout": {
-      "default": 5,
-      "description": "Value passed to -grace parameter of Caddy, see https://caddyserver.com/docs/cli .",
-      "title": "Duration of the graceful shutdown period. Warning: Changing the parameter will result in restarting Caddy process.",
-      "type": "integer"
-    },
     "re6st-verification-url": {
       "description": "Url to verify if the internet and/or re6stnet is working.",
       "title": "Test Verification URL",
@@ -78,9 +72,9 @@
       "type": "string"
     },
     "ciphers": {
-      "description": "List of ciphers. Empty defaults to Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
       "title": "Ordered space separated list of ciphers",
-      "type": "string"
+      "type": "string",
+      "default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
     },
     "request-timeout": {
       "default": 600,

software/caddy-frontend/instance-master.cfg.in → software/rapid-cdn/instance-master.cfg.in

@@ -5,7 +5,27 @@
 {%- set NAME_BASE = 'caddy-frontend' %}
 {#- DANGER! DANGER! #}
 {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
-{%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %}
+{%- set GOOD_CIPHER_LIST = [
+  'ECDHE-ECDSA-AES256-GCM-SHA384',
+  'ECDHE-RSA-AES256-GCM-SHA384',
+  'ECDHE-ECDSA-AES128-GCM-SHA256',
+  'ECDHE-RSA-AES128-GCM-SHA256',
+] %}
+{%- set CIPHER_TRANSLATION_DICT = {
+  'ECDHE-ECDSA-WITH-CHACHA20-POLY1305': 'ECDHE-ECDSA-CHACHA20-POLY1305',
+  'ECDHE-RSA-WITH-CHACHA20-POLY1305': 'ECDHE-RSA-CHACHA20-POLY1305',
+  'ECDHE-RSA-AES256-CBC-SHA': 'ECDHE-RSA-AES256-SHA',
+  'ECDHE-RSA-AES128-CBC-SHA': 'ECDHE-RSA-AES128-SHA',
+  'ECDHE-ECDSA-AES256-CBC-SHA': 'ECDHE-ECDSA-AES256-SHA',
+  'ECDHE-ECDSA-AES128-CBC-SHA': 'ECDHE-ECDSA-AES128-SHA',
+  'RSA-AES256-CBC-SHA': 'AES256-SHA',
+  'RSA-AES128-CBC-SHA': 'AES128-SHA',
+  'ECDHE-RSA-3DES-EDE-CBC-SHA': 'ECDHE-RSA-DES-CBC3-SHA',
+  'RSA-3DES-EDE-CBC-SHA': 'DES-CBC3-SHA'
+} %}
+{%- for key, value in CIPHER_TRANSLATION_DICT.items() %}
+{%-   do GOOD_CIPHER_LIST.append(value) %}
+{%- endfor %}
 {#- Allow to pass only some parameters to frontend nodes #}
 {%- set FRONTEND_NODE_PASSED_KEY_LIST = [
         'plain_http_port',
@@ -14,7 +34,6 @@
         'apache-key',
         'domain',
         'enable-http2-by-default',
-        'mpm-graceful-shutdown-timeout',
         're6st-verification-url',
         'backend-connect-timeout',
         'backend-connect-retries',
@@ -148,6 +167,10 @@ context =
 {%     do frontend_section_list.append(request_section_title) %}
 {%   endif %}
 {%   do part_list.append(request_section_title) %}
+{%   set frontend_haproxy_flavour_key = "-frontend-%s-experimental-haproxy-flavour" % i %}
+{%   do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
+{%   set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
+{%   do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
 # Filling request dict for slave
 {%   set request_content_dict = {
                                   'config': config_dict,
@@ -215,8 +238,13 @@ context =
 {%   set slave_cipher_list = slave.get('ciphers', '').strip().split() %}
 {%   if slave_cipher_list %}
 {%     for cipher in slave_cipher_list %}
-{%       if cipher not in GOOD_CIPHER_LIST  %}
-{%         do slave_error_list.append('Cipher %r is not supported.' % (cipher,)) %}
+{%       if cipher not in GOOD_CIPHER_LIST %}
+{%         if cipher in CIPHER_TRANSLATION_DICT %}
+{#           Real translation happens in instance-slave-list.cfg.in #}
+{%           do slave_warning_list.append('Cipher %r translated to %r' % (cipher, CIPHER_TRANSLATION_DICT[cipher])) %}
+{%         else %}
+{%           do slave_error_list.append('Cipher %r is not supported.' % (cipher,)) %}
+{%         endif %}
 {%       endif %}
 {%     endfor %}
 {%   endif %}

software/caddy-frontend/instance-output-schema.json → software/rapid-cdn/instance-output-schema.json

 {
   "$schema": "http://json-schema.org/draft-04/schema#",
-  "description": "Values returned by Caddy Frontend instanciation",
+  "description": "Values returned by Rapid.CDN instanciation",
   "properties": {
     "accepted-slave-amount": {
       "description": "Amount of Slaves allocated to the Instance which are deployed",

software/caddy-frontend/instance-slave-input-schema.json → software/rapid-cdn/instance-slave-input-schema.json

@@ -15,7 +15,7 @@
     },
     "type": {
       "default": "",
-      "description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster.",
+      "description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster. All frontends support websocket by default and under the hood, but switch to type:websocket allow to configure websocket-path-list and websocket-transparent options.",
       "enum": [
         "",
         "zope",
@@ -34,7 +34,7 @@
     },
     "enable_cache": {
       "default": "false",
-      "description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend Caddy and backend",
+      "description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend and backend",
       "enum": [
         "false",
         "true"
@@ -120,7 +120,7 @@
     },
     "websocket-transparent": {
       "default": "true",
-      "description": "If set to false, websocket slave will be without Caddy's transparent proxy mode. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.",
+      "description": "If set to false, websocket slave will be without passing X-Real-Ip, X-Forwarded-Proto and X-Forwarded-Port. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.",
       "enum": [
         "false",
         "true"
@@ -210,9 +210,9 @@
       "type": "integer"
     },
     "ciphers": {
-      "description": "List of ciphers. Empty defaults to cluster list of ciphers, which by default are Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
       "title": "Ordered space separated list of ciphers",
-      "type": "string"
+      "type": "string",
+      "default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
     },
     "authenticate-to-backend": {
       "description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",

software/caddy-frontend/instance-slave-output-schema.json → software/rapid-cdn/instance-slave-output-schema.json

 {
   "$schema": "http://json-schema.org/draft-04/schema#",
-  "description": "Values returned by Caddy Frontend instanciation",
+  "description": "Values returned by Rapid.CDN slave instanciation",
   "properties": {
     "domain": {
       "description": "Base domain used by the instance",

software/caddy-frontend/instance.cfg.in → software/rapid-cdn/instance.cfg.in

@@ -96,9 +96,8 @@ configuration.disk-cache-size = 8G
 configuration.ram-cache-size = 1G
 configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
 configuration.enable-http2-by-default = true
-configuration.ciphers =
+configuration.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA
 configuration.request-timeout = 600
-configuration.mpm-graceful-shutdown-timeout = 5
 configuration.frontend-name =
 configuration.backend-connect-timeout = 5
 configuration.backend-connect-retries = 3

software/caddy-frontend/software.cfg → software/rapid-cdn/software.cfg

@@ -3,11 +3,9 @@ extends =
   buildout.hash.cfg
   ../../stack/slapos.cfg
   ../../component/dash/buildout.cfg
-  ../../component/caddy/buildout.cfg
   ../../component/gzip/buildout.cfg
   ../../component/logrotate/buildout.cfg
   ../../component/trafficserver/buildout.cfg
-  ../../component/6tunnel/buildout.cfg
   ../../component/xz-utils/buildout.cfg
   ../../component/rsyslogd/buildout.cfg
   ../../component/haproxy/buildout.cfg
@@ -83,10 +81,11 @@ profile_slave_list = ${profile-slave-list:target}
 # templates
 template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
 template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target}
-template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target}
+template_frontend_haproxy_configuration = ${template-frontend-haproxy-configuration:target}
+template_frontend_haproxy_crt_list = ${template-frontend-haproxy-crt-list:target}
+template_frontend_haproxy_rsyslogd_conf = ${template-frontend-haproxy-rsyslogd-conf:target}
 template_lazy_script_call = ${template-lazy-script-call:target}
 template_configuration_state_script = ${template-configuration-state-script:target}
-template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
 template_empty = ${template-empty:target}
 template_graceful_script = ${template-graceful-script:target}
 template_not_found_html = ${template-not-found-html:target}
@@ -103,11 +102,10 @@ template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
 bin_directory = ${buildout:bin-directory}
 
 # files
-sixtunnel = ${6tunnel:location}
 nginx = ${nginx-output:nginx}
 nginx_mime = ${nginx-output:mime}
-caddy = ${caddy:output}
 haproxy_executable = ${haproxy:location}/sbin/haproxy
+haproxy_quic_executable = ${haproxy-quic:location}/sbin/haproxy
 rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
 curl = ${curl:location}
 dash = ${dash:location}
@@ -156,13 +154,13 @@ url = ${:_profile_base_location_}/${:filename}
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/${:_update_hash_filename_}
 
-[template-caddy-frontend-configuration]
+[template-frontend-haproxy-configuration]
 <=download-template
 
-[template-not-found-html]
+[template-frontend-haproxy-crt-list]
 <=download-template
 
-[template-default-slave-virtualhost]
+[template-not-found-html]
 <=download-template
 
 [template-backend-haproxy-configuration]
@@ -209,6 +207,9 @@ output = ${buildout:directory}/template-wrapper.cfg
 [template-expose-csr-nginx-conf]
 <=download-template
 
+[template-frontend-haproxy-rsyslogd-conf]
+<=download-template
+
 [versions]
 kedifa = 0.0.6
 # Modern KeDiFa requires zc.lockfile

software/caddy-frontend/software.cfg.json → software/rapid-cdn/software.cfg.json

 {
-  "description": "Caddy Frontend",
-  "name": "Caddy Frontend",
+  "description": "Rapid.CDN",
+  "name": "Rapid.CDN",
   "serialisation": "xml",
   "software-type": {
     "custom-personal": {

software/caddy-frontend/templates/backend-haproxy.cfg.in → software/rapid-cdn/templates/backend-haproxy.cfg.in

@@ -60,6 +60,8 @@ frontend http-backend
   bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
   http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
   http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
+  # setup Date
+  http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
 {%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'http', False) }}
 {%- endfor %}
@@ -71,12 +73,14 @@ frontend https-backend
   bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
   http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
   http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
+  # setup Date
+  http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
 {%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'https', False) }}
 {%- endfor %}
 {%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'https', True) }}
-{%- endfor %}
+{% endfor %}
 
 {%- for slave_instance in backend_slave_list %}
 {%-   for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
@@ -122,7 +126,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
 {%-           do active_check_list.append('rise %s' % (slave_instance['health-check-rise'])) %}
 {%-           do active_check_list.append('fall %s' % (slave_instance['health-check-fall'])) %}
 {%-           if slave_instance['health-check-http-method'] != 'CONNECT' %}
-{%-             do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode, slave_instance['health-check-http-version'])) %}
+{%-             do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode | replace('%', '%%'), slave_instance['health-check-http-version'])) %}
 {%-           endif %}
 {%-           do active_check_option_list.append('timeout check %ss' % (slave_instance['health-check-timeout'])) %}
 {%-         endif %}
@@ -191,4 +195,5 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover
 {%-       endif %}
 {%-     endif %}
 {%-   endfor %}
-{%- endfor %}
+{% endfor %}
+{# END OF FILE #}

software/caddy-frontend/templates/default-virtualhost.conf.in → software/rapid-cdn/templates/default-virtualhost.conf.in

@@ -2,11 +2,6 @@
 {%- if slave_parameter['prefer-gzip-encoding-to-backend'] %}
 {%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
 {%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
-{%- if slave_parameter['path'].strip().strip('/') %}
-{%-   set zope_path = slave_parameter['path'].strip().strip('/') ~ '/' %}
-{%- else %}
-{%-   set zope_path = '' %}
-{%- endif %}
 {%- set http_host_list = [] %}
 {%- set https_host_list = [] %}
 {%- for host in slave_parameter['host_list'] %}
@@ -16,32 +11,11 @@
 
 {%- macro proxy_header() %}
     timeout {{ slave_parameter['request-timeout'] }}s
-    # force reset of X-Forwarded-For
-    header_upstream X-Forwarded-For {remote}
     # workaround for lost connection to haproxy by reconnecting
     try_duration 3s
     try_interval 250ms
-    header_upstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
-{%-   if not slave_parameter['disable-via-header'] %}
-    header_downstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
-{%-   endif %}
 {%- endmacro %} {# proxy_header #}
 
-{%- macro hsts_header(tls) %}
-{%-   if tls %}
-{%-     if slave_parameter['strict-transport-security'] > 0 %}
-{%-       set strict_transport_security = ['max-age=%i' % (slave_parameter['strict-transport-security'],)] %}
-{%-       if slave_parameter['strict-transport-security-sub-domains'] %}
-{%-         do strict_transport_security.append('; includeSubDomains') %}
-{%-       endif %}
-{%-       if slave_parameter['strict-transport-security-preload'] %}
-{%-         do strict_transport_security.append('; preload') %}
-{%-       endif %}
-    header_downstream Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
-{%-     endif %}
-{%-   endif %}
-{%- endmacro %} {# hsts_header #}
-
 {%- for tls in [True, False] %}
 {%- if tls %}
 {%-   set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %}
@@ -55,16 +29,6 @@
   bind {{ slave_parameter['local_ipv4'] }}
 {%- if tls %}
   tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
-{%- if slave_parameter['ciphers'] %}
-    ciphers {{ slave_parameter['ciphers'] }}
-{%- endif %}
-{%- if slave_parameter['enable_h2'] %}
-    # Allow http2
-    alpn h2 http/1.1
-{%- else %} {#- if slave_parameter['enable_h2'] #}
-    # Disallow HTTP2
-    alpn http/1.1
-{%- endif %} {#- if slave_parameter['enable_h2'] #}
   } {# tls #}
 {%- endif %} {#- if tls #}
   log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
@@ -100,75 +64,10 @@
   redir 302 {
     / https://{host}{rewrite_uri}
   }
-{%- elif slave_parameter['type'] ==  'zope' and backend_url %}
-  # Zope configuration
-{%-   for (proxy_name, proxy_comment) in proxy_append_list %}
-  # {{ proxy_comment }}
-  proxy "/{{ proxy_name }}" {{ backend_url }} {
-{{ proxy_header() }}
-{{ hsts_header(tls) }}
-{%-     if proxy_name == 'prefer-gzip' %}
-    without /prefer-gzip
-    header_upstream Accept-Encoding gzip
-{%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
-{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
-    # Remove cookie {{ disabled_cookie }} from client Cookies
-    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
-{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
-
-{%-   if slave_parameter['disable-via-header'] %}
-    header_downstream -Via
-{%-   endif %} {#-   if slave_parameter['disable-via-header'] #}
-
-{%-   if slave_parameter['disable-no-cache-request'] %}
-    header_upstream -Cache-Control
-    header_upstream -Pragma
-{%-   endif %} {#-   if slave_parameter['disable-no-cache-request'] #}
-    transparent
-  } {# proxy #}
-{%-   endfor %} {#-   for (proxy_name, proxy_comment) in proxy_append_list #}
-  {%- if slave_parameter['default-path'] %}
-  redir 301 {
-    if {path} is /
-    / {scheme}://{host}/{{ slave_parameter['default-path'] }}
-  } {# redir #}
-  {%- endif %} {#- if slave_parameter['default-path'] #}
-{%- if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
-  rewrite {
-    regexp (.*)
-    if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
-{%- if tls %}
-    to /prefer-gzip/VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- else %}
-    to /prefer-gzip/VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- endif %}
   }
   rewrite {
     regexp (.*)
     if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
-{%- if tls %}
-    to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- else %}
-    to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- endif %}
-  }
-{%- else %}
-  rewrite {
-    regexp (.*)
-{%- if tls %}
-    to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- else %}
-    to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- endif %}
-  } {# rewrite #}
-{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
-{%- elif slave_parameter['type'] == 'redirect' %}
-{%-   if backend_url %}
-  # Redirect configuration
-  redir 302 {
-    /  {{ backend_url }}{rewrite_uri}
-  }
-{%-   endif %}
 {%- elif slave_parameter['type'] == 'notebook' %}
   proxy / {{ backend_url }} {
 {{ proxy_header() }}
@@ -186,36 +85,6 @@
     websocket
     without /proxy/
   }
-{%- elif slave_parameter['type'] == 'websocket' %}
-{%-   if slave_parameter['websocket-path-list'] %}
-  proxy / {{ backend_url }} {
-{{ proxy_header() }}
-{{ hsts_header(tls) }}
-{%-     if slave_parameter['websocket-transparent'] %}
-    transparent
-{%-     else %}
-    header_upstream Host {host}
-{%-     endif %}
-  }
-{%-     for websocket_path in slave_parameter['websocket-path-list'] %}
-  proxy "/{{ websocket_path }}" {{ backend_url }} {
-{{ proxy_header() }}
-{{ hsts_header(tls) }}
-    websocket
-{%-       if slave_parameter['websocket-transparent'] %}
-    transparent
-{%-       else %}
-    header_upstream Host {host}
-{%-       endif %}
-  }
-{%-     endfor %}
-{%-   else %}
-  proxy / {{ backend_url }} {
-{{ proxy_header() }}
-{{ hsts_header(tls) }}
-    websocket
-{%-   if slave_parameter['websocket-transparent'] %}
-    transparent
 {%-   else %}
     header_upstream Host {host}
 {%-   endif %}
@@ -223,12 +92,6 @@
 {%-   endif %}
 {%- else %} {#- if slave_parameter['type'] ==  'zope' and backend_url #}
   # Default configuration
-{%-   if slave_parameter['default-path'] %}
-  redir 301 {
-    if {path} is /
-    / {scheme}://{host}/{{ slave_parameter['default-path'] }}
-  }  {# redir #}
-{%-   endif %} {#-   if slave_parameter['default-path'] #}
 {%-   if backend_url %}
 
 {%-   for (proxy_name, proxy_comment) in proxy_append_list %}

software/rapid-cdn/templates/frontend-haproxy-crt-list.in

+{%- for slave in frontend_slave_list %}
+{%-   set entry_list = [] %}
+{%-   set sslbindconf = [] %}
+{#-   <crtfile> #}
+{%-   do entry_list.append(slave['certificate']) %}
+{%-   if slave['ciphers'] %}
+{%-     do sslbindconf.append('ciphers %s' % (slave['ciphers']),) %}
+{%-   endif %}
+{%-   if slave['enable_h2'] %}
+{%-     do sslbindconf.append('alpn h2,http/1.1,http/1.0') %}
+{%-   else %}
+{%-     do sslbindconf.append('alpn http/1.1,http/1.0') %}
+{%-   endif %}
+{%-   do entry_list.append('[' + ' '.join(sslbindconf) + ']') %}
+{#-   <snifilter> #}
+{%-   do entry_list.extend(slave['host_list']) %}
+{{-    ' '.join(entry_list) }}
+{% endfor -%}
+# Fallback to default certificate
+{{ configuration['master-certificate'] }}
+# END OF FILE

software/rapid-cdn/templates/frontend-haproxy-rsyslogd.conf.in

+module(
+  load="imuxsock"
+  SysSock.Name="{{ configuration['log-socket'] }}")
+
+# Just simply output the raw line without any additional information, as
+# haproxy emits enough information by itself
+# Also cut out first empty space in msg, which is related to rsyslogd
+# internal and end up cutting on 8k, as it's default of $MaxMessageSize
+template(name="rawoutput" type="string" string="%msg:2:8192%\n")
+$ActionFileDefaultTemplate rawoutput
+
+$FileCreateMode 0600
+$DirCreateMode 0700
+$Umask 0022
+
+$WorkDirectory {{ configuration['spool-directory'] }}
+
+# Setup logging per slave, by extracting the slave name from the log stream
+{%- set regex = "^\\\\s*(\\\\S.*)-https{0,1} (.*)" %}
+# Extract file name part from 1st match
+template(name="extract_slave_name" type="string" string="%msg:R,ERE,1,FIELD:{{ regex }}--end%")
+set $!slave_name = exec_template("extract_slave_name");
+template(name="slave_output" type="string" string="{{ configuration['slave-log-directory'] }}/%$!slave_name%_access_log")
+# Output only 2nd match, add the newline in the ned
+template(name="haproxy_slave_line" type="string" string="%msg:R,ERE,2,FIELD:{{ regex }}--end%\n")
+# React on match
+if (re_match($msg, '{{ regex }}')) then {
+ action(type="omfile" dynaFile="slave_output" template="haproxy_slave_line")
+ stop
+}
+
+{#- emit all not catched messages to full log file #}
+*.* {{ configuration['log-file'] }}

software/caddy-frontend/templates/notfound.html → software/rapid-cdn/templates/notfound.html

+HTTP/1.0 404 Not Found
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
+
 <html>
 <head>
   <title>Instance not found</title>

software/caddy-frontend/test/setup.py → software/rapid-cdn/test/setup.py

@@ -27,11 +27,11 @@
 from setuptools import setup, find_packages
 
 version = '0.0.1.dev0'
-name = 'slapos.test.caddy-frontend'
+name = 'slapos.test.rapid-cdn'
 
 setup(name=name,
       version=version,
-      description="Test for SlapOS' Caddy Frontend",
+      description="Test for SlapOS' Rapid.CDN",
       maintainer="Nexedi",
       maintainer_email="info@nexedi.com",
       url="https://lab.nexedi.com/nexedi/slapos",

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00cluster_request_instance_parameter_dict.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00cluster_request_instance_parameter_dict.txt

@@ -104,6 +104,8 @@
       "cluster-identification": "testing partition 0",
       "domain": "example.com",
       "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00file_list_log.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00file_list_log.txt

@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
-T-2/var/log/frontend-error.log
+T-2/var/log/frontend-haproxy.log
 T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
-T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00file_list_run.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00file_list_run.txt

@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00supervisor_state.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00supervisor_state.txt

@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin.txt

@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin.txt

@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00cluster_request_instance_parameter_dict.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00cluster_request_instance_parameter_dict.txt

@@ -106,6 +106,8 @@
       "domain": "example.com",
       "enable-http2-by-default": "false",
       "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00file_list_log.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00file_list_log.txt

@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
-T-2/var/log/frontend-error.log
+T-2/var/log/frontend-haproxy.log
 T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
-T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00file_list_run.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00file_list_run.txt

@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00supervisor_state.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00supervisor_state.txt

@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin.txt

@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin.txt → software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin.txt

@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00cluster_request_instance_parameter_dict.txt → software/rapid-cdn/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00cluster_request_instance_parameter_dict.txt

@@ -62,6 +62,8 @@
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
       "cluster-identification": "testing partition 0",
       "extra_slave_instance_list": "[]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00file_list_log.txt → software/rapid-cdn/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00file_list_log.txt

@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
-T-2/var/log/frontend-error.log
+T-2/var/log/frontend-haproxy.log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00file_list_run.txt → software/rapid-cdn/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00file_list_run.txt

@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00supervisor_state.txt → software/rapid-cdn/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00supervisor_state.txt

@@ -15,8 +15,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -25,8 +23,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_plugin.txt → software/rapid-cdn/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_plugin.txt

@@ -30,14 +30,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

software/caddy-frontend/test/test_data/test.TestMasterRequest.test00cluster_request_instance_parameter_dict.txt → software/rapid-cdn/test/test_data/test.TestMasterRequest.test00cluster_request_instance_parameter_dict.txt

@@ -60,6 +60,8 @@
       "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
       "cluster-identification": "testing partition 0",
       "extra_slave_instance_list": "[]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

software/caddy-frontend/test/test_data/test.TestMasterRequest.test00file_list_log.txt → software/rapid-cdn/test/test_data/test.TestMasterRequest.test00file_list_log.txt

@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
-T-2/var/log/frontend-error.log
+T-2/var/log/frontend-haproxy.log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

software/caddy-frontend/test/test_data/test.TestMasterRequest.test00file_list_run.txt → software/rapid-cdn/test/test_data/test.TestMasterRequest.test00file_list_run.txt

@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestMasterRequest.test00supervisor_state.txt → software/rapid-cdn/test/test_data/test.TestMasterRequest.test00supervisor_state.txt

@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_plugin.txt → software/rapid-cdn/test/test_data/test.TestMasterRequest.test_file_list_plugin.txt

@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00cluster_request_instance_parameter_dict.txt → software/rapid-cdn/test/test_data/test.TestMasterRequestDomain.test00cluster_request_instance_parameter_dict.txt

@@ -62,6 +62,8 @@
       "cluster-identification": "testing partition 0",
       "domain": "example.com",
       "extra_slave_instance_list": "[]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00file_list_log.txt → software/rapid-cdn/test/test_data/test.TestMasterRequestDomain.test00file_list_log.txt

@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
-T-2/var/log/frontend-error.log
+T-2/var/log/frontend-haproxy.log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00file_list_run.txt → software/rapid-cdn/test/test_data/test.TestMasterRequestDomain.test00file_list_run.txt

@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00supervisor_state.txt → software/rapid-cdn/test/test_data/test.TestMasterRequestDomain.test00supervisor_state.txt

@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_plugin.txt → software/rapid-cdn/test/test_data/test.TestMasterRequestDomain.test_file_list_plugin.txt

@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00cluster_request_instance_parameter_dict.txt → software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00cluster_request_instance_parameter_dict.txt

@@ -76,6 +76,8 @@
       "cluster-identification": "testing partition 0",
       "domain": "example.com",
       "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00file_list_log.txt → software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00file_list_log.txt

@@ -7,10 +7,7 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
-T-2/var/log/frontend-error.log
-T-2/var/log/httpd/_default_access_log
-T-2/var/log/httpd/_default_error_log
+T-2/var/log/frontend-haproxy.log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00file_list_run.txt → software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00file_list_run.txt

@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00supervisor_state.txt → software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00supervisor_state.txt

@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING