Commit e36bc39c authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

Update Release Candidate

parents 75f350ea f93bb882
...@@ -35,6 +35,11 @@ recipe = slapos.recipe.build ...@@ -35,6 +35,11 @@ recipe = slapos.recipe.build
shared = true shared = true
pyyaml = ${pyyaml-download:target} pyyaml = ${pyyaml-download:target}
pyaml = ${pyaml-download:target} pyaml = ${pyaml-download:target}
init =
# add the python executable in the options dict so that
# buildout signature changes if python executable changes
import sys
options['python-executable'] = sys.executable
install = install =
import os, sys import os, sys
......
...@@ -48,11 +48,20 @@ md5sum = dbf727a4b0e365bf88d97cbfde590016 ...@@ -48,11 +48,20 @@ md5sum = dbf727a4b0e365bf88d97cbfde590016
environment-extra = environment-extra =
# build Go without testing it # build Go without testing it
# NOTE go1.4 does not have build cache # NOTE go1.4 does not have build cache
make-targets= cd src && unset GOBIN && ./make.bash && cp -alf .. ${:location} setarch =
make-targets= cd src && unset GOBIN && ${:setarch} ./make.bash && cp -alf .. ${:location}
# go1.4 is used for bootstrap and does not support CGO
environment-extra =
CGO_ENABLED=0
# skip-chown-tests.patch does not apply to go1.4, but we don't run go1.4 tests. # skip-chown-tests.patch does not apply to go1.4, but we don't run go1.4 tests.
patches = patches =
# go1.4 does not have support for arm64 - build it in arm32 mode
[golang14:platform.machine() == 'aarch64']
setarch = setarch arm
[golang1.12] [golang1.12]
<= golang-common <= golang-common
......
...@@ -13,8 +13,8 @@ parts = haproxy ...@@ -13,8 +13,8 @@ parts = haproxy
[haproxy] [haproxy]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://www.haproxy.org/download/2.0/src/haproxy-2.0.29.tar.gz url = http://www.haproxy.org/download/2.6/src/haproxy-2.6.7.tar.gz
md5sum = a4c4983c7ed51946bdde1d0eceedd527 md5sum = cfa36413f2bc5187ab34ffcdf71914d4
configure-command = true configure-command = true
# for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET, # for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET,
# otherwise use "generic". # otherwise use "generic".
...@@ -22,22 +22,43 @@ configure-command = true ...@@ -22,22 +22,43 @@ configure-command = true
# CPU is generic, and not native, as in SlapOS software released are # CPU is generic, and not native, as in SlapOS software released are
# distributed in binary form, which may lead to incompatibility of such # distributed in binary form, which may lead to incompatibility of such
# compilation optimisation across various CPUs # compilation optimisation across various CPUs
TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
CPU=generic
ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
# By default haproxy is build w/o QUIC support
SSL_INC=${openssl:location}/include
SSL_LIB=${openssl:location}/lib
SSL_ADDLIB=-Wl,-rpath=${openssl:location}/lib
QUIC=
make-options = make-options =
TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)" TARGET=${:TARGET}
CPU=generic CPU=${:CPU}
ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')" ARCH=${:ARCH}
PREFIX=@@LOCATION@@ PREFIX=@@LOCATION@@
USE_DL=1 USE_DL=1
USE_LUA=1 USE_LUA=1
LUA_INC=${lua:location}/include LUA_INC=${lua:location}/include
LUA_LIB=${lua:location}/lib LUA_LIB=${lua:location}/lib
USE_OPENSSL=1 USE_OPENSSL=1
SSL_INC=${openssl:location}/include SSL_INC=${:SSL_INC}
SSL_LIB=${openssl:location}/lib SSL_LIB=${:SSL_LIB}
${:QUIC}
USE_PCRE=1 USE_PCRE=1
USE_ZLIB=1 USE_ZLIB=1
ZLIB_INC=${zlib:location}/include ZLIB_INC=${zlib:location}/include
ZLIB_LIB=${zlib:location}/lib ZLIB_LIB=${zlib:location}/lib
ADDLIB="-Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib" ADDLIB="${:SSL_ADDLIB} -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
environment = environment =
PATH=${pcre:location}/bin:%(PATH)s PATH=${pcre:location}/bin:%(PATH)s
[haproxy-quic]
<= haproxy
SSL_INC=${openssl-quictls:location}/include
SSL_LIB=${openssl-quictls:location}/lib
SSL_ADDLIB=-Wl,-rpath=${openssl-quictls:location}/lib
QUIC=USE_QUIC=1
[buildout] [buildout]
extends = extends =
buildout.hash.cfg buildout.hash.cfg
../../stack/slapos.cfg ../../stack/slapos.cfg
../openssl/buildout.cfg ../openssl/buildout.cfg
...@@ -62,48 +62,26 @@ context = ...@@ -62,48 +62,26 @@ context =
[versions] [versions]
Pygments = 2.2.0 Pygments = 2.2.0
astor = 0.5
backports-abc = 0.5
backports.shutil-get-terminal-size = 1.0.0
ipykernel = 4.5.2 ipykernel = 4.5.2
ipython = 5.3.0 ipython = 5.3.0
ipython-genutils = 0.1.0
ipywidgets = 6.0.0
jupyter-client = 5.0.0 jupyter-client = 5.0.0
jupyter-core = 4.3.0 jupyter-core = 4.3.0
jupyterlab = 0.26.3
jupyterlab-launcher = 0.3.1
matplotlib = 2.1.2
mistune = 0.7.3 mistune = 0.7.3
nbformat = 4.3.0 nbformat = 4.3.0
notebook = 4.4.1 notebook = 4.4.1
prompt-toolkit = 1.0.13 prompt-toolkit = 1.0.13
ptyprocess = 0.5.1
pyzmq = 16.0.2 pyzmq = 16.0.2
scikit-learn = 0.18.1 scikit-learn = 0.18.1
seaborn = 0.7.1
simplegeneric = 0.8.1
statsmodels = 0.8.0 statsmodels = 0.8.0
terminado = 0.6 terminado = 0.6
tornado = 4.4.2 tornado = 4.4.2
widgetsnbextension = 2.0.0 traitlets = 4.3.3
# nbconvert 4.2.0 depends on entrypoints egg that is not available as tar/zip source. # nbconvert 4.2.0 depends on entrypoints egg that is not available as tar/zip source.
nbconvert = 4.1.0 nbconvert = 4.1.0
pathlib2 = 2.2.1 pathlib2 = 2.2.1
patsy = 0.4.1 patsy = 0.4.1
pexpect = 4.2.1 pexpect = 4.2.1
pickleshare = 0.7.4
scandir = 1.5 scandir = 1.5
singledispatch = 3.4.0.3
wcwidth = 0.1.7 wcwidth = 0.1.7
jupyter = 1.0.0
jupyter-console = 5.1.0 jupyter-console = 5.1.0
qtconsole = 4.3.0
et-xmlfile = 1.0.1
h5py = 2.7.1
mpmath = 1.0.0
openpyxl = 2.5.2
sympy = 1.1.1
xlrd = 1.1.0
jdcal = 1.4
...@@ -63,24 +63,24 @@ setup-eggs = ...@@ -63,24 +63,24 @@ setup-eggs =
${numpy:egg} ${numpy:egg}
${python-pyzmq:egg} ${python-pyzmq:egg}
${ipython:egg} ${ipython:egg}
scripts = scripts =
jupyter-kernelspec jupyter-kernelspec
pythonjupyter pythonjupyter
jupyter jupyter
jupyter-trust jupyter-trust
jupyter-nbconvert
jupyter-console jupyter-console
jupyter-migrate jupyter-migrate
jupyter-troubleshoot jupyter-troubleshoot
jupyter-run jupyter-run
[jupyter-notebook-initialized-scripts] [jupyter-notebook-initialized-scripts]
recipe = zc.recipe.egg:scripts recipe = zc.recipe.egg:scripts
eggs = ${jupyter:eggs} eggs = ${jupyter:eggs}
environment = jupyter-env environment = jupyter-env
scripts = scripts =
jupyter-nbconvert
jupyter-nbextension jupyter-nbextension
jupyter-notebook jupyter-notebook
jupyter-serverextension jupyter-serverextension
......
[buildout] [buildout]
extends =
../patch/buildout.cfg
parts = parts =
libiconv libiconv
[libiconv] [libiconv]
patch-binary = ${patch:location}/bin/patch
patch-options = -p1
patches =
${:_profile_base_location_}/libiconv.gets.patch#8a20d8afe0617fce56f77537d2b84621
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz url = http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.17.tar.gz
md5sum = e34509b1623cec449dfeb73d7ce9c6c6 md5sum = d718cd5a59438be666d1575855be72c3
--- libiconv-1.14.orig/srclib/stdio.in.h 2011-08-07 13:42:06.000000000 +0000
+++ libiconv-1.14/srclib/stdio.in.h 2013-01-09 19:56:21.115819812 +0000
@@ -680,22 +680,7 @@
#endif
#if @GNULIB_GETS@
-# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
-# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
-# undef gets
-# define gets rpl_gets
-# endif
-_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1)));
-_GL_CXXALIAS_RPL (gets, char *, (char *s));
-# else
-_GL_CXXALIAS_SYS (gets, char *, (char *s));
-# undef gets
-# endif
-_GL_CXXALIASWARN (gets);
-/* It is very rare that the developer ever has full control of stdin,
- so any use of gets warrants an unconditional warning. Assume it is
- always declared, since it is required by C89. */
-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#undef gets
#endif
...@@ -46,6 +46,11 @@ make-targets = ...@@ -46,6 +46,11 @@ make-targets =
environment = environment =
PERL=${perl:location}/bin/perl PERL=${perl:location}/bin/perl
[openssl-quictls]
<= openssl
url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1s+quic1.tar.gz
md5sum = 8ee8e1828879e2b527eca5dcc7923769
[openssl-output] [openssl-output]
# Shared binary location to ease migration # Shared binary location to ease migration
recipe = plone.recipe.command recipe = plone.recipe.command
......
...@@ -18,7 +18,7 @@ parts = ...@@ -18,7 +18,7 @@ parts =
python3 python3
[python3] [python3]
<= python3.8 <= python3.9
[python3-common] [python3-common]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
......
[buildout]
parts =
selenium
[selenium]
recipe = zc.recipe.egg
egg = selenium
# patch to support python3.9
selenium-patches = https://github.com/SeleniumHQ/selenium/commit/ddd163b681776292a72c39352581cf5c9d4f88f4.patch#c801fade1cd2019c063a0f0ef7cca3fe
selenium-patch-options = -p2
[versions]
selenium = 3.141.0+SlapOSPatched001
...@@ -38,6 +38,7 @@ environment = ...@@ -38,6 +38,7 @@ environment =
PATH=${nodejs:location}/bin:${pkgconfig:location}/bin:${python3:location}/bin:%(PATH)s PATH=${nodejs:location}/bin:${pkgconfig:location}/bin:${python3:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${libsecret:pkg-config-path} PKG_CONFIG_PATH=${libsecret:pkg-config-path}
LDFLAGS=-Wl,-rpath=${libsecret:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib LDFLAGS=-Wl,-rpath=${libsecret:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib
NODE_OPTIONS=--max_old_space_size=4096
pre-configure = pre-configure =
mkdir -p $TMPDIR mkdir -p $TMPDIR
echo '${package.json:content}' > %(location)s/package.json echo '${package.json:content}' > %(location)s/package.json
......
...@@ -97,8 +97,8 @@ environment = ...@@ -97,8 +97,8 @@ environment =
[xcbproto] [xcbproto]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = https://xcb.freedesktop.org/dist/xcb-proto-1.13.tar.bz2 url = https://xcb.freedesktop.org/dist/xcb-proto-1.15.1.tar.gz
md5sum = abe9aa4886138150bbc04ae4f29b90e3 md5sum = 3ee98337cda244996fab03df47e09df8
environment = environment =
PATH=${libxml2:location}/bin:%(PATH)s PATH=${libxml2:location}/bin:%(PATH)s
PYTHON=${buildout:executable} PYTHON=${buildout:executable}
......
...@@ -7,7 +7,7 @@ extends = ...@@ -7,7 +7,7 @@ extends =
../../stack/monitor/buildout.cfg ../../stack/monitor/buildout.cfg
../../stack/slapos.cfg ../../stack/slapos.cfg
parts = parts =
beremiz-source beremiz-source
slapos-cookbook slapos-cookbook
instance-profile instance-profile
...@@ -95,7 +95,6 @@ Automat = 0.3.0 ...@@ -95,7 +95,6 @@ Automat = 0.3.0
zope.interface = 4.4.2 zope.interface = 4.4.2
Nevow = 0.14.5 Nevow = 0.14.5
PyHamcrest = 2.0.2 PyHamcrest = 2.0.2
Pygments = 2.9.0
Pyro = 3.16 Pyro = 3.16
bitarray = 2.1.3 bitarray = 2.1.3
constantly = 15.1.0 constantly = 15.1.0
...@@ -103,7 +102,6 @@ future = 0.18.2 ...@@ -103,7 +102,6 @@ future = 0.18.2
hyperlink = 21.0.0 hyperlink = 21.0.0
incremental = 21.3.0 incremental = 21.3.0
pathlib = 1.0.1 pathlib = 1.0.1
prompt-toolkit = 3.0.19
zeroconf-py2compat = 0.19.10 zeroconf-py2compat = 0.19.10
# Required by: # Required by:
......
Changes
=======
Here are listed the most important changes, which might affect upgrades.
1.0.XXX (XXXX-XX-XX)
--------------------
* fix: exposed log file names are stabilised
* feature: in case of not found instance more information are provided
* feature: telemetry is fully disabled
* feature: Apache Traffic Server 8.0 is used
* feature: backend-haproxy statistic for haproxy's frontend is available
* fix: slave publication has been fixed in case of mixed case slave reference
* feature: running test/test.py resolves with starting backend used in tests
* fix: automatic caucase-updater usage has been fixed
* fix/workaround: reconnect to backend-haproxy from Caddy and Apache Traffic Server
* fix/feature: use explicitly Apache Traffic Server simulation of stale-if-error, as in reality Apache Traffic Server does not support it
* feature: dropped not used parameters
* feature: Strict-Transport-Security aka HSTS
* fix: use kedifa with with for file with multiple CAs
* feature: support query string (the characters after ? in the url) in url and https-url
* fix: by having unique acl names fix rare bug of directing traffic to https-url instead of url or otherwise
* feature: failover backend
1.0.164 (2020-09-24)
--------------------
* feature: serve a stale result up to 1 day if the origin server is down
* feature: request real frontend for slave introspection (aka log access)
* fix: Kedifa reloading, it was resulting with kedifa server disallowing access after some time
* feature: allow to set software release for each node, instead for the whole cluster
* fix: haproxy matches correct hostname in case of wildcards, instead of using wildcard host instead of the specific one
1.0.160 (2020-08-25)
--------------------
* haproxy updated from 2.0.15 to 2.0.17 in order to fix issue while accessing inaccessible backends
1.0.159 (2020-07-30)
--------------------
* logs are ensured to be available in slave's ``log-access-url``
* logs from backend Haproxy are also available to slaves
1.0.158 (2020-07-24)
--------------------
* manual customisation of profiles has been dropped, as not used, dropped keys are ``apache_custom_http``, ``apache_custom_https``, ``caddy_custom_http``, ``caddy_custom_https`` from slaves and ``-frontend-authorized-slave-string`` from master
* ``re6st-optimal-test`` has been dropped from slave
* QUIC is dropped, as was not used and has been superseded by HTTP/3, dropped key is ``enable-quic`` from master
* haproxy is used as a gateway to backends:
* ``automatic-internal-backend-client-caucase-csr`` switch for master is introduced to control it CSR signing
* ``proxy-try-duration`` and ``proxy-try-interval`` has been dropped, as Caddy is not used anymore to connect to the backend, and instead ``backend-connect-timeout`` and ``backend-connect-retries`` is used, as it comes from Haproxy
* ``backend-client-caucase-url`` is returned in master and slave, so that backends can use caucase to fetch CA from frontend cluster
* ``request-timeout`` is supported per slave, as now it became possible
* ``authenticate-to-backend`` is added for master and slave, defaulting to False, to have control over cluster default authentication, and make it possible to do it per slave
1.0.149 (2020-05-05)
--------------------
* no changes noted
import {{ slave_configuration_directory }}/*.conf
:{{ https_port }} {
tls {{ master_certificate }} {{ master_certificate }} {
# Allow http2
alpn h2 http/1.1
}
bind {{ local_ipv4 }}
status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 10000000
}
errors {{ error_log }} {
rotate_size 10000000
* {{ not_found_file }}
}
}
:{{ http_port }} {
bind {{ local_ipv4 }}
status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 10000000
}
errors {{ error_log }} {
rotate_size 10000000
* {{ not_found_file }}
}
}
# Access to server-status Caddy-style
https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-certificate'] }} {
# Allow http2
alpn h2 http/1.1
}
bind {{ local_ipv4 }}
basicauth "{{ username }}" {{ password | trim }} {
"Server Status"
/
}
expvar
pprof
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 10000000
}
errors {{ error_log }} {
rotate_size 10000000
* {{ not_found_file }}
}
}
############################################################################## ##############################################################################
# #
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved. # Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
# #
# WARNING: This program as such is intended to be used by professional # WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential # programmers who take the whole responsibility of assessing all potential
...@@ -25,8 +25,10 @@ ...@@ -25,8 +25,10 @@
# #
############################################################################## ##############################################################################
import itertools
import json import json
import os import os
import sys
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
...@@ -45,9 +47,138 @@ def setUpModule(): ...@@ -45,9 +47,138 @@ def setUpModule():
setup_module_executed = True setup_module_executed = True
class ERP5InstanceTestCase(SlapOSInstanceTestCase): # Metaclass to parameterize our tests.
# This is a rough adaption of the parameterized package:
# https://github.com/wolever/parameterized
# Consult following note for rationale why we don't use parameterized:
# https://lab.nexedi.com/nexedi/slapos/merge_requests/1306
class ERP5InstanceTestMeta(type):
"""Adjust ERP5InstanceTestCase instances to be run in several flavours (e.g. NEO/ZEO)
Adjustements can be declared via setting the '__test_matrix__' attribute
of a test case.
A test matrix is a dict which maps the flavoured class name suffix to
a tuple of parameters.
A parameter is a function which receives the instance_parameter_dict
and modifies it in place (therefore no return value is needed).
You can use the 'matrix' helper function to construct a test matrix.
If .__test_matrix__ is 'None' the test case is ignored.
If the test case should be run without any adaptions, you can set
.__test_matrix__ to 'matrix((default,))'.
"""
def __new__(cls, name, bases, attrs):
base_class = super().__new__(cls, name, bases, attrs)
if base_class._isParameterized():
cls._parameterize(base_class)
return base_class
# _isParameterized tells whether class is parameterized.
# All classes with 'metaclass=ERP5InstanceTestMeta' are parameterized
# except from a class which has been automatically instantiated from
# such user class. This exception prevents infinite recursion due to
# a parameterized class which tries to parameterize itself again.
def _isParameterized(self):
return not getattr(self, '.created_by_parametrize', False)
# Create multiple test classes from single definition.
@classmethod
def _parameterize(cls, base_class):
mod_dict = sys.modules[base_class.__module__].__dict__
for class_name_suffix, parameter_tuple in (base_class.__test_matrix__ or {}).items():
parameterized_cls_dict = dict(
base_class.__dict__,
**{
# Avoid infinite loop by a parameterized class which
# parameterize itself again and again and..
".created_by_parametrize": True,
# Switch
#
# .getInstanceParameterDict to ._test_getInstanceParameterDict
# ._base_getInstanceParameterDict to .getInstanceParameterDict
#
# so that we could inject base implementation to be called above
# user-defined getInstanceParameterDict.
"_test_getInstanceParameterDict": base_class.getInstanceParameterDict,
"getInstanceParameterDict": cls._getParameterizedInstanceParameterDict(parameter_tuple)
}
)
name = f"{base_class.__name__}_{class_name_suffix}"
mod_dict[name] = type(name, (base_class,), parameterized_cls_dict)
# _getParameterizedInstanceParameterDict returns a modified version of
# a test cases original 'getInstanceParameterDict'. The modified version
# applies parameters on the default instance parameters.
@staticmethod
def _getParameterizedInstanceParameterDict(parameter_tuple):
@classmethod
def getInstanceParameterDict(cls):
instance_parameter_dict = json.loads(
cls._test_getInstanceParameterDict().get("_", r"{}")
)
[p(instance_parameter_dict) for p in parameter_tuple]
return {"_": json.dumps(instance_parameter_dict)}
return getInstanceParameterDict
# Hide tests in unpatched base class: It doesn't make sense to run tests
# in original class, because parameters have not been assigned yet.
#
# We can't simply call 'delattr', because this wouldn't remove
# inherited tests. Overriding dir is sufficient, because this is
# the way how unittest discovers tests:
# https://github.com/python/cpython/blob/3.11/Lib/unittest/loader.py#L237
def __dir__(self):
if self._isParameterized():
return [attr for attr in super().__dir__() if not attr.startswith('test')]
return super().__dir__()
def matrix(*parameter_tuple):
"""matrix creates a mapping of test_name -> parameter_tuple.
Each provided parameter_tuple won't be combined within itself,
but with any other provided parameter_tuple, for instance
>>> parameter_tuple0 = (param0, param1)
>>> parameter_tuple1 = (param2, param3)
>>> matrix(parameter_tuple0, parameter_tuple1)
will return all options of (param0 | param1) & (param2 | param3):
- param0_param2
- param0_param3
- param1_param2
- param1_param3
"""
return {
"_".join([p.__name__ for p in params]): params
for params in itertools.product(*parameter_tuple)
}
# Define parameters (function which receives instance params + modifies them).
#
# default runs tests without any adaption
def default(instance_parameter_dict): ...
def zeo(instance_parameter_dict):
instance_parameter_dict['zodb'] = [{"type": "zeo", "server": {}}]
def neo(instance_parameter_dict):
# We don't provide encryption certificates in test runs for the sake
# of simplicity. By default SSL is turned on, we need to explicitly
# deactivate it:
# https://lab.nexedi.com/nexedi/slapos/blob/a8150a1ac/software/neoppod/instance-neo-input-schema.json#L61-65
instance_parameter_dict['zodb'] = [{"type": "neo", "server": {"ssl": False}}]
class ERP5InstanceTestCase(SlapOSInstanceTestCase, metaclass=ERP5InstanceTestMeta):
"""ERP5 base test case """ERP5 base test case
""" """
__test_matrix__ = matrix((zeo, neo)) # switch between NEO and ZEO mode
@classmethod @classmethod
def getRootPartitionConnectionParameterDict(cls): def getRootPartitionConnectionParameterDict(cls):
"""Return the output paramters from the root partition""" """Return the output paramters from the root partition"""
......
...@@ -25,7 +25,7 @@ from slapos.testing.testcase import ManagedResource ...@@ -25,7 +25,7 @@ from slapos.testing.testcase import ManagedResource
from slapos.testing.utils import (CrontabMixin, ManagedHTTPServer, from slapos.testing.utils import (CrontabMixin, ManagedHTTPServer,
findFreeTCPPort) findFreeTCPPort)
from . import ERP5InstanceTestCase, setUpModule from . import ERP5InstanceTestCase, setUpModule, matrix, default
setUpModule # pyflakes setUpModule # pyflakes
...@@ -132,6 +132,12 @@ class CaucaseService(ManagedResource): ...@@ -132,6 +132,12 @@ class CaucaseService(ManagedResource):
class BalancerTestCase(ERP5InstanceTestCase): class BalancerTestCase(ERP5InstanceTestCase):
# We explicitly specify 'balancer' as our software type here,
# therefore we don't request ZODB. We therefore don't
# need to run these tests with both NEO and ZEO mode,
# it wouldn't make any difference.
# https://lab.nexedi.com/nexedi/slapos/blob/273037c8/stack/erp5/instance.cfg.in#L216-230
__test_matrix__ = matrix((default,))
@classmethod @classmethod
def getInstanceSoftwareType(cls): def getInstanceSoftwareType(cls):
......
############################################################################## ##############################################################################
# #
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved. # Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
# #
# WARNING: This program as such is intended to be used by professional # WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential # programmers who take the whole responsibility of assessing all potential
...@@ -46,7 +46,7 @@ import xmlrpc.client ...@@ -46,7 +46,7 @@ import xmlrpc.client
import urllib3 import urllib3
from slapos.testing.utils import CrontabMixin from slapos.testing.utils import CrontabMixin
from . import ERP5InstanceTestCase, setUpModule from . import ERP5InstanceTestCase, setUpModule, matrix, default
setUpModule # pyflakes setUpModule # pyflakes
...@@ -119,6 +119,7 @@ class TestDefaultParameters(ERP5InstanceTestCase, TestPublishedURLIsReachableMix ...@@ -119,6 +119,7 @@ class TestDefaultParameters(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
"""Test ERP5 can be instantiated with no parameters """Test ERP5 can be instantiated with no parameters
""" """
__partition_reference__ = 'defp' __partition_reference__ = 'defp'
__test_matrix__ = matrix((default,))
class TestMedusa(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin): class TestMedusa(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
...@@ -310,6 +311,7 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac ...@@ -310,6 +311,7 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac
"""Test override zope node parameters """Test override zope node parameters
""" """
__partition_reference__ = 'override' __partition_reference__ = 'override'
__test_matrix__ = matrix((default,))
@classmethod @classmethod
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
......
...@@ -45,6 +45,9 @@ from slapos.testing.utils import getPromisePluginParameterDict ...@@ -45,6 +45,9 @@ from slapos.testing.utils import getPromisePluginParameterDict
from . import ERP5InstanceTestCase from . import ERP5InstanceTestCase
from . import setUpModule from . import setUpModule
from . import matrix
from . import default
setUpModule # pyflakes setUpModule # pyflakes
...@@ -52,6 +55,12 @@ class MariaDBTestCase(ERP5InstanceTestCase): ...@@ -52,6 +55,12 @@ class MariaDBTestCase(ERP5InstanceTestCase):
"""Base test case for mariadb tests. """Base test case for mariadb tests.
""" """
__partition_reference__ = 'm' __partition_reference__ = 'm'
# We explicitly specify 'mariadb' as our software type here,
# therefore we don't request ZODB. We therefore don't
# need to run these tests with both NEO and ZEO mode,
# it wouldn't make any difference.
# https://lab.nexedi.com/nexedi/slapos/blob/273037c8/stack/erp5/instance.cfg.in#L216-230
__test_matrix__ = matrix((default,))
@classmethod @classmethod
def getInstanceSoftwareType(cls): def getInstanceSoftwareType(cls):
......
# Copyright (C) 2021 Nexedi SA and Contributors. # Copyright (C) 2022 Nexedi SA and Contributors.
# #
# This program is free software: you can Use, Study, Modify and Redistribute # This program is free software: you can Use, Study, Modify and Redistribute
# it under the terms of the GNU General Public License version 3, or (at your # it under the terms of the GNU General Public License version 3, or (at your
...@@ -43,6 +43,18 @@ class TestWCFS(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin): ...@@ -43,6 +43,18 @@ class TestWCFS(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
""" """
__partition_reference__ = 'wcfs' __partition_reference__ = 'wcfs'
# Only run in ZEO mode; don't run with NEO.
# Current NEO/py and NEO/go versions have interoperability
# issues. Once these issues are fixed the following
# lines have to be removed so that test case runs agains NEO.
# Please see the following MR for more context:
# https://lab.nexedi.com/nexedi/slapos/merge_requests/1283#note_174854
@classmethod
def setUpClass(cls):
if json.loads(cls.getInstanceParameterDict()["_"])['zodb'][0]["type"] == "neo":
raise unittest.SkipTest("Not yet fixed WCFS+NEO interoperability issue.")
super().setUpClass()
@classmethod @classmethod
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return {'_': json.dumps({'wcfs': {'enable': True}})} return {'_': json.dumps({'wcfs': {'enable': True}})}
......
...@@ -46,7 +46,7 @@ from slapos.testing.testcase import ( ...@@ -46,7 +46,7 @@ from slapos.testing.testcase import (
makeModuleSetUpAndTestCaseClass, makeModuleSetUpAndTestCaseClass,
) )
old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.7/software/erp5/software.cfg' old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.8/software/erp5/software.cfg'
new_software_release_url = os.path.abspath( new_software_release_url = os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'software.cfg')) os.path.join(os.path.dirname(__file__), '..', 'software.cfg'))
......
...@@ -13,6 +13,7 @@ extends = ...@@ -13,6 +13,7 @@ extends =
../../component/nginx/buildout.cfg ../../component/nginx/buildout.cfg
../../component/openssl/buildout.cfg ../../component/openssl/buildout.cfg
../../component/curl/buildout.cfg ../../component/curl/buildout.cfg
../../component/selenium/buildout.cfg
./buildout.hash.cfg ./buildout.hash.cfg
parts = parts =
...@@ -36,7 +37,7 @@ parts = ...@@ -36,7 +37,7 @@ parts =
recipe = zc.recipe.egg recipe = zc.recipe.egg
eggs = eggs =
erp5.util erp5.util
selenium ${selenium:egg}
certifi certifi
${lxml-python:egg} ${lxml-python:egg}
interpreter = pythonwitheggs interpreter = pythonwitheggs
...@@ -126,6 +127,3 @@ output = ${buildout:directory}/template-nginx.cfg.in ...@@ -126,6 +127,3 @@ output = ${buildout:directory}/template-nginx.cfg.in
[template-runTestSuite] [template-runTestSuite]
<= macro-template <= macro-template
output = ${buildout:directory}/runTestSuite.in output = ${buildout:directory}/runTestSuite.in
[versions]
selenium = 3.141.0
...@@ -43,64 +43,3 @@ output = ${buildout:directory}/template.cfg ...@@ -43,64 +43,3 @@ output = ${buildout:directory}/template.cfg
[instance-jupyter] [instance-jupyter]
<= download-file-base <= download-file-base
[versions]
Pygments = 2.7.2
astor = 0.5
async-generator = 1.10
backports-abc = 0.5
backports.shutil-get-terminal-size = 1.0.0
bleach = 3.2.1
defusedxml = 0.6.0
entrypoints = 0.3
ipykernel = 5.3.4:whl
ipython = 5.3.0
ipython-genutils = 0.1.0
ipywidgets = 6.0.0
jupyter-client = 6.1.7
jupyter-core = 4.7.0
jupyterlab = 0.26.3
jupyterlab-launcher = 0.3.1
jupyterlab-pygments = 0.1.2
matplotlib = 2.1.2
mistune = 0.8.4
nest-asyncio = 1.4.3
nbclient = 0.5.1
nbformat = 5.0.8
notebook = 6.1.5
pandocfilters = 1.4.3
prompt-toolkit = 1.0.13
ptyprocess = 0.5.1
pyzmq = 20.0.0
scikit-learn = 0.20.4
seaborn = 0.7.1
simplegeneric = 0.8.1
statsmodels = 0.11.1
testpath = 0.4.4
terminado = 0.9.1
tornado = 6.1
traitlets = 5.0.5
webencodings = 0.5.1
widgetsnbextension = 2.0.0
Send2Trash = 1.5.0
argon2-cffi = 20.1.0
nbconvert = 6.0.7
pathlib2 = 2.2.1
patsy = 0.5.1
pexpect = 4.8.0
pickleshare = 0.7.4
prometheus-client = 0.9.0
scandir = 1.5
pytz = 2020.4
singledispatch = 3.4.0.3
wcwidth = 0.1.7
jupyter = 1.0.0
jupyter-console = 5.1.0
qtconsole = 4.3.0
et-xmlfile = 1.0.1
h5py = 2.7.1
mpmath = 1.0.0
openpyxl = 2.5.2
sympy = 1.1.1
xlrd = 1.1.0
jdcal = 1.4
...@@ -31,6 +31,7 @@ import json ...@@ -31,6 +31,7 @@ import json
import os import os
import requests import requests
import sqlite3 import sqlite3
import subprocess
from slapos.proxy.db_version import DB_VERSION from slapos.proxy.db_version import DB_VERSION
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
...@@ -268,3 +269,67 @@ class TestJupyterCustomAdditional(SelectMixin, InstanceTestCase): ...@@ -268,3 +269,67 @@ class TestJupyterCustomAdditional(SelectMixin, InstanceTestCase):
# clean up the fake master # clean up the fake master
r.destroyed() r.destroyed()
class TestIPython(InstanceTestCase):
converted_notebook = 'test.nbconvert.ipynb'
notebook_filename = 'test.ipynb'
test_sentence = 'test'
def setUp(self):
super().setUp()
notebook_source = {
"cells": [
{
"cell_type": "code",
"execution_count": None,
"metadata": {},
"outputs": [],
"source": [
"import sys\n",
"print('" + self.test_sentence + "')"
]
}
],
"metadata": {},
"nbformat": 4,
"nbformat_minor": 4
}
with open(self.notebook_filename, 'w') as notebook:
notebook.write(json.dumps(notebook_source))
def tearDown(self):
os.remove(self.notebook_filename)
if os.path.exists(self.converted_notebook):
os.remove(self.converted_notebook)
super().tearDown()
def test(self):
conversion_output = subprocess.check_output([
os.path.join(
self.computer_partition_root_path,
'software_release',
'bin',
'jupyter-nbconvert',
),
'--execute',
'--to',
'notebook',
self.notebook_filename,
], stderr=subprocess.STDOUT, text=True)
self.assertIn(
'[NbConvertApp] Converting notebook %s to notebook' % self.notebook_filename,
conversion_output,
)
self.assertRegex(
conversion_output,
r'\[NbConvertApp\] Writing \d+ bytes to %s' % self.converted_notebook
)
self.assertTrue(os.path.exists(self.converted_notebook))
with open(self.converted_notebook) as json_result:
self.assertEqual(
json.loads(json_result.read())['cells'][0]['outputs'][0]['text'][0],
self.test_sentence + '\n',
)
============== =========
Caddy Frontend Rapid.CDN
============== =========
Frontend system using Caddy, based on apache-frontend software release, allowing to rewrite and proxy URLs like myinstance.myfrontenddomainname.com to real IP/URL of myinstance. Software release which provides CDN - Content Delivery Network. It has a lot of features like:
Caddy Frontend works using the master instance / slave instance design. It means that a single main instance of Caddy will be used to act as frontend for many slaves. * provides cluster of exposed nodes in various regions
* handles zero knowledge for SSL certificates
This documentation covers only specific scenarios. Most of the parameters are described in `software.cfg.json <software.cfg.json>`_. * by using concept of SlapOS Master slaves allows user to request frontends with specific configuration
* provides various frontend types
Software type
=============
Caddy frontend is available in 4 software types:
* ``default`` : The standard way to use the Caddy frontend configuring everything with a few given parameters
* ``custom-personal`` : This software type allow each slave to edit its Caddy configuration file
* ``default-slave`` : XXX
* ``custom-personal-slave`` : XXX
This documentation is fully minimalistict, as `software.cfg.json <software.cfg.json>`_ contains most of explanations.
About frontend replication About frontend replication
========================== ==========================
...@@ -40,21 +33,19 @@ For example:: ...@@ -40,21 +33,19 @@ For example::
<parameter id="-frontend-type">custom-personal</parameter> <parameter id="-frontend-type">custom-personal</parameter>
<parameter id="-frontend-2-state">stopped</parameter> <parameter id="-frontend-2-state">stopped</parameter>
<parameter id="-sla-3-computer_guid">COMP-1234</parameter> <parameter id="-sla-3-computer_guid">COMP-1234</parameter>
<parameter id="-frontend-3-software-release-url">https://lab.nexedi.com/nexedi/slapos/raw/someid/software/caddy-frontend/software.cfg</parameter> <parameter id="-frontend-3-software-release-url">https://lab.nexedi.com/nexedi/slapos/raw/someid/software/rapid-cdn/software.cfg</parameter>
will request the third frontend on COMP-1234 and with SR https://lab.nexedi.com/nexedi/slapos/raw/someid/software/caddy-frontend/software.cfg. All frontends will be of software type ``custom-personal``. The second frontend will be requested with the state stopped. will request the third frontend on COMP-1234 and with SR https://lab.nexedi.com/nexedi/slapos/raw/someid/software/rapid-cdn/software.cfg. All frontends will be of software type ``custom-personal``. The second frontend will be requested with the state stopped.
*Note*: the way slaves are transformed to a parameter avoid modifying more than 3 lines in the frontend logic. *Note*: the way slaves are transformed to a parameter avoid modifying more than 3 lines in the frontend logic.
**Important NOTE**: The way you ask for slave to a replicate frontend is the same as the one you would use for the software given in "-frontend-quantity". Do not forget to use "replicate" for software type. XXXXX So far it is not possible to do a simple request on a replicate frontend if you do not know the software_guid or other sla-parameter of the master instance. In fact we do not know yet the software type of the "requested" frontends. TO BE IMPLEMENTED
How to deploy a frontend server How to deploy a frontend server
=============================== ===============================
This is to deploy an entire frontend server with a public IPv4. If you want to use an already deployed frontend to make your service available via ipv4, switch to the "Example" parts. This is to deploy an entire frontend server with a public IPv4. If you want to use an already deployed frontend to make your service available via ipv4, switch to the "Example" parts.
First, you will need to request a "master" instance of Caddy Frontend with: First, you will need to request a "master" instance of Rapid.CDN with:
* A ``domain`` parameter where the frontend will be available * A ``domain`` parameter where the frontend will be available
...@@ -65,10 +56,10 @@ like:: ...@@ -65,10 +56,10 @@ like::
<parameter id="domain">moulefrite.org</parameter> <parameter id="domain">moulefrite.org</parameter>
</instance> </instance>
Then, it is possible to request many slave instances (currently only from slapconsole, UI doesn't work yet) of Caddy Frontend, like:: Then, it is possible to request many slave instances (currently only from slapconsole, UI doesn't work yet) of Rapid.CDN , like::
instance = request( instance = request(
software_release=caddy_frontend, software_release=rapid_cdn,
partition_reference='frontend2', partition_reference='frontend2',
shared=True, shared=True,
partition_parameter_kw={"url":"https://[1:2:3:4]:1234/someresource"} partition_parameter_kw={"url":"https://[1:2:3:4]:1234/someresource"}
...@@ -81,11 +72,9 @@ Finally, the slave instance will be accessible from: https://someidentifier.moul ...@@ -81,11 +72,9 @@ Finally, the slave instance will be accessible from: https://someidentifier.moul
About SSL and SlapOS Master Zero Knowledge About SSL and SlapOS Master Zero Knowledge
========================================== ==========================================
**IMPORTANT**: One Caddy can not serve more than one specific SSL site and be compatible with obsolete browser (i.e.: IE8). See http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI **IMPORTANT**: Old browsers, like Internet Explorer 8, which do not supporting `SNI <http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI>`_ might not be able to use SSL based endpoints (https).
SSL keys and certificates are directly send to the frontend cluster in order to follow zero knowledge principle of SlapOS Master.
*Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate. This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs. *Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate. This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs.
Obtaining CA for KeDiFa Obtaining CA for KeDiFa
----------------------- -----------------------
...@@ -186,11 +175,11 @@ Using the IP given by the Master Instance. "domain" is a mandatory Parameter. ...@@ -186,11 +175,11 @@ Using the IP given by the Master Instance. "domain" is a mandatory Parameter.
port port
~~~~ ~~~~
Port used by Caddy. Optional parameter, defaults to 4443. Port used by Rapid.CDN. Optional parameter, defaults to 4443.
plain_http_port plain_http_port
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~
Port used by Caddy to serve plain http (only used to redirect to https). Port used by Rapid.CDN to serve plain http (only used to redirect to https).
Optional parameter, defaults to 8080. Optional parameter, defaults to 8080.
...@@ -247,7 +236,7 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be ...@@ -247,7 +236,7 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
redirected and accessible from the proxy:: redirected and accessible from the proxy::
instance = request( instance = request(
software_release=caddy_frontend, software_release=rapid_cdn,
software_type="RootSoftwareInstance", software_type="RootSoftwareInstance",
partition_reference='my frontend', partition_reference='my frontend',
shared=True, shared=True,
...@@ -265,7 +254,7 @@ https://[1:2:3:4:5:6:7:8]:1234 will be redirected and accessible from the ...@@ -265,7 +254,7 @@ https://[1:2:3:4:5:6:7:8]:1234 will be redirected and accessible from the
proxy:: proxy::
instance = request( instance = request(
software_release=caddy_frontend, software_release=rapid_cdn,
software_type="RootSoftwareInstance", software_type="RootSoftwareInstance",
partition_reference='my frontend', partition_reference='my frontend',
shared=True, shared=True,
...@@ -285,7 +274,7 @@ https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from ...@@ -285,7 +274,7 @@ https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
the proxy:: the proxy::
instance = request( instance = request(
software_release=caddy_frontend, software_release=rapid_cdn,
software_type="RootSoftwareInstance", software_type="RootSoftwareInstance",
partition_reference='my frontend', partition_reference='my frontend',
shared=True, shared=True,
...@@ -304,65 +293,13 @@ Simple Example ...@@ -304,65 +293,13 @@ Simple Example
Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be:: Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
instance = request( instance = request(
software_release=caddy_frontend, software_release=rapid_cdn,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
software_type="custom-personal",
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
Simple Cache Example - XXX - to be written
------------------------------------------
Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
instance = request(
software_release=caddy_frontend,
software_type="RootSoftwareInstance",
partition_reference='my frontend',
shared=True,
software_type="custom-personal",
partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234",
"domain": "www.example.org",
"enable_cache": "True",
Advanced example - XXX - to be written
--------------------------------------
Request slave frontend instance using custom apache configuration, willing to use cache and ssl certificates.
Listening to a custom domain and redirecting to /erp5/ so that
https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
the proxy::
instance = request(
software_release=caddy_frontend,
software_type="RootSoftwareInstance", software_type="RootSoftwareInstance",
partition_reference='my frontend', partition_reference='my frontend',
shared=True, shared=True,
software_type="custom-personal", software_type="custom-personal",
partition_parameter_kw={ partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234", "url":"https://[1:2:3:4:5:6:7:8]:1234",
"enable_cache":"true",
"type":"zope",
"path":"/erp5",
"domain":"example.org",
"ssl_key":"-----BEGIN RSA PRIVATE KEY-----
XXXXXXX..........XXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----",
"ssl_crt":'-----BEGIN CERTIFICATE-----
XXXXXXXXXXX.............XXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----',
"ssl_ca_crt":'-----BEGIN CERTIFICATE-----
XXXXXXXXX...........XXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----',
"ssl_csr":'-----BEGIN CERTIFICATE REQUEST-----
XXXXXXXXXXXXXXX.............XXXXXXXXXXXXXXXXXX
-----END CERTIFICATE REQUEST-----',
}
)
Promises Promises
======== ========
...@@ -415,8 +352,7 @@ Solution 2 (network capability) ...@@ -415,8 +352,7 @@ Solution 2 (network capability)
It is also possible to directly allow the service to listen on 80 and 443 ports using the following command:: It is also possible to directly allow the service to listen on 80 and 443 ports using the following command::
setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$CADDY_FRONTEND_SOFTWARE_RELEASE_MD5/go.work/bin/caddy setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$RAPID_CDN_SOFTWARE_RELEASE_MD5/parts/haproxy/sbin/haproxy
setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$CADDY_FRONTEND_SOFTWARE_RELEASE_MD5/parts/6tunnel/bin/6tunnel
Then specify in the master instance parameters: Then specify in the master instance parameters:
...@@ -450,7 +386,7 @@ Keep the naming in instance profiles: ...@@ -450,7 +386,7 @@ Keep the naming in instance profiles:
Instantiated cluster structure Instantiated cluster structure
------------------------------ ------------------------------
Instantiating caddy-frontend results with a cluster in various partitions: Instantiating Rapid.CDN results with a cluster in various partitions:
* master (the controlling one) * master (the controlling one)
* kedifa (contains kedifa server) * kedifa (contains kedifa server)
...@@ -458,20 +394,20 @@ Instantiating caddy-frontend results with a cluster in various partitions: ...@@ -458,20 +394,20 @@ Instantiating caddy-frontend results with a cluster in various partitions:
It means sites are served in ``frontend-node-N`` partition, and this partition is structured as: It means sites are served in ``frontend-node-N`` partition, and this partition is structured as:
* Caddy serving the browser [client-facing-caddy] * Haproxy serving the browser [client-facing-haproxy]
* (optional) Apache Traffic Server for caching [ats] * (optional) Apache Traffic Server for caching [ats]
* Haproxy as a way to communicate to the backend [backend-facing-haproxy] * Haproxy as a way to communicate to the backend [backend-facing-haproxy]
* some other additional tools (6tunnel, monitor, etc) * some other additional tools (monitor, etc)
In case of slaves without cache (``enable_cache = False``) the request will travel as follows:: In case of slaves without cache (``enable_cache = False``) the request will travel as follows::
client-facing-caddy --> backend-facing-haproxy --> backend client-facing-haproxy --> backend-facing-haproxy --> backend
In case of slaves using cache (``enable_cache = True``) the request will travel as follows:: In case of slaves using cache (``enable_cache = True``) the request will travel as follows::
client-facing-caddy --> ats --> backend-facing-haproxy --> backend client-facing-haproxy --> ats --> backend-facing-haproxy --> backend
Usage of Haproxy as a relay to the backend allows much better control of the backend, removes the hassle of checking the backend from Caddy and allows future developments like client SSL certificates to the backend or even health checks. Usage of Haproxy as a relay to the backend allows much better control of the backend, removes the hassle of checking the backend from frontend Haproxy and allows future developments like client SSL certificates to the backend or even health checks.
Kedifa implementation Kedifa implementation
--------------------- ---------------------
...@@ -487,7 +423,7 @@ If ``automatic-internal-kedifa-caucase-csr`` is enabled (by default it is) there ...@@ -487,7 +423,7 @@ If ``automatic-internal-kedifa-caucase-csr`` is enabled (by default it is) there
Support for X-Real-Ip and X-Forwarded-For Support for X-Real-Ip and X-Forwarded-For
----------------------------------------- -----------------------------------------
X-Forwarded-For and X-Real-Ip are transmitted to the backend, but only for IPv4 access to the frontend. In case of IPv6 access, the provided IP will be wrong, because of using 6tunnel. X-Forwarded-For and X-Real-Ip are transmitted to the backend.
Automatic Internal Caucase CSR Automatic Internal Caucase CSR
------------------------------ ------------------------------
...@@ -517,3 +453,30 @@ Having in mind such structure: ...@@ -517,3 +453,30 @@ Having in mind such structure:
In ``caucase-instance`` CAUCASE user is created by automatically signing one user certificate, which allows to sign service certificates. In ``caucase-instance`` CAUCASE user is created by automatically signing one user certificate, which allows to sign service certificates.
The ``csr-instance`` creates CSR, extracts the ID of the CSR, exposes it via HTTP and ask caucase on ``caucase-instance`` to sign it. The ``caucase-instance`` checks that exposed CSR id matches the one send to caucase and by using created user to signs it. The ``csr-instance`` creates CSR, extracts the ID of the CSR, exposes it via HTTP and ask caucase on ``caucase-instance`` to sign it. The ``caucase-instance`` checks that exposed CSR id matches the one send to caucase and by using created user to signs it.
Content-Type header
~~~~~~~~~~~~~~~~~~~
The ``Content-Type`` header is not modified by the CDN at all. Previous implementation based on Caddy software tried to guess it.
Date header
~~~~~~~~~~~
The ``Date`` is added only if not sent by the backend. It's done on backend-facing component and kept in caching component as is. Previous implementation was adding this header in the cache component.
websocket
~~~~~~~~~
All frontends are websocket aware now, and ``type:websocket`` parameter became optional. It's required if support for ``websocket-path-list`` or ``websocket-transparent`` is required.
Experimental QuicTLS
~~~~~~~~~~~~~~~~~~~~
`QuicTLS <https://github.com/quictls/openssl>`_ can be used instead of classic OpenSSL on given node by using parameter ``-frontend-i-experimental-haproxy-flavour`` and setting it to ``quic``. This allows to test out if there are any issues with QuicTLS are with normal usage.
Experimental QUIC
~~~~~~~~~~~~~~~~~
QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too.
Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS.
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = d408adbd12d4161c22fe9c29118fd83e md5sum = a7cd4f5e23208bd9bf37cec03ad92fcd
[profile-common] [profile-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,35 +22,35 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,35 +22,35 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend] [profile-frontend]
filename = instance-frontend.cfg.in filename = instance-frontend.cfg.in
md5sum = 7c966ea975cea4dcea09281466df8082 md5sum = daf89318c2c155132c34b91105c68806
[profile-master] [profile-master]
filename = instance-master.cfg.in filename = instance-master.cfg.in
md5sum = cfd5212f27696311f12c92dfce32cc59 md5sum = b026a6df40f3d1090ceaa3451a9293fe
[profile-slave-list] [profile-slave-list]
filename = instance-slave-list.cfg.in filename = instance-slave-list.cfg.in
md5sum = aba91817a1b58377597500f676603d23 md5sum = ca2e775e7bd2a96e46113a628461a46f
[profile-master-publish-slave-information] [profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in filename = instance-master-publish-slave-information.cfg.in
md5sum = cba4d995962f7fbeae3f61c9372c4181 md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-caddy-frontend-configuration] [template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/Caddyfile.in _update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = 9600df12af5787227825ddffd715b9cf md5sum = 4af0e29ac2399aac10de116b4fa3ac25
[template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in
md5sum = 13c294af9950939c76021eb19305f3ab
[template-not-found-html] [template-not-found-html]
_update_hash_filename_ = templates/notfound.html _update_hash_filename_ = templates/notfound.html
md5sum = 88af61e7abbf30dc99a1a2526161128d md5sum = d56e2cfab274cbbbe5b387f2f6e417df
[template-default-slave-virtualhost]
_update_hash_filename_ = templates/default-virtualhost.conf.in
md5sum = 57c86795293b11300a036f5f8cf2c868
[template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in _update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = 81c73a4995409acb548621e5fb11d481 md5sum = b4b55d931249f11e4e1256afeb74b503
[template-empty] [template-empty]
_update_hash_filename_ = templates/empty.in _update_hash_filename_ = templates/empty.in
...@@ -104,6 +104,10 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a ...@@ -104,6 +104,10 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
md5sum = d790e23ebf7b07bb245322629d402551 md5sum = d790e23ebf7b07bb245322629d402551
[template-frontend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
md5sum = 420f66264d4cd24070a5a7b325e09ccd
[template-backend-haproxy-rsyslogd-conf] [template-backend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
md5sum = ba91b7778c3d730353d42d7804ef8050 md5sum = ba91b7778c3d730353d42d7804ef8050
......
{% import "caucase" as caucase with context %} {% import "caucase" as caucase with context %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- if instance_parameter_dict.get('configuration.frontend-haproxy-flavour', 'basic') == 'quic' %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
{%- if instance_parameter_dict.get('configuration.frontend-haproxy-quic', 'false').lower() in TRUE_VALUES %}
{%- set FRONTEND_HAPROXY_QUIC = True %}
{%- else %}
{%- set FRONTEND_HAPROXY_QUIC = False %}
{%- endif %}
{%- else %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_executable'] %}
{%- set FRONTEND_HAPROXY_QUIC = False %}
{%- endif %}
{%- set BACKEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_executable'] %}
[buildout] [buildout]
extends = extends =
{{ software_parameter_dict['profile_common'] }} {{ software_parameter_dict['profile_common'] }}
...@@ -8,21 +20,13 @@ extends = ...@@ -8,21 +20,13 @@ extends =
parts = parts =
directory directory
logrotate-entry-caddy
caddy-frontend
software-py software-py
switch-frontend-softwaretype switch-frontend-softwaretype
caucase-updater caucase-updater
caucase-updater-promise caucase-updater-promise
backend-client-caucase-updater backend-client-caucase-updater
backend-client-caucase-updater-promise backend-client-caucase-updater-promise
frontend-caddy-graceful
port-redirection port-redirection
promise-frontend-caddy-configuration
promise-caddy-frontend-v4-https
promise-caddy-frontend-v4-http
promise-caddy-frontend-v6-https
promise-caddy-frontend-v6-http
promise-logrotate-setup promise-logrotate-setup
trafficserver-launcher trafficserver-launcher
...@@ -37,13 +41,23 @@ parts = ...@@ -37,13 +41,23 @@ parts =
trafficserver-promise-listen-port trafficserver-promise-listen-port
trafficserver-promise-cache-availability trafficserver-promise-cache-availability
cron-entry-logrotate-trafficserver cron-entry-logrotate-trafficserver
## Monitor for Caddy ## Monitor
monitor-base monitor-base
monitor-ats-cache-stats-wrapper monitor-ats-cache-stats-wrapper
monitor-traffic-summary-last-stats-wrapper monitor-traffic-summary-last-stats-wrapper
monitor-caddy-server-status-wrapper
monitor-verify-re6st-connectivity monitor-verify-re6st-connectivity
frontend-haproxy-rsyslogd-configuration
frontend-haproxy-rsyslogd
logrotate-entry-frontend-haproxy
frontend-haproxy
frontend-haproxy-graceful
promise-frontend-frontend-haproxy-configuration
promise-frontend-haproxy-v4-https
promise-frontend-haproxy-v4-http
promise-frontend-haproxy-v6-https
promise-frontend-haproxy-v6-http
backend-haproxy-rsyslogd-configuration backend-haproxy-rsyslogd-configuration
backend-haproxy-rsyslogd backend-haproxy-rsyslogd
logrotate-entry-backend-haproxy logrotate-entry-backend-haproxy
...@@ -147,6 +161,7 @@ backup = ${:srv}/backup ...@@ -147,6 +161,7 @@ backup = ${:srv}/backup
log = ${:var}/log log = ${:var}/log
run = ${:var}/run run = ${:var}/run
backend-haproxy-rsyslogd-spool = ${:run}/backend-haproxy-rsyslogd-spool backend-haproxy-rsyslogd-spool = ${:run}/backend-haproxy-rsyslogd-spool
frontend-haproxy-rsyslogd-spool = ${:run}/frontend-haproxy-rsyslogd-spool
service = ${:etc}/service service = ${:etc}/service
etc-run = ${:etc}/run etc-run = ${:etc}/run
...@@ -175,8 +190,6 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output ...@@ -175,8 +190,6 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output
[frontend-configuration] [frontend-configuration]
ip-access-certificate = ${self-signed-ip-access:certificate} ip-access-certificate = ${self-signed-ip-access:certificate}
caddy-ipv6 = {{ instance_parameter_dict['ipv6-random'] }}
caddy-https-port = ${configuration:port}
slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf
slave-introspection-https-port = ${configuration:slave-introspection-https-port} slave-introspection-https-port = ${configuration:slave-introspection-https-port}
slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access} slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access}
...@@ -187,7 +200,7 @@ recipe = plone.recipe.command ...@@ -187,7 +200,7 @@ recipe = plone.recipe.command
update-command = ${:command} update-command = ${:command}
ipv6 = ${slap-configuration:ipv6-random} ipv6 = ${slap-configuration:ipv6-random}
ipv4 = {{instance_parameter_dict['ipv4-random']}} ipv4 = {{instance_parameter_dict['ipv4-random']}}
certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt certificate = ${frontend-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
{#- Can be stopped on error, as does not rely on self provided service #} {#- Can be stopped on error, as does not rely on self provided service #}
stop-on-error = True stop-on-error = True
command = command =
...@@ -211,7 +224,7 @@ recipe = plone.recipe.command ...@@ -211,7 +224,7 @@ recipe = plone.recipe.command
update-command = ${:command} update-command = ${:command}
ipv6 = ${slap-configuration:ipv6-random} ipv6 = ${slap-configuration:ipv6-random}
ipv4 = {{instance_parameter_dict['ipv4-random']}} ipv4 = {{instance_parameter_dict['ipv4-random']}}
certificate = ${caddy-directory:master-autocert-dir}/fallback-access.crt certificate = ${frontend-directory:master-autocert-dir}/fallback-access.crt
{#- Can be stopped on error, as does not rely on self provided service #} {#- Can be stopped on error, as does not rely on self provided service #}
stop-on-error = True stop-on-error = True
command = command =
...@@ -244,7 +257,9 @@ context = ...@@ -244,7 +257,9 @@ context =
[software-release-path] [software-release-path]
template-empty = {{ software_parameter_dict['template_empty'] }} template-empty = {{ software_parameter_dict['template_empty'] }}
template-default-slave-virtualhost = {{ software_parameter_dict['template_default_slave_virtualhost'] }} template-frontend-haproxy-configuration = {{ software_parameter_dict['template_frontend_haproxy_configuration'] }}
template-frontend-haproxy-crt-list = {{ software_parameter_dict['template_frontend_haproxy_crt_list'] }}
template-frontend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_frontend_haproxy_rsyslogd_conf'] }}
template-backend-haproxy-configuration = {{ software_parameter_dict['template_backend_haproxy_configuration'] }} template-backend-haproxy-configuration = {{ software_parameter_dict['template_backend_haproxy_configuration'] }}
template-backend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_backend_haproxy_rsyslogd_conf'] }} template-backend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_backend_haproxy_rsyslogd_conf'] }}
template-expose-csr-nginx-conf = {{ software_parameter_dict['template_expose_csr_nginx_conf'] }} template-expose-csr-nginx-conf = {{ software_parameter_dict['template_expose_csr_nginx_conf'] }}
...@@ -357,114 +372,108 @@ backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] ...@@ -357,114 +372,108 @@ backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url']
partition_ipv6 = ${slap-configuration:ipv6-random} partition_ipv6 = ${slap-configuration:ipv6-random}
url-ready-file = ${directory:var}/url-ready.txt url-ready-file = ${directory:var}/url-ready.txt
extra-context = extra-context =
key caddy_configuration_directory caddy-directory:slave-configuration
key backend_client_caucase_url :backend-client-caucase-url key backend_client_caucase_url :backend-client-caucase-url
import furl_module furl import furl_module furl
import urllib_module urllib import urllib_module urllib
import operator_module operator import operator_module operator
key master_key_download_url :master_key_download_url key master_key_download_url :master_key_download_url
key autocert caddy-directory:autocert
key caddy_log_directory caddy-directory:slave-log
key url_ready_file :url-ready-file key url_ready_file :url-ready-file
key expose_csr_organization :organization key expose_csr_organization :organization
key expose_csr_organizational_unit :organizational-unit key expose_csr_organizational_unit :organizational-unit
key global_ipv6 slap-configuration:ipv6-random key global_ipv6 slap-configuration:ipv6-random
key empty_template software-release-path:template-empty key empty_template software-release-path:template-empty
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key template_expose_csr_nginx_conf software-release-path:template-expose-csr-nginx-conf key template_expose_csr_nginx_conf software-release-path:template-expose-csr-nginx-conf
key software_type :software_type key software_type :software_type
key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:output key frontend_lazy_graceful_reload frontend-haproxy-lazy-graceful:output
key monitor_base_url monitor-instance-parameter:monitor-base-url key monitor_base_url monitor-instance-parameter:monitor-base-url
key node_id frontend-node-id:value key node_id frontend-node-id:value
key version_hash version-hash:value key version_hash version-hash:value
key software_release_url version-hash:software-release-url key software_release_url version-hash:software-release-url
key node_information frontend-node-information:value key node_information frontend-node-information:value
key custom_ssl_directory caddy-directory:custom-ssl-directory
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:output key apache_certificate apache-certificate:output
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
key custom_ssl_directory frontend-directory:custom-ssl-directory
## frontend haproxy
key template_frontend_haproxy_configuration software-release-path:template-frontend-haproxy-configuration
key template_frontend_haproxy_crt_list software-release-path:template-frontend-haproxy-crt-list
## backend haproxy ## backend haproxy
key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration
## Configuration passed by section ## Configuration passed by section
section frontend_directory frontend-directory
section configuration configuration section configuration configuration
section frontend_haproxy_configuration frontend-haproxy-configuration
section backend_haproxy_configuration backend-haproxy-configuration section backend_haproxy_configuration backend-haproxy-configuration
section instance_parameter_dict instance-parameter-section section instance_parameter_dict instance-parameter-section
section frontend_configuration frontend-configuration section frontend_configuration frontend-configuration
section caddy_configuration caddy-configuration
section kedifa_configuration kedifa-configuration section kedifa_configuration kedifa-configuration
section software_parameter_dict software-parameter-section section software_parameter_dict software-parameter-section
# Deploy Caddy Frontend with Jinja power # Deploy frontend with Jinja power
[dynamic-caddy-frontend-template] [frontend-haproxy-rsyslogd-config]
< = jinja2-template-base log-socket = ${directory:run}/fhlog.sck
url = {{ software_parameter_dict['template_caddy_frontend_configuration'] }} log-file = ${directory:log}/frontend-haproxy.log
output = ${caddy-configuration:frontend-configuration} pid-file = ${directory:run}/frontend-haproxy-rsyslogd.pid
local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }} spool-directory = ${directory:frontend-haproxy-rsyslogd-spool}
graceful-command = kill -HUP $(cat ${:pid-file})
slave-log-directory = ${frontend-directory:slave-log}
[frontend-haproxy-rsyslogd-configuration]
<= jinja2-template-base
url = ${software-release-path:template-frontend-haproxy-rsyslogd-conf}
output = ${directory:etc}/frontend-haproxy-rsyslogd.conf
local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
extra-context = extra-context =
key instance_home buildout:directory key instance_home buildout:directory
key master_certificate caddy-configuration:master-certificate key master_certificate frontend-haproxy-configuration:master-certificate
key access_log caddy-configuration:access-log key access_log frontend-haproxy-configuration:access-log
key slave_configuration_directory caddy-directory:slave-configuration key slave_configuration_directory frontend-directory:slave-configuration
section frontend_configuration frontend-configuration section frontend_configuration frontend-configuration
key http_port configuration:plain_http_port key http_port configuration:plain_http_port
key https_port configuration:port key https_port configuration:port
key global_ipv6 slap-configuration:ipv6-random key global_ipv6 slap-configuration:ipv6-random
key local_ipv4 :local_ipv4 key local_ipv4 :local_ipv4
key error_log caddy-configuration:error-log key error_log frontend-haproxy-configuration:error-log
key not_found_file caddy-configuration:not-found-file
key username monitor-instance-parameter:username key username monitor-instance-parameter:username
key password monitor-htpasswd:passwd key password monitor-htpasswd:passwd
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
key apache_certificate apache-certificate:output key apache_certificate apache-certificate:output
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
section configuration frontend-haproxy-rsyslogd-config
[caddy-wrapper] [frontend-haproxy-rsyslogd]
recipe = slapos.recipe.template:jinja2
inline =
#!/bin/sh
export CADDYPATH=${directory:frontend_cluster}
ulimit -n $(ulimit -Hn)
exec {{ software_parameter_dict['caddy'] }} \
-conf ${dynamic-caddy-frontend-template:output} \
-log ${caddy-configuration:error-log} \
-log-roll-mb 0 \
-http2=true \
-grace {{ instance_parameter_dict['configuration.mpm-graceful-shutdown-timeout'] }}s \
-disable-http-challenge \
-disable-tls-alpn-challenge \
"$@"
output = ${directory:bin}/caddy-wrapper
[caddy-frontend]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = ${caddy-wrapper:output} -pidfile ${caddy-configuration:pid-file} command-line = {{ software_parameter_dict['rsyslogd_executable'] }} -i ${frontend-haproxy-rsyslogd-config:pid-file} -n -f ${frontend-haproxy-rsyslogd-configuration:output}
wrapper-path = ${directory:service}/frontend_caddy wrapper-path = ${directory:service}/frontend-haproxy-rsyslogd
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
hash-files = ${caddy-wrapper:output}
[not-found-html] [logrotate-entry-frontend-haproxy]
recipe = plone.recipe.command <= logrotate-entry-base
update-command = ${:command} name = frontend-haproxy
filename = notfound.html log = ${frontend-haproxy-rsyslogd-config:log-file}
command = ln -sf {{ software_parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename} rotate-num = ${configuration:rotate-num}
# Note: Slaves do not define their own reload, as this would be repeated,
[caddy-directory] # because sharedscripts work per entry, and each slave needs its own
recipe = slapos.cookbook:mkdirectory # olddir
document-root = ${directory:srv}/htdocs # Here we trust that there will be something to be rotated with error
slave-configuration = ${directory:etc}/caddy-slave-conf.d/ # or access log, and that this will trigger postrotate script.
slave-log = ${directory:log}/httpd post = ${frontend-haproxy-rsyslogd-lazy-graceful:output} &
autocert = ${directory:srv}/autocert delaycompress =
master-autocert-dir = ${:autocert}/master-autocert
custom-ssl-directory = ${:slave-configuration}/ssl
[caddy-configuration] [frontend-haproxy-configuration]
frontend-configuration = ${directory:etc}/Caddyfile file = ${directory:etc}/frontend-haproxy.cfg
crt-list = ${directory:etc}/frontend-haproxy-crt-list.txt
log-socket = ${frontend-haproxy-rsyslogd-config:log-socket}
access-log = ${directory:log}/frontend-access.log access-log = ${directory:log}/frontend-access.log
error-log = ${directory:log}/frontend-error.log error-log = ${directory:log}/frontend-error.log
pid-file = ${directory:run}/httpd.pid pid-file = ${directory:run}/httpd.pid
frontend-graceful-command = ${frontend-caddy-validate:output} && kill -USR1 $(cat ${:pid-file}) frontend-graceful-command = ${frontend-haproxy-validate:output} && kill -USR2 $(cat ${:pid-file})
not-found-file = ${caddy-directory:document-root}/${not-found-html:filename} not-found-file = {{ software_parameter_dict['template_not_found_html'] }}
master-certificate = ${caddy-directory:master-autocert-dir}/master.pem master-certificate = ${frontend-directory:master-autocert-dir}/master.pem
self-signed-fallback-certificate = ${self-signed-fallback-access:certificate}
http-port = ${configuration:plain_http_port}
https-port = ${configuration:port}
# Communication with ATS # Communication with ATS
cache-port = ${trafficserver-variable:input-port} cache-port = ${trafficserver-variable:input-port}
# slave instrspection # slave instrspection
...@@ -472,6 +481,10 @@ slave-introspection-access-log = ${directory:log}/slave-introspection-access.log ...@@ -472,6 +481,10 @@ slave-introspection-access-log = ${directory:log}/slave-introspection-access.log
slave-introspection-error-log = ${directory:log}/slave-introspection-error.log slave-introspection-error-log = ${directory:log}/slave-introspection-error.log
slave-introspection-pid-file = ${directory:run}/slave-introspection.pid slave-introspection-pid-file = ${directory:run}/slave-introspection.pid
slave-introspection-graceful-command = ${slave-introspection-validate:output} && kill -HUP $(cat ${:slave-introspection-pid-file}) slave-introspection-graceful-command = ${slave-introspection-validate:output} && kill -HUP $(cat ${:slave-introspection-pid-file})
local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value}
quic = {{ FRONTEND_HAPROXY_QUIC }}
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access] [get-self-signed-fallback-access]
...@@ -498,18 +511,13 @@ context = ...@@ -498,18 +511,13 @@ context =
output = ${directory:bbb-ssl-dir}/frontend.crt output = ${directory:bbb-ssl-dir}/frontend.crt
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
[logrotate-entry-caddy] [frontend-directory]
<= logrotate-entry-base recipe = slapos.cookbook:mkdirectory
name = caddy slave-configuration = ${directory:etc}/frontend-haproxy.d/
log = ${caddy-configuration:error-log} ${caddy-configuration:access-log} slave-log = ${directory:log}/httpd
rotate-num = ${configuration:rotate-num} autocert = ${directory:srv}/autocert
# Note: Slaves do not define their own reload, as this would be repeated, master-autocert-dir = ${:autocert}/master-autocert
# because sharedscripts work per entry, and each slave needs its own custom-ssl-directory = ${:slave-configuration}/ssl
# olddir
# Here we trust that there will be something to be rotated with error
# or access log, and that this will trigger postrotate script.
post = ${frontend-caddy-lazy-graceful:output} &
delaycompress =
################# #################
# Trafficserver # Trafficserver
...@@ -659,13 +667,13 @@ command = ${trafficserver-rotate-script:output} ...@@ -659,13 +667,13 @@ command = ${trafficserver-rotate-script:output}
### End of ATS sections ### End of ATS sections
### Caddy Graceful and promises ### Frontend Graceful and promises
[frontend-caddy-configuration-state] [frontend-haproxy-configuration-state]
< = jinja2-template-base < = jinja2-template-base
url = {{ software_parameter_dict['template_configuration_state_script'] }} url = {{ software_parameter_dict['template_configuration_state_script'] }}
output = ${directory:bin}/${:_buildout_section_name_} output = ${directory:bin}/${:_buildout_section_name_}
path_list = ${caddy-configuration:frontend-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt path_list = ${frontend-haproxy-configuration:file} ${frontend-haproxy-configuration:crt-list} ${frontend-directory:master-autocert-dir}/*.key ${frontend-directory:master-autocert-dir}/*.crt ${frontend-directory:master-autocert-dir}/*.pem ${frontend-directory:autocert}/*.pem ${frontend-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
sha256sum = {{ software_parameter_dict['sha256sum'] }} sha256sum = {{ software_parameter_dict['sha256sum'] }}
extra-context = extra-context =
...@@ -675,45 +683,60 @@ extra-context = ...@@ -675,45 +683,60 @@ extra-context =
key sha256sum :sha256sum key sha256sum :sha256sum
key signature_file :signature_file key signature_file :signature_file
[frontend-caddy-configuration-state-graceful] [frontend-haproxy-configuration-state-graceful]
< = frontend-caddy-configuration-state < = frontend-haproxy-configuration-state
signature_file = ${directory:run}/graceful_configuration_state_signature signature_file = ${directory:run}/graceful_configuration_state_signature
[frontend-caddy-configuration-state-validate] [frontend-haproxy-configuration-state-validate]
< = frontend-caddy-configuration-state < = frontend-haproxy-configuration-state
signature_file = ${directory:run}/validate_configuration_state_signature signature_file = ${directory:run}/validate_configuration_state_signature
[frontend-caddy-graceful] [frontend-haproxy-graceful]
< = jinja2-template-base < = jinja2-template-base
url = {{ software_parameter_dict['template_graceful_script'] }} url = {{ software_parameter_dict['template_graceful_script'] }}
output = ${directory:etc-run}/frontend-caddy-safe-graceful output = ${directory:etc-run}/frontend-haproxy-safe-graceful
mode = 0700
extra-context = extra-context =
key graceful_reload_command caddy-configuration:frontend-graceful-command key graceful_reload_command frontend-haproxy-configuration:frontend-graceful-command
key configuration_state frontend-caddy-configuration-state-graceful:output key configuration_state frontend-haproxy-configuration-state-graceful:output
[frontend-caddy-validate] [frontend-haproxy-validate]
< = jinja2-template-base < = jinja2-template-base
url = {{ software_parameter_dict['template_validate_script'] }} url = {{ software_parameter_dict['template_validate_script'] }}
output = ${directory:bin}/frontend-caddy-validate output = ${directory:bin}/frontend-haproxy-validate
last_state_file = ${directory:run}/caddy_configuration_last_state mode = 0700
validate_command = ${caddy-wrapper:output} -validate last_state_file = ${directory:run}/frontend_haproxy_configuration_last_state
validate_command = {{ FRONTEND_HAPROXY_EXECUTABLE }} -f ${frontend-haproxy-configuration:file} -c
extra-context =
raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
key validate_command :validate_command
key configuration_state_command frontend-haproxy-configuration-state-validate:output
key last_state_file :last_state_file
[backend-haproxy-validate]
<= jinja2-template-base
url = {{ software_parameter_dict['template_validate_script'] }}
output = ${directory:bin}/backend-haproxy-validate
mode = 0700
last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
validate_command = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file} -c
extra-context = extra-context =
raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
key validate_command :validate_command key validate_command :validate_command
key configuration_state_command frontend-caddy-configuration-state-validate:output key configuration_state_command backend-haproxy-configuration-state-validate:output
key last_state_file :last_state_file key last_state_file :last_state_file
[frontend-caddy-lazy-graceful] [frontend-haproxy-lazy-graceful]
< = jinja2-template-base < = jinja2-template-base
url = {{ software_parameter_dict['template_lazy_script_call'] }} url = {{ software_parameter_dict['template_lazy_script_call'] }}
output = ${directory:bin}/frontend-caddy-lazy-graceful output = ${directory:bin}/frontend-haproxy-lazy-graceful
mode = 0700
pid-file = ${directory:run}/lazy-graceful.pid pid-file = ${directory:run}/lazy-graceful.pid
wait_time = 60 wait_time = 60
extra-context = extra-context =
key pid_file :pid-file key pid_file :pid-file
key wait_time :wait_time key wait_time :wait_time
key lazy_command caddy-configuration:frontend-graceful-command key lazy_command frontend-haproxy-configuration:frontend-graceful-command
# Promises checking configuration: # Promises checking configuration:
[promise-helper-last-configuration-state] [promise-helper-last-configuration-state]
...@@ -722,41 +745,41 @@ url = {{ software_parameter_dict['template_empty'] }} ...@@ -722,41 +745,41 @@ url = {{ software_parameter_dict['template_empty'] }}
output = ${directory:bin}/frontend-read-last-configuration-state output = ${directory:bin}/frontend-read-last-configuration-state
content = content =
#!/bin/sh #!/bin/sh
exit `cat ${frontend-caddy-validate:last_state_file}` exit `cat ${frontend-haproxy-validate:last_state_file}`
context = context =
key content :content key content :content
[promise-frontend-caddy-configuration] [promise-frontend-frontend-haproxy-configuration]
<= monitor-promise-base <= monitor-promise-base
promise = validate_frontend_configuration promise = validate_frontend_configuration
name = frontend-caddy-configuration-promise.py name = frontend-frontend-haproxy-configuration-promise.py
config-verification-script = ${promise-helper-last-configuration-state:output} config-verification-script = ${promise-helper-last-configuration-state:output}
[promise-caddy-frontend-v4-https] [promise-frontend-haproxy-v4-https]
<= monitor-promise-base <= monitor-promise-base
promise = check_socket_listening promise = check_socket_listening
name = caddy_frontend_ipv4_https.py name = frontend_haproxy_ipv4_https.py
config-host = {{ instance_parameter_dict['ipv4-random'] }} config-host = {{ instance_parameter_dict['ipv4-random'] }}
config-port = ${configuration:port} config-port = ${configuration:port}
[promise-caddy-frontend-v4-http] [promise-frontend-haproxy-v4-http]
<= monitor-promise-base <= monitor-promise-base
promise = check_socket_listening promise = check_socket_listening
name = caddy_frontend_ipv4_http.py name = frontend_haproxy_ipv4_http.py
config-host = {{ instance_parameter_dict['ipv4-random'] }} config-host = {{ instance_parameter_dict['ipv4-random'] }}
config-port = ${configuration:plain_http_port} config-port = ${configuration:plain_http_port}
[promise-caddy-frontend-v6-https] [promise-frontend-haproxy-v6-https]
<= monitor-promise-base <= monitor-promise-base
promise = check_socket_listening promise = check_socket_listening
name = caddy_frontend_ipv6_https.py name = frontend_haproxy_ipv6_https.py
config-host = {{ instance_parameter_dict['ipv6-random'] }} config-host = {{ instance_parameter_dict['ipv6-random'] }}
config-port = ${configuration:port} config-port = ${configuration:port}
[promise-caddy-frontend-v6-http] [promise-frontend-haproxy-v6-http]
<= monitor-promise-base <= monitor-promise-base
promise = check_socket_listening promise = check_socket_listening
name = caddy_frontend_ipv6_http.py name = frontend_haproxy_ipv6_http.py
config-host = {{ instance_parameter_dict['ipv6-random'] }} config-host = {{ instance_parameter_dict['ipv6-random'] }}
config-port = ${configuration:plain_http_port} config-port = ${configuration:plain_http_port}
...@@ -795,10 +818,30 @@ statistic-username = ${monitor-instance-parameter:username} ...@@ -795,10 +818,30 @@ statistic-username = ${monitor-instance-parameter:username}
statistic-password = ${monitor-htpasswd:passwd} statistic-password = ${monitor-htpasswd:passwd}
statistic-identification = {{ instance_parameter_dict['configuration.frontend-name'] + ' @ ' + slapparameter_dict['cluster-identification'] }} statistic-identification = {{ instance_parameter_dict['configuration.frontend-name'] + ' @ ' + slapparameter_dict['cluster-identification'] }}
statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access} statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access}
version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value}
[frontend-haproxy]
recipe = slapos.cookbook:wrapper
command-line = {{ FRONTEND_HAPROXY_EXECUTABLE }} -f ${frontend-haproxy-configuration:file}
wrapper-path = ${directory:service}/frontend-haproxy
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[frontend-haproxy-rsyslogd-lazy-graceful]
< = jinja2-template-base
url = {{ software_parameter_dict['template_lazy_script_call'] }}
output = ${directory:bin}/frontend-haproxy-rsyslogd-lazy-graceful
mode = 0700
pid-file = ${directory:run}/frontend-haproxy-rsyslogd-lazy-graceful.pid
wait_time = 60
extra-context =
key pid_file :pid-file
key wait_time :wait_time
key lazy_command frontend-haproxy-rsyslogd-config:graceful-command
[backend-haproxy] [backend-haproxy]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} command-line = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file}
wrapper-path = ${directory:service}/backend-haproxy wrapper-path = ${directory:service}/backend-haproxy
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
...@@ -863,7 +906,7 @@ extra-context = ...@@ -863,7 +906,7 @@ extra-context =
url = {{ software_parameter_dict['template_validate_script'] }} url = {{ software_parameter_dict['template_validate_script'] }}
output = ${directory:bin}/backend-haproxy-validate output = ${directory:bin}/backend-haproxy-validate
last_state_file = ${directory:run}/backend_haproxy_configuration_last_state last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c validate_command = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file} -c
extra-context = extra-context =
raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
key validate_command :validate_command key validate_command :validate_command
...@@ -892,7 +935,7 @@ log-file = ${directory:log}/backend-haproxy.log ...@@ -892,7 +935,7 @@ log-file = ${directory:log}/backend-haproxy.log
pid-file = ${directory:run}/backend-haproxy-rsyslogd.pid pid-file = ${directory:run}/backend-haproxy-rsyslogd.pid
spool-directory = ${directory:backend-haproxy-rsyslogd-spool} spool-directory = ${directory:backend-haproxy-rsyslogd-spool}
graceful-command = kill -HUP $(cat ${:pid-file}) graceful-command = kill -HUP $(cat ${:pid-file})
log-directory = ${caddy-directory:slave-log} log-directory = ${frontend-directory:slave-log}
[backend-haproxy-rsyslogd-configuration] [backend-haproxy-rsyslogd-configuration]
<= jinja2-template-base <= jinja2-template-base
...@@ -940,14 +983,6 @@ command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ software_param ...@@ -940,14 +983,6 @@ command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ software_param
extra-context = extra-context =
key content monitor-ats-cache-stats-wrapper:command key content monitor-ats-cache-stats-wrapper:command
[monitor-caddy-server-status-wrapper]
< = jinja2-template-base
url = {{ software_parameter_dict['template_wrapper'] }}
output = ${directory:bin}/monitor-caddy-server-status-wrapper
command = {{ software_parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter_dict['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1
extra-context =
key content monitor-caddy-server-status-wrapper:command
[monitor-ats-cache-stats-config] [monitor-ats-cache-stats-config]
< = jinja2-template-base < = jinja2-template-base
url = {{ software_parameter_dict['template_empty'] }} url = {{ software_parameter_dict['template_empty'] }}
...@@ -1027,7 +1062,7 @@ url = {{ software_parameter_dict['template_graceful_script'] }} ...@@ -1027,7 +1062,7 @@ url = {{ software_parameter_dict['template_graceful_script'] }}
output = ${directory:etc-run}/slave-introspection-safe-graceful output = ${directory:etc-run}/slave-introspection-safe-graceful
extra-context = extra-context =
key graceful_reload_command caddy-configuration:slave-introspection-graceful-command key graceful_reload_command frontend-haproxy-configuration:slave-introspection-graceful-command
key configuration_state slave-introspection-configuration-state-graceful:output key configuration_state slave-introspection-configuration-state-graceful:output
[slave-introspection-validate] [slave-introspection-validate]
...@@ -1068,9 +1103,9 @@ config-port = ${frontend-configuration:slave-introspection-https-port} ...@@ -1068,9 +1103,9 @@ config-port = ${frontend-configuration:slave-introspection-https-port}
[logrotate-entry-slave-introspection] [logrotate-entry-slave-introspection]
<= logrotate-entry-base <= logrotate-entry-base
name = slave-introspection name = slave-introspection
log = ${caddy-configuration:slave-introspection-access-log} ${caddy-configuration:slave-introspection-error-log} log = ${frontend-haproxy-configuration:slave-introspection-access-log} ${frontend-haproxy-configuration:slave-introspection-error-log}
rotate-num = ${configuration:rotate-num} rotate-num = ${configuration:rotate-num}
post = kill -USR1 $(cat ${caddy-configuration:slave-introspection-pid-file}) post = kill -USR2 $(cat ${frontend-haproxy-configuration:slave-introspection-pid-file})
delaycompress = delaycompress =
[promise-logrotate-setup] [promise-logrotate-setup]
......
...@@ -34,12 +34,6 @@ ...@@ -34,12 +34,6 @@
"title": "Enable HTTP2 by Default", "title": "Enable HTTP2 by Default",
"type": "string" "type": "string"
}, },
"mpm-graceful-shutdown-timeout": {
"default": 5,
"description": "Value passed to -grace parameter of Caddy, see https://caddyserver.com/docs/cli .",
"title": "Duration of the graceful shutdown period. Warning: Changing the parameter will result in restarting Caddy process.",
"type": "integer"
},
"re6st-verification-url": { "re6st-verification-url": {
"description": "Url to verify if the internet and/or re6stnet is working.", "description": "Url to verify if the internet and/or re6stnet is working.",
"title": "Test Verification URL", "title": "Test Verification URL",
...@@ -78,9 +72,9 @@ ...@@ -78,9 +72,9 @@
"type": "string" "type": "string"
}, },
"ciphers": { "ciphers": {
"description": "List of ciphers. Empty defaults to Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
"title": "Ordered space separated list of ciphers", "title": "Ordered space separated list of ciphers",
"type": "string" "type": "string",
"default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
}, },
"request-timeout": { "request-timeout": {
"default": 600, "default": 600,
......
...@@ -5,7 +5,27 @@ ...@@ -5,7 +5,27 @@
{%- set NAME_BASE = 'caddy-frontend' %} {%- set NAME_BASE = 'caddy-frontend' %}
{#- DANGER! DANGER! #} {#- DANGER! DANGER! #}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %} {%- set GOOD_CIPHER_LIST = [
'ECDHE-ECDSA-AES256-GCM-SHA384',
'ECDHE-RSA-AES256-GCM-SHA384',
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES128-GCM-SHA256',
] %}
{%- set CIPHER_TRANSLATION_DICT = {
'ECDHE-ECDSA-WITH-CHACHA20-POLY1305': 'ECDHE-ECDSA-CHACHA20-POLY1305',
'ECDHE-RSA-WITH-CHACHA20-POLY1305': 'ECDHE-RSA-CHACHA20-POLY1305',
'ECDHE-RSA-AES256-CBC-SHA': 'ECDHE-RSA-AES256-SHA',
'ECDHE-RSA-AES128-CBC-SHA': 'ECDHE-RSA-AES128-SHA',
'ECDHE-ECDSA-AES256-CBC-SHA': 'ECDHE-ECDSA-AES256-SHA',
'ECDHE-ECDSA-AES128-CBC-SHA': 'ECDHE-ECDSA-AES128-SHA',
'RSA-AES256-CBC-SHA': 'AES256-SHA',
'RSA-AES128-CBC-SHA': 'AES128-SHA',
'ECDHE-RSA-3DES-EDE-CBC-SHA': 'ECDHE-RSA-DES-CBC3-SHA',
'RSA-3DES-EDE-CBC-SHA': 'DES-CBC3-SHA'
} %}
{%- for key, value in CIPHER_TRANSLATION_DICT.items() %}
{%- do GOOD_CIPHER_LIST.append(value) %}
{%- endfor %}
{#- Allow to pass only some parameters to frontend nodes #} {#- Allow to pass only some parameters to frontend nodes #}
{%- set FRONTEND_NODE_PASSED_KEY_LIST = [ {%- set FRONTEND_NODE_PASSED_KEY_LIST = [
'plain_http_port', 'plain_http_port',
...@@ -14,7 +34,6 @@ ...@@ -14,7 +34,6 @@
'apache-key', 'apache-key',
'domain', 'domain',
'enable-http2-by-default', 'enable-http2-by-default',
'mpm-graceful-shutdown-timeout',
're6st-verification-url', 're6st-verification-url',
'backend-connect-timeout', 'backend-connect-timeout',
'backend-connect-retries', 'backend-connect-retries',
...@@ -148,6 +167,10 @@ context = ...@@ -148,6 +167,10 @@ context =
{% do frontend_section_list.append(request_section_title) %} {% do frontend_section_list.append(request_section_title) %}
{% endif %} {% endif %}
{% do part_list.append(request_section_title) %} {% do part_list.append(request_section_title) %}
{% set frontend_haproxy_flavour_key = "-frontend-%s-experimental-haproxy-flavour" % i %}
{% do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
{% set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
{% do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
# Filling request dict for slave # Filling request dict for slave
{% set request_content_dict = { {% set request_content_dict = {
'config': config_dict, 'config': config_dict,
...@@ -215,8 +238,13 @@ context = ...@@ -215,8 +238,13 @@ context =
{% set slave_cipher_list = slave.get('ciphers', '').strip().split() %} {% set slave_cipher_list = slave.get('ciphers', '').strip().split() %}
{% if slave_cipher_list %} {% if slave_cipher_list %}
{% for cipher in slave_cipher_list %} {% for cipher in slave_cipher_list %}
{% if cipher not in GOOD_CIPHER_LIST %} {% if cipher not in GOOD_CIPHER_LIST %}
{% do slave_error_list.append('Cipher %r is not supported.' % (cipher,)) %} {% if cipher in CIPHER_TRANSLATION_DICT %}
{# Real translation happens in instance-slave-list.cfg.in #}
{% do slave_warning_list.append('Cipher %r translated to %r' % (cipher, CIPHER_TRANSLATION_DICT[cipher])) %}
{% else %}
{% do slave_error_list.append('Cipher %r is not supported.' % (cipher,)) %}
{% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
......
{ {
"$schema": "http://json-schema.org/draft-04/schema#", "$schema": "http://json-schema.org/draft-04/schema#",
"description": "Values returned by Caddy Frontend instanciation", "description": "Values returned by Rapid.CDN instanciation",
"properties": { "properties": {
"accepted-slave-amount": { "accepted-slave-amount": {
"description": "Amount of Slaves allocated to the Instance which are deployed", "description": "Amount of Slaves allocated to the Instance which are deployed",
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
}, },
"type": { "type": {
"default": "", "default": "",
"description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster.", "description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster. All frontends support websocket by default and under the hood, but switch to type:websocket allow to configure websocket-path-list and websocket-transparent options.",
"enum": [ "enum": [
"", "",
"zope", "zope",
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
}, },
"enable_cache": { "enable_cache": {
"default": "false", "default": "false",
"description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend Caddy and backend", "description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend and backend",
"enum": [ "enum": [
"false", "false",
"true" "true"
...@@ -120,7 +120,7 @@ ...@@ -120,7 +120,7 @@
}, },
"websocket-transparent": { "websocket-transparent": {
"default": "true", "default": "true",
"description": "If set to false, websocket slave will be without Caddy's transparent proxy mode. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.", "description": "If set to false, websocket slave will be without passing X-Real-Ip, X-Forwarded-Proto and X-Forwarded-Port. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.",
"enum": [ "enum": [
"false", "false",
"true" "true"
...@@ -210,9 +210,9 @@ ...@@ -210,9 +210,9 @@
"type": "integer" "type": "integer"
}, },
"ciphers": { "ciphers": {
"description": "List of ciphers. Empty defaults to cluster list of ciphers, which by default are Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
"title": "Ordered space separated list of ciphers", "title": "Ordered space separated list of ciphers",
"type": "string" "type": "string",
"default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
}, },
"authenticate-to-backend": { "authenticate-to-backend": {
"description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.", "description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
{%- set backend_slave_list = [] %} {%- set backend_slave_list = [] %}
{%- set frontend_slave_list = [] %} {%- set frontend_slave_list = [] %}
{%- set part_list = [] %} {%- set part_list = [] %}
{%- set cache_port = caddy_configuration.get('cache-port') %} {%- set cache_port = frontend_haproxy_configuration.get('cache-port') %}
{%- set cache_access = "http://%s:%s/HTTP" % (instance_parameter_dict['ipv4-random'], cache_port) %} {%- set cache_access = "http://%s:%s/HTTP" % (instance_parameter_dict['ipv4-random'], cache_port) %}
{%- set ssl_cache_access = "http://%s:%s/HTTPS" % (instance_parameter_dict['ipv4-random'], cache_port) %} {%- set ssl_cache_access = "http://%s:%s/HTTPS" % (instance_parameter_dict['ipv4-random'], cache_port) %}
{%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %} {%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %}
...@@ -17,9 +17,9 @@ ...@@ -17,9 +17,9 @@
{%- do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %} {%- do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %}
{%- endif %} {%- endif %}
{%- if master_key_download_url %} {%- if master_key_download_url %}
{%- do kedifa_updater_mapping.append((master_key_download_url, caddy_configuration['master-certificate'], apache_certificate)) %} {%- do kedifa_updater_mapping.append((master_key_download_url, frontend_haproxy_configuration['master-certificate'], apache_certificate)) %}
{%- else %} {%- else %}
{%- do kedifa_updater_mapping.append(('notreadyyet', caddy_configuration['master-certificate'], apache_certificate)) %} {%- do kedifa_updater_mapping.append(('notreadyyet', frontend_haproxy_configuration['master-certificate'], apache_certificate)) %}
{%- endif %} {%- endif %}
{%- if kedifa_configuration['slave_kedifa_information'] %} {%- if kedifa_configuration['slave_kedifa_information'] %}
{%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %} {%- set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
...@@ -40,6 +40,18 @@ context = ...@@ -40,6 +40,18 @@ context =
[slave-htpasswd] [slave-htpasswd]
{#- Prepare configuration parameters #} {#- Prepare configuration parameters #}
{%- set CIPHER_TRANSLATION_DICT = {
'ECDHE-ECDSA-WITH-CHACHA20-POLY1305': 'ECDHE-ECDSA-CHACHA20-POLY1305',
'ECDHE-RSA-WITH-CHACHA20-POLY1305': 'ECDHE-RSA-CHACHA20-POLY1305',
'ECDHE-RSA-AES256-CBC-SHA': 'ECDHE-RSA-AES256-SHA',
'ECDHE-RSA-AES128-CBC-SHA': 'ECDHE-RSA-AES128-SHA',
'ECDHE-ECDSA-AES256-CBC-SHA': 'ECDHE-ECDSA-AES256-SHA',
'ECDHE-ECDSA-AES128-CBC-SHA': 'ECDHE-ECDSA-AES128-SHA',
'RSA-AES256-CBC-SHA': 'AES256-SHA',
'RSA-AES128-CBC-SHA': 'AES128-SHA',
'ECDHE-RSA-3DES-EDE-CBC-SHA': 'ECDHE-RSA-DES-CBC3-SHA',
'RSA-3DES-EDE-CBC-SHA': 'DES-CBC3-SHA'
} %}
{%- set DEFAULT_PORT = {'http': 80, 'https': 443, '': None} %} {%- set DEFAULT_PORT = {'http': 80, 'https': 443, '': None} %}
{%- for key in ['enable-http2-by-default'] %} {%- for key in ['enable-http2-by-default'] %}
{%- do configuration.__setitem__(key, ('' ~ configuration[key]).lower() in TRUE_VALUES) %} {%- do configuration.__setitem__(key, ('' ~ configuration[key]).lower() in TRUE_VALUES) %}
...@@ -53,7 +65,7 @@ context = ...@@ -53,7 +65,7 @@ context =
{#- * stabilise values for backend #} {#- * stabilise values for backend #}
{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %} {%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
{%- set parsed = urllib_module.parse.urlparse(slave_instance.get(key, '').strip()) %} {%- set parsed = urllib_module.parse.urlparse(slave_instance.get(key, '').strip()) %}
{%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %} {%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split()} %}
{%- do slave_instance.__setitem__(prefix, info_dict) %} {%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %} {%- endfor %}
{%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %} {%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
...@@ -86,11 +98,14 @@ context = ...@@ -86,11 +98,14 @@ context =
{%- do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %} {%- do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
{%- do slave_instance.__setitem__('path', slave_instance.get('path', '').strip('/')) %} {%- do slave_instance.__setitem__('path', slave_instance.get('path', '').strip('/')) %}
{#- Manage ciphers #} {#- Manage ciphers #}
{%- set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %} {%- set slave_ciphers = [] %}
{%- for cipher in slave_instance.get('ciphers', '').strip().split() %}
{%- do slave_ciphers.append(CIPHER_TRANSLATION_DICT.get(cipher, cipher)) %}
{%- endfor %}
{%- if slave_ciphers %} {%- if slave_ciphers %}
{%- set slave_cipher_list = ' '.join(slave_ciphers) %} {%- set slave_cipher_list = ':'.join(slave_ciphers) %}
{%- else %} {%- else %}
{%- set slave_cipher_list = configuration['ciphers'].strip() %} {%- set slave_cipher_list = ':'.join(configuration['ciphers'].strip().split()) %}
{%- endif %} {%- endif %}
{%- do slave_instance.__setitem__('ciphers', slave_cipher_list) %} {%- do slave_instance.__setitem__('ciphers', slave_cipher_list) %}
{#- Manage common instance parameters #} {#- Manage common instance parameters #}
...@@ -98,7 +113,8 @@ context = ...@@ -98,7 +113,8 @@ context =
{%- set enable_cache = (slave_instance['enable_cache'] and slave_type != 'redirect') %} {%- set enable_cache = (slave_instance['enable_cache'] and slave_type != 'redirect') %}
{%- set slave_reference = slave_instance.get('slave_reference') %} {%- set slave_reference = slave_instance.get('slave_reference') %}
{%- set slave_kedifa = slave_kedifa_information.get(slave_reference) %} {%- set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
{#- Setup backend URLs for front facing Caddy #}
{#- Setup backend URLs for frontend-haproxy #}
{%- if slave_type == 'redirect' %} {%- if slave_type == 'redirect' %}
{%- do slave_instance.__setitem__('backend-http-url', slave_instance.get('url', '').rstrip('/')) %} {%- do slave_instance.__setitem__('backend-http-url', slave_instance.get('url', '').rstrip('/')) %}
{%- if slave_instance.get('https-url') %} {%- if slave_instance.get('https-url') %}
...@@ -121,12 +137,24 @@ context = ...@@ -121,12 +137,24 @@ context =
{%- do slave_instance.__setitem__('backend-https-url', backend_haproxy_https_url) %} {%- do slave_instance.__setitem__('backend-https-url', backend_haproxy_https_url) %}
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
{%- for frontend_key, key in [('backend-http-info', 'backend-http-url'), ('backend-https-info', 'backend-https-url')] %}
{%- if key in slave_instance %}
{%- set parsed = urllib_module.parse.urlparse(slave_instance[key]) %}
{%- do slave_instance.__setitem__(frontend_key, {
'scheme': parsed.scheme,
'hostname': parsed.hostname,
'port': parsed.port or DEFAULT_PORT[parsed.scheme],
'path': parsed.path,
'fragment': parsed.fragment,
'query': parsed.query }) %}
{%- endif %}
{%- endfor %}
{%- if slave_kedifa %} {%- if slave_kedifa %}
{%- set key_download_url = slave_kedifa.get('key-download-url') %} {%- set key_download_url = slave_kedifa.get('key-download-url') %}
{%- else %} {%- else %}
{%- set key_download_url = 'notreadyyet' %} {%- set key_download_url = 'notreadyyet' %}
{%- endif %} {%- endif %}
{%- set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
{%- set slave_parameter_dict = generic_instance_parameter_dict.copy() %} {%- set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
{%- set slave_publish_dict = {} %} {%- set slave_publish_dict = {} %}
{%- set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %} {%- set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
...@@ -137,7 +165,6 @@ context = ...@@ -137,7 +165,6 @@ context =
{%- set slave_ln_section = slave_reference + "-ln" %} {%- set slave_ln_section = slave_reference + "-ln" %}
{#- extend parts #} {#- extend parts #}
{%- do part_list.extend([slave_ln_section]) %} {%- do part_list.extend([slave_ln_section]) %}
{%- do part_list.extend([slave_section_title]) %}
{%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %} {%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
{#- Pass backend timeout values #} {#- Pass backend timeout values #}
{%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %} {%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
...@@ -176,11 +203,9 @@ context = ...@@ -176,11 +203,9 @@ context =
{%- do slave_instance.__setitem__('health-check-http-path', '') %} {%- do slave_instance.__setitem__('health-check-http-path', '') %}
{%- endif %} {# if slave_instance['health-check'] #} {%- endif %} {# if slave_instance['health-check'] #}
{#- Set Up log files #} {#- Set Up log files #}
{%- do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %} {%- do slave_parameter_dict.__setitem__('access_log', '/'.join([frontend_directory['slave-log'], '%s_access_log' % slave_reference])) %}
{%- do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %} {%- do slave_parameter_dict.__setitem__('backend_log', '/'.join([frontend_directory['slave-log'], '%s_backend_log' % slave_reference])) %}
{%- do slave_parameter_dict.__setitem__('backend_log', '/'.join([caddy_log_directory, '%s_backend_log' % slave_reference])) %}
{%- do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %} {%- do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %}
{%- do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %}
{%- do slave_instance.__setitem__('backend_log', slave_parameter_dict.get('backend_log')) %} {%- do slave_instance.__setitem__('backend_log', slave_parameter_dict.get('backend_log')) %}
{#- Add slave log directory to the slave log access dict #} {#- Add slave log directory to the slave log access dict #}
{%- do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %} {%- do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}
...@@ -241,7 +266,7 @@ log-directory = {{ '${slave-log-directory-dict:' + slave_reference + '}' }} ...@@ -241,7 +266,7 @@ log-directory = {{ '${slave-log-directory-dict:' + slave_reference + '}' }}
[{{slave_logrotate_section}}] [{{slave_logrotate_section}}]
<= logrotate-entry-base <= logrotate-entry-base
name = ${:_buildout_section_name_} name = ${:_buildout_section_name_}
log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}} {{slave_parameter_dict.get('backend_log')}} log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('backend_log')}}
backup = {{ '${' + slave_log_directory_section + ':log-directory}' }} backup = {{ '${' + slave_log_directory_section + ':log-directory}' }}
rotate-num = {{ dumps('' ~ configuration['rotate-num']) }} rotate-num = {{ dumps('' ~ configuration['rotate-num']) }}
# disable delayed compression, as log filenames shall be stable # disable delayed compression, as log filenames shall be stable
...@@ -253,20 +278,22 @@ delaycompress = ...@@ -253,20 +278,22 @@ delaycompress =
recipe = plone.recipe.command recipe = plone.recipe.command
stop-on-error = false stop-on-error = false
log-directory = {{ '${' + slave_logrotate_section + ':backup}' }} log-directory = {{ '${' + slave_logrotate_section + ':backup}' }}
command = ln -sf {{slave_parameter_dict.get('error_log')}} ${:log-directory}/error.log && ln -sf {{slave_parameter_dict.get('access_log')}} ${:log-directory}/access.log && ln -sf {{slave_parameter_dict.get('backend_log')}} ${:log-directory}/backend.log command =
ln -sf {{slave_parameter_dict.get('access_log')}} ${:log-directory}/access.log
ln -sf {{slave_parameter_dict.get('backend_log')}} ${:log-directory}/backend.log
{#- Set password for slave #} {#- Set password for slave #}
[{{slave_password_section}}] [{{slave_password_section}}]
recipe = slapos.cookbook:generate.password recipe = slapos.cookbook:generate.password
storage-path = {{caddy_configuration_directory}}/.{{slave_reference}}.passwd storage-path = {{ frontend_directory['slave-configuration'] }}/.{{slave_reference}}.passwd
bytes = 8 bytes = 8
[{{ slave_htpasswd_section }}] [{{ slave_htpasswd_section }}]
recipe = plone.recipe.command recipe = plone.recipe.command
{#- Can be stopped on error, as does not rely on self provided service #} {#- Can be stopped on error, as does not rely on self provided service #}
stop-on-error = True stop-on-error = True
file = {{ caddy_configuration_directory }}/.{{ slave_reference }}.htpasswd file = {{ frontend_directory['slave-configuration'] }}/.{{ slave_reference }}.htpasswd
{#- update-command is not needed, as if the ${:password} would change, the whole part will be recalculated #} {#- update-command is not needed, as if the ${:password} would change, the whole part will be recalculated #}
password = {{ '${' + slave_password_section + ':passwd}' }} password = {{ '${' + slave_password_section + ':passwd}' }}
command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_reference.lower() }} ${:password} command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_reference.lower() }} ${:password}
...@@ -275,14 +302,15 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_refere ...@@ -275,14 +302,15 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_refere
{#- Set Slave Certificates if needed #} {#- Set Slave Certificates if needed #}
{#- Set certificate key for custom configuration #} {#- Set certificate key for custom configuration #}
{%- set cert_name = slave_reference.replace('-','.') + '.pem' %} {%- set cert_name = slave_reference.replace('-','.') + '.pem' %}
{%- set certificate = '%s/%s' % (autocert, cert_name) %} {%- set certificate = '%s/%s' % (frontend_directory['autocert'], cert_name) %}
{%- do slave_parameter_dict.__setitem__('certificate', certificate )%} {%- do slave_parameter_dict.__setitem__('certificate', certificate )%}
{%- do slave_instance.__setitem__('certificate', certificate )%}
{#- Set ssl certificates for each slave #} {#- Set ssl certificates for each slave #}
{%- for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt', 'health-check-failover-ssl-proxy-ca-crt')%} {%- for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt', 'health-check-failover-ssl-proxy-ca-crt')%}
{%- set cert_file_key = 'path_to_' + cert_name %} {%- set cert_file_key = 'path_to_' + cert_name %}
{%- if cert_name in slave_instance %} {%- if cert_name in slave_instance %}
{%- set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %} {%- set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
{%- set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %} {%- set cert_file = '/'.join([frontend_directory['custom-ssl-directory'], cert_title.replace('-','.')]) %}
{%- do part_list.append(cert_title) %} {%- do part_list.append(cert_title) %}
{%- do slave_parameter_dict.__setitem__(cert_name, cert_file) %} {%- do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
{%- do slave_instance.__setitem__(cert_file_key, cert_file) %} {%- do slave_instance.__setitem__(cert_file_key, cert_file) %}
...@@ -317,7 +345,7 @@ cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.ge ...@@ -317,7 +345,7 @@ cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.ge
extra-context = extra-context =
key content :cert-content key content :cert-content
{%- else %} {%- else %}
{%- do kedifa_updater_mapping.append((key_download_url, certificate, caddy_configuration['master-certificate'])) %} {%- do kedifa_updater_mapping.append((key_download_url, certificate, frontend_haproxy_configuration['master-certificate'])) %}
{%- endif %} {%- endif %}
{#- BBB: SlapOS Master non-zero knowledge END #} {#- BBB: SlapOS Master non-zero knowledge END #}
...@@ -329,26 +357,12 @@ certificate = {{ certificate }} ...@@ -329,26 +357,12 @@ certificate = {{ certificate }}
https_port = {{ dumps('' ~ configuration['port']) }} https_port = {{ dumps('' ~ configuration['port']) }}
http_port = {{ dumps('' ~ configuration['plain_http_port']) }} http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }} local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
version-hash = {{ version_hash }}
node-id = {{ node_id }}
{%- for key, value in slave_instance.items() %} {%- for key, value in slave_instance.items() %}
{%- if value is not none %} {%- if value is not none %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
[{{ slave_section_title }}]
< = jinja2-template-base
output = {{ caddy_configuration_directory }}/${:filename}
url = {{ template_default_slave_configuration }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
filename = {{ '%s.conf' % slave_reference }}
{{ '\n' }}
{%- set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %} {%- set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
{%- if monitor_ipv6_test %} {%- if monitor_ipv6_test %}
{%- set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %} {%- set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
...@@ -387,35 +401,16 @@ config-frequency = 720 ...@@ -387,35 +401,16 @@ config-frequency = 720
{%- do part_list.append('slave-introspection') %} {%- do part_list.append('slave-introspection') %}
{#- ############################################## #} {#- ############################################## #}
{#- ## Prepare virtualhost for slaves using cache #} {#- ## Prepare virtualhost for slaves using cache #}
{#- Define IPv6 to IPV4 tunneling #}
[tunnel-6to4-base]
recipe = slapos.cookbook:wrapper
ipv4 = ${slap-configuration:ipv4-random}
ipv6 = ${slap-configuration:ipv6-random}
wrapper-path = {{ directory['service'] }}/6tunnel-${:ipv6-port}
command-line = {{ software_parameter_dict['sixtunnel'] }}/bin/6tunnel -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[tunnel-6to4-base-http_port]
<= tunnel-6to4-base
ipv4-port = {{ configuration['plain_http_port'] }}
ipv6-port = {{ configuration['plain_http_port'] }}
[tunnel-6to4-base-https_port]
<= tunnel-6to4-base
ipv4-port = {{ configuration['port'] }}
ipv6-port = {{ configuration['port'] }}
[slave-introspection-parameters] [slave-introspection-parameters]
local-ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }} local-ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
global-ipv6 = {{ dumps(global_ipv6) }} global-ipv6 = {{ dumps(global_ipv6) }}
https-port = {{ frontend_configuration['slave-introspection-https-port'] }} https-port = {{ frontend_configuration['slave-introspection-https-port'] }}
ip-access-certificate = {{ frontend_configuration.get('ip-access-certificate') }} ip-access-certificate = {{ frontend_configuration.get('ip-access-certificate') }}
nginx-mime = {{ software_parameter_dict['nginx_mime'] }} nginx-mime = {{ software_parameter_dict['nginx_mime'] }}
access-log = {{ dumps(caddy_configuration['slave-introspection-access-log']) }} access-log = {{ dumps(frontend_haproxy_configuration['slave-introspection-access-log']) }}
error-log = {{ dumps(caddy_configuration['slave-introspection-error-log']) }} error-log = {{ dumps(frontend_haproxy_configuration['slave-introspection-error-log']) }}
var = {{ directory['slave-introspection-var'] }} var = {{ directory['slave-introspection-var'] }}
pid = {{ caddy_configuration['slave-introspection-pid-file'] }} pid = {{ frontend_haproxy_configuration['slave-introspection-pid-file'] }}
[slave-introspection-config] [slave-introspection-config]
<= jinja2-template-base <= jinja2-template-base
...@@ -437,7 +432,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -437,7 +432,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{#- Publish information for the instance #} {#- Publish information for the instance #}
[publish-caddy-information] [publish]
recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
{%- if configuration['extra_slave_instance_list'] %} {%- if configuration['extra_slave_instance_list'] %}
{#- sort_keys are important in order to avoid shuffling parameters on each run #} {#- sort_keys are important in order to avoid shuffling parameters on each run #}
...@@ -462,8 +457,8 @@ recipe = slapos.cookbook:wrapper ...@@ -462,8 +457,8 @@ recipe = slapos.cookbook:wrapper
command-line = {{ software_parameter_dict['kedifa-updater'] }} command-line = {{ software_parameter_dict['kedifa-updater'] }}
--server-ca-certificate {{ kedifa_configuration['ca-certificate'] }} --server-ca-certificate {{ kedifa_configuration['ca-certificate'] }}
--identity {{ kedifa_configuration['certificate'] }} --identity {{ kedifa_configuration['certificate'] }}
--master-certificate {{ caddy_configuration['master-certificate'] }} --master-certificate {{ frontend_haproxy_configuration['master-certificate'] }}
--on-update "{{ caddy_configuration['frontend-graceful-command'] }}" --on-update "{{ frontend_haproxy_configuration['frontend-graceful-command'] }}"
${kedifa-updater-mapping:file} ${kedifa-updater-mapping:file}
{{ kedifa_configuration['kedifa-updater-state-file'] }} {{ kedifa_configuration['kedifa-updater-state-file'] }}
...@@ -474,7 +469,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -474,7 +469,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
recipe = plone.recipe.command recipe = plone.recipe.command
{#- Can be stopped on error, as does not rely on self provided service but on service which comes from another partition #} {#- Can be stopped on error, as does not rely on self provided service but on service which comes from another partition #}
stop-on-error = True stop-on-error = True
command = {{ software_parameter_dict['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{ caddy_configuration['frontend-graceful-command'] }}" command = {{ software_parameter_dict['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{ frontend_haproxy_configuration['frontend-graceful-command'] }}"
update-command = ${:command} update-command = ${:command}
[kedifa-updater-mapping] [kedifa-updater-mapping]
...@@ -487,6 +482,38 @@ inline = ...@@ -487,6 +482,38 @@ inline =
output = ${:file} output = ${:file}
##<Frontend haproxy>
[frontend-haproxy-slave-list]
list = {{ dumps(sorted(frontend_slave_list, key=operator_module.itemgetter('slave_reference'))) }}
[frontend-haproxy-crt-list]
<= jinja2-template-base
template = {{ template_frontend_haproxy_crt_list }}
rendered = ${frontend-haproxy-config:crt-list}
extra-context =
key frontend_slave_list frontend-haproxy-slave-list:list
section configuration frontend-haproxy-config
[frontend-haproxy-configuration]
< = jinja2-template-base
template = {{ template_frontend_haproxy_configuration }}
rendered = ${frontend-haproxy-config:file}
extra-context =
key frontend_slave_list frontend-haproxy-slave-list:list
key crt_list frontend-haproxy-crt-list:rendered
section configuration frontend-haproxy-config
[frontend-haproxy-config]
{%- for key, value in frontend_haproxy_configuration.items() %}
{{ key }} = {{ value }}
{%- endfor %}
local-ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
global-ipv6 = ${slap-configuration:ipv6-random}
request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
autocert-directory = {{ frontend_directory['autocert'] }}
##</Frontend haproxy>
##<Backend haproxy> ##<Backend haproxy>
[backend-haproxy-configuration] [backend-haproxy-configuration]
< = jinja2-template-base < = jinja2-template-base
...@@ -506,8 +533,6 @@ global-ipv6 = ${slap-configuration:ipv6-random} ...@@ -506,8 +533,6 @@ global-ipv6 = ${slap-configuration:ipv6-random}
request-timeout = {{ dumps('' ~ configuration['request-timeout']) }} request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }} backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
backend-connect-retries = {{ dumps('' ~ configuration['backend-connect-retries']) }} backend-connect-retries = {{ dumps('' ~ configuration['backend-connect-retries']) }}
version-hash = {{ version_hash }}
node-id = {{ node_id }}
[template-expose-csr-link-csr] [template-expose-csr-link-csr]
recipe = plone.recipe.command recipe = plone.recipe.command
...@@ -527,7 +552,7 @@ csr = {{ backend_haproxy_configuration['csr'] }} ...@@ -527,7 +552,7 @@ csr = {{ backend_haproxy_configuration['csr'] }}
filename = kedifa-csr.pem filename = kedifa-csr.pem
csr = {{ kedifa_configuration['csr'] }} csr = {{ kedifa_configuration['csr'] }}
##<Backend haproxy> ##</Backend haproxy>
[buildout] [buildout]
extends = extends =
...@@ -538,15 +563,14 @@ extends = ...@@ -538,15 +563,14 @@ extends =
parts += parts +=
kedifa-updater kedifa-updater
kedifa-updater-run kedifa-updater-run
frontend-haproxy-configuration
backend-haproxy-configuration backend-haproxy-configuration
promise-logrotate-setup promise-logrotate-setup
promise-key-download-url-ready promise-key-download-url-ready
{%- for part in part_list %} {%- for part in part_list %}
{{ ' %s' % part }} {{ ' %s' % part }}
{%- endfor %} {%- endfor %}
publish-caddy-information publish
tunnel-6to4-base-http_port
tunnel-6to4-base-https_port
promise-expose-csr-ip-port promise-expose-csr-ip-port
cache-access = {{ cache_access }} cache-access = {{ cache_access }}
......
{ {
"$schema": "http://json-schema.org/draft-04/schema#", "$schema": "http://json-schema.org/draft-04/schema#",
"description": "Values returned by Caddy Frontend instanciation", "description": "Values returned by Rapid.CDN slave instanciation",
"properties": { "properties": {
"domain": { "domain": {
"description": "Base domain used by the instance", "description": "Base domain used by the instance",
......
...@@ -96,9 +96,8 @@ configuration.disk-cache-size = 8G ...@@ -96,9 +96,8 @@ configuration.disk-cache-size = 8G
configuration.ram-cache-size = 1G configuration.ram-cache-size = 1G
configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
configuration.enable-http2-by-default = true configuration.enable-http2-by-default = true
configuration.ciphers = configuration.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA
configuration.request-timeout = 600 configuration.request-timeout = 600
configuration.mpm-graceful-shutdown-timeout = 5
configuration.frontend-name = configuration.frontend-name =
configuration.backend-connect-timeout = 5 configuration.backend-connect-timeout = 5
configuration.backend-connect-retries = 3 configuration.backend-connect-retries = 3
......
...@@ -3,11 +3,9 @@ extends = ...@@ -3,11 +3,9 @@ extends =
buildout.hash.cfg buildout.hash.cfg
../../stack/slapos.cfg ../../stack/slapos.cfg
../../component/dash/buildout.cfg ../../component/dash/buildout.cfg
../../component/caddy/buildout.cfg
../../component/gzip/buildout.cfg ../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg ../../component/logrotate/buildout.cfg
../../component/trafficserver/buildout.cfg ../../component/trafficserver/buildout.cfg
../../component/6tunnel/buildout.cfg
../../component/xz-utils/buildout.cfg ../../component/xz-utils/buildout.cfg
../../component/rsyslogd/buildout.cfg ../../component/rsyslogd/buildout.cfg
../../component/haproxy/buildout.cfg ../../component/haproxy/buildout.cfg
...@@ -83,10 +81,11 @@ profile_slave_list = ${profile-slave-list:target} ...@@ -83,10 +81,11 @@ profile_slave_list = ${profile-slave-list:target}
# templates # templates
template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target} template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target} template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target}
template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target} template_frontend_haproxy_configuration = ${template-frontend-haproxy-configuration:target}
template_frontend_haproxy_crt_list = ${template-frontend-haproxy-crt-list:target}
template_frontend_haproxy_rsyslogd_conf = ${template-frontend-haproxy-rsyslogd-conf:target}
template_lazy_script_call = ${template-lazy-script-call:target} template_lazy_script_call = ${template-lazy-script-call:target}
template_configuration_state_script = ${template-configuration-state-script:target} template_configuration_state_script = ${template-configuration-state-script:target}
template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
template_empty = ${template-empty:target} template_empty = ${template-empty:target}
template_graceful_script = ${template-graceful-script:target} template_graceful_script = ${template-graceful-script:target}
template_not_found_html = ${template-not-found-html:target} template_not_found_html = ${template-not-found-html:target}
...@@ -103,11 +102,10 @@ template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target} ...@@ -103,11 +102,10 @@ template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
bin_directory = ${buildout:bin-directory} bin_directory = ${buildout:bin-directory}
# files # files
sixtunnel = ${6tunnel:location}
nginx = ${nginx-output:nginx} nginx = ${nginx-output:nginx}
nginx_mime = ${nginx-output:mime} nginx_mime = ${nginx-output:mime}
caddy = ${caddy:output}
haproxy_executable = ${haproxy:location}/sbin/haproxy haproxy_executable = ${haproxy:location}/sbin/haproxy
haproxy_quic_executable = ${haproxy-quic:location}/sbin/haproxy
rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
curl = ${curl:location} curl = ${curl:location}
dash = ${dash:location} dash = ${dash:location}
...@@ -156,13 +154,13 @@ url = ${:_profile_base_location_}/${:filename} ...@@ -156,13 +154,13 @@ url = ${:_profile_base_location_}/${:filename}
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/${:_update_hash_filename_} url = ${:_profile_base_location_}/${:_update_hash_filename_}
[template-caddy-frontend-configuration] [template-frontend-haproxy-configuration]
<=download-template <=download-template
[template-not-found-html] [template-frontend-haproxy-crt-list]
<=download-template <=download-template
[template-default-slave-virtualhost] [template-not-found-html]
<=download-template <=download-template
[template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
...@@ -209,6 +207,9 @@ output = ${buildout:directory}/template-wrapper.cfg ...@@ -209,6 +207,9 @@ output = ${buildout:directory}/template-wrapper.cfg
[template-expose-csr-nginx-conf] [template-expose-csr-nginx-conf]
<=download-template <=download-template
[template-frontend-haproxy-rsyslogd-conf]
<=download-template
[versions] [versions]
kedifa = 0.0.6 kedifa = 0.0.6
# Modern KeDiFa requires zc.lockfile # Modern KeDiFa requires zc.lockfile
......
{ {
"description": "Caddy Frontend", "description": "Rapid.CDN",
"name": "Caddy Frontend", "name": "Rapid.CDN",
"serialisation": "xml", "serialisation": "xml",
"software-type": { "software-type": {
"custom-personal": { "custom-personal": {
......
...@@ -60,6 +60,8 @@ frontend http-backend ...@@ -60,6 +60,8 @@ frontend http-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }} bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}" http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}" http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%} {%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }} {{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %} {%- endfor %}
...@@ -71,12 +73,14 @@ frontend https-backend ...@@ -71,12 +73,14 @@ frontend https-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}" http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}" http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%} {%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }} {{ frontend_entry(slave_instance, 'https', False) }}
{%- endfor %} {%- endfor %}
{%- for slave_instance in backend_slave_list -%} {%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }} {{ frontend_entry(slave_instance, 'https', True) }}
{%- endfor %} {% endfor %}
{%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %} {%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
...@@ -122,7 +126,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }} ...@@ -122,7 +126,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- do active_check_list.append('rise %s' % (slave_instance['health-check-rise'])) %} {%- do active_check_list.append('rise %s' % (slave_instance['health-check-rise'])) %}
{%- do active_check_list.append('fall %s' % (slave_instance['health-check-fall'])) %} {%- do active_check_list.append('fall %s' % (slave_instance['health-check-fall'])) %}
{%- if slave_instance['health-check-http-method'] != 'CONNECT' %} {%- if slave_instance['health-check-http-method'] != 'CONNECT' %}
{%- do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode, slave_instance['health-check-http-version'])) %} {%- do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode | replace('%', '%%'), slave_instance['health-check-http-version'])) %}
{%- endif %} {%- endif %}
{%- do active_check_option_list.append('timeout check %ss' % (slave_instance['health-check-timeout'])) %} {%- do active_check_option_list.append('timeout check %ss' % (slave_instance['health-check-timeout'])) %}
{%- endif %} {%- endif %}
...@@ -191,4 +195,5 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover ...@@ -191,4 +195,5 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{%- endfor %} {% endfor %}
{# END OF FILE #}
...@@ -2,11 +2,6 @@ ...@@ -2,11 +2,6 @@
{%- if slave_parameter['prefer-gzip-encoding-to-backend'] %} {%- if slave_parameter['prefer-gzip-encoding-to-backend'] %}
{%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %} {%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #} {%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
{%- if slave_parameter['path'].strip().strip('/') %}
{%- set zope_path = slave_parameter['path'].strip().strip('/') ~ '/' %}
{%- else %}
{%- set zope_path = '' %}
{%- endif %}
{%- set http_host_list = [] %} {%- set http_host_list = [] %}
{%- set https_host_list = [] %} {%- set https_host_list = [] %}
{%- for host in slave_parameter['host_list'] %} {%- for host in slave_parameter['host_list'] %}
...@@ -16,32 +11,11 @@ ...@@ -16,32 +11,11 @@
{%- macro proxy_header() %} {%- macro proxy_header() %}
timeout {{ slave_parameter['request-timeout'] }}s timeout {{ slave_parameter['request-timeout'] }}s
# force reset of X-Forwarded-For
header_upstream X-Forwarded-For {remote}
# workaround for lost connection to haproxy by reconnecting # workaround for lost connection to haproxy by reconnecting
try_duration 3s try_duration 3s
try_interval 250ms try_interval 250ms
header_upstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
{%- if not slave_parameter['disable-via-header'] %}
header_downstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
{%- endif %}
{%- endmacro %} {# proxy_header #} {%- endmacro %} {# proxy_header #}
{%- macro hsts_header(tls) %}
{%- if tls %}
{%- if slave_parameter['strict-transport-security'] > 0 %}
{%- set strict_transport_security = ['max-age=%i' % (slave_parameter['strict-transport-security'],)] %}
{%- if slave_parameter['strict-transport-security-sub-domains'] %}
{%- do strict_transport_security.append('; includeSubDomains') %}
{%- endif %}
{%- if slave_parameter['strict-transport-security-preload'] %}
{%- do strict_transport_security.append('; preload') %}
{%- endif %}
header_downstream Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- endmacro %} {# hsts_header #}
{%- for tls in [True, False] %} {%- for tls in [True, False] %}
{%- if tls %} {%- if tls %}
{%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %} {%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %}
...@@ -55,16 +29,6 @@ ...@@ -55,16 +29,6 @@
bind {{ slave_parameter['local_ipv4'] }} bind {{ slave_parameter['local_ipv4'] }}
{%- if tls %} {%- if tls %}
tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} { tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
{%- if slave_parameter['ciphers'] %}
ciphers {{ slave_parameter['ciphers'] }}
{%- endif %}
{%- if slave_parameter['enable_h2'] %}
# Allow http2
alpn h2 http/1.1
{%- else %} {#- if slave_parameter['enable_h2'] #}
# Disallow HTTP2
alpn http/1.1
{%- endif %} {#- if slave_parameter['enable_h2'] #}
} {# tls #} } {# tls #}
{%- endif %} {#- if tls #} {%- endif %} {#- if tls #}
log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" { log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
...@@ -100,75 +64,10 @@ ...@@ -100,75 +64,10 @@
redir 302 { redir 302 {
/ https://{host}{rewrite_uri} / https://{host}{rewrite_uri}
} }
{%- elif slave_parameter['type'] == 'zope' and backend_url %}
# Zope configuration
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }}
proxy "/{{ proxy_name }}" {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
{%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip
header_upstream Accept-Encoding gzip
{%- endif %} {#- if proxy_name == 'prefer-gzip' #}
{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
{%- if slave_parameter['disable-via-header'] %}
header_downstream -Via
{%- endif %} {#- if slave_parameter['disable-via-header'] #}
{%- if slave_parameter['disable-no-cache-request'] %}
header_upstream -Cache-Control
header_upstream -Pragma
{%- endif %} {#- if slave_parameter['disable-no-cache-request'] #}
transparent
} {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- if slave_parameter['default-path'] %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter['default-path'] }}
} {# redir #}
{%- endif %} {#- if slave_parameter['default-path'] #}
{%- if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
rewrite {
regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
{%- if tls %}
to /prefer-gzip/VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- else %}
to /prefer-gzip/VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- endif %}
} }
rewrite { rewrite {
regexp (.*) regexp (.*)
if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
{%- if tls %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- else %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- endif %}
}
{%- else %}
rewrite {
regexp (.*)
{%- if tls %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- else %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- endif %}
} {# rewrite #}
{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
{%- elif slave_parameter['type'] == 'redirect' %}
{%- if backend_url %}
# Redirect configuration
redir 302 {
/ {{ backend_url }}{rewrite_uri}
}
{%- endif %}
{%- elif slave_parameter['type'] == 'notebook' %} {%- elif slave_parameter['type'] == 'notebook' %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
...@@ -186,36 +85,6 @@ ...@@ -186,36 +85,6 @@
websocket websocket
without /proxy/ without /proxy/
} }
{%- elif slave_parameter['type'] == 'websocket' %}
{%- if slave_parameter['websocket-path-list'] %}
proxy / {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %}
header_upstream Host {host}
{%- endif %}
}
{%- for websocket_path in slave_parameter['websocket-path-list'] %}
proxy "/{{ websocket_path }}" {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
websocket
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %}
header_upstream Host {host}
{%- endif %}
}
{%- endfor %}
{%- else %}
proxy / {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
websocket
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %} {%- else %}
header_upstream Host {host} header_upstream Host {host}
{%- endif %} {%- endif %}
...@@ -223,12 +92,6 @@ ...@@ -223,12 +92,6 @@
{%- endif %} {%- endif %}
{%- else %} {#- if slave_parameter['type'] == 'zope' and backend_url #} {%- else %} {#- if slave_parameter['type'] == 'zope' and backend_url #}
# Default configuration # Default configuration
{%- if slave_parameter['default-path'] %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter['default-path'] }}
} {# redir #}
{%- endif %} {#- if slave_parameter['default-path'] #}
{%- if backend_url %} {%- if backend_url %}
{%- for (proxy_name, proxy_comment) in proxy_append_list %} {%- for (proxy_name, proxy_comment) in proxy_append_list %}
......
{%- for slave in frontend_slave_list %}
{%- set entry_list = [] %}
{%- set sslbindconf = [] %}
{#- <crtfile> #}
{%- do entry_list.append(slave['certificate']) %}
{%- if slave['ciphers'] %}
{%- do sslbindconf.append('ciphers %s' % (slave['ciphers']),) %}
{%- endif %}
{%- if slave['enable_h2'] %}
{%- do sslbindconf.append('alpn h2,http/1.1,http/1.0') %}
{%- else %}
{%- do sslbindconf.append('alpn http/1.1,http/1.0') %}
{%- endif %}
{%- do entry_list.append('[' + ' '.join(sslbindconf) + ']') %}
{#- <snifilter> #}
{%- do entry_list.extend(slave['host_list']) %}
{{- ' '.join(entry_list) }}
{% endfor -%}
# Fallback to default certificate
{{ configuration['master-certificate'] }}
# END OF FILE
module(
load="imuxsock"
SysSock.Name="{{ configuration['log-socket'] }}")
# Just simply output the raw line without any additional information, as
# haproxy emits enough information by itself
# Also cut out first empty space in msg, which is related to rsyslogd
# internal and end up cutting on 8k, as it's default of $MaxMessageSize
template(name="rawoutput" type="string" string="%msg:2:8192%\n")
$ActionFileDefaultTemplate rawoutput
$FileCreateMode 0600
$DirCreateMode 0700
$Umask 0022
$WorkDirectory {{ configuration['spool-directory'] }}
# Setup logging per slave, by extracting the slave name from the log stream
{%- set regex = "^\\\\s*(\\\\S.*)-https{0,1} (.*)" %}
# Extract file name part from 1st match
template(name="extract_slave_name" type="string" string="%msg:R,ERE,1,FIELD:{{ regex }}--end%")
set $!slave_name = exec_template("extract_slave_name");
template(name="slave_output" type="string" string="{{ configuration['slave-log-directory'] }}/%$!slave_name%_access_log")
# Output only 2nd match, add the newline in the ned
template(name="haproxy_slave_line" type="string" string="%msg:R,ERE,2,FIELD:{{ regex }}--end%\n")
# React on match
if (re_match($msg, '{{ regex }}')) then {
action(type="omfile" dynaFile="slave_output" template="haproxy_slave_line")
stop
}
{#- emit all not catched messages to full log file #}
*.* {{ configuration['log-file'] }}
{%- if configuration['quic'] == 'True' %}
{%- set QUIC = True %}
{%- else %}
{%- set QUIC = False %}
{%- endif %}
global
pidfile {{ configuration['pid-file'] }}
# master-worker is compatible with foreground with process management
master-worker
expose-experimental-directives
log {{ configuration['log-socket'] }} local0
defaults
mode http
log global
option httplog
timeout queue 60s
timeout server {{ configuration['request-timeout'] }}s
timeout client {{ configuration['request-timeout'] }}s
timeout connect 2s
retries 3
timeout tunnel 1h
default-server init-addr last,libc,none
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'backend-http-info', 'https': 'backend-https-info'} %}
{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
{#- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] #}
{%- set host_list = (slave_instance.get('server-alias') or '').split() %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
{%- set matched = {'count': 0} %}
{%- for host in host_list %}
{#- Match up to the end or optional port (starting with ':') #}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
{%- if wildcard and host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
# match wildcard {{ host }}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
{%- elif not wildcard and not host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
{%- endif %}
{%- endfor %}
{%- if matched['count'] > 0 %}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
{%- endif %}
{#- endif #}
{%- endmacro %}
{%- macro frontend_common() %}
# normalize URIs as it's expected by the backends
http-request normalize-uri path-merge-slashes
http-request normalize-uri path-strip-dot
http-request normalize-uri path-strip-dotdot
# Combined Log Format
capture request header REMOTE_USER len 255
capture request header Referer len 255
capture request header User-Agent len 255
log-format "%{+E}o %b %ci - %[capture.req.hdr(0)] [%trl] \"%HM %HU %HV\" %ST %B \"%[capture.req.hdr(1)]\" \"%[capture.req.hdr(2)]\" %Ta"
# setup Via
http-request add-header Via "%HV rapid-cdn-frontend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
# setup X-Forwarded-For
http-request set-header X-Forwarded-For "%ci"
{%- endmacro %}
frontend http-frontend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
bind {{ configuration['global-ipv6'] }}:{{ configuration['http-port'] }}
{{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', True) }}
{%- endfor %}
default_backend BACKEND_NOT_FOUND
frontend https-frontend
bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
bind {{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
{%- if QUIC %}
bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
http-response set-header alt-svc "h3=\":%fp\";ma=900;"
{#- Ask Chromium to use QUIC #}
http-response set-header alternate-protocol %fp:quic
{%- endif %}
{{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }}
{%- endfor %}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }}
{%- endfor %}
default_backend BACKEND_NOT_FOUND
# Backends
{%- for slave_instance in frontend_slave_list %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %}
backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- if scheme == 'http' and slave_instance['https-only'] %}
{#- Support https-only if connected via http #}
redirect scheme https code 302
{%- else %}
{%- if 'hostname' in info_dict and 'port' in info_dict %}
{%- if slave_instance['type'] == 'redirect' %}
redirect prefix {{ info_dict['scheme'] }}://{{ info_dict['hostname'] }}:{{ info_dict['port'] }} code 302
{%- else %}
server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }} {{ info_dict['hostname'] }}:{{ info_dict['port'] }}
{%- if slave_instance['disable-via-header'] %}
http-response del-header Via
{%- else %}
http-response add-header Via "%HV rapid-cdn-frontend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
{%- endif %}
{%- if scheme == 'https' %}
{%- if slave_instance['strict-transport-security'] > 0 %}
{%- set strict_transport_security = ['max-age=%i' % (slave_instance['strict-transport-security'],)] %}
{%- if slave_instance['strict-transport-security-sub-domains'] %}
{%- do strict_transport_security.append('; includeSubDomains') %}
{%- endif %}
{%- if slave_instance['strict-transport-security-preload'] %}
{%- do strict_transport_security.append('; preload') %}
{%- endif %}
http-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- for disabled_cookie in slave_instance['disabled-cookie-list'] %}
http-request replace-header Cookie (.*)(^{{ disabled_cookie | replace('%', '%%') }}=[^;]*;\ |;\ {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*) \1\3
{%- endfor %}
{%- if slave_instance['disable-no-cache-request'] %}
http-request del-header Cache-Control
http-request del-header Pragma
{%- endif %}
{%- if slave_instance['prefer-gzip-encoding-to-backend'] %}
http-request set-header Accept-Encoding gzip if { hdr(Accept-Encoding) -m sub gzip }
{%- endif %}
{%- if slave_instance['type'] == 'notebook' %}
{#- In haproxy world type:notebook is simple type:websocket with default parameters #}
{%- do slave_instance.__setitem__('type', 'websocket') %}
{%- do slave_instance.__setitem__('websocket-path-list', None) %}
{%- do slave_instance.__setitem__('websocket-transparent', True) %}
{%- endif %}
{%- if slave_instance['type'] == 'websocket' %}
{%- if slave_instance['websocket-path-list'] %}
{%- set acl_entry = ['acl is_websocket '] %}
{%- for path in slave_instance['websocket-path-list'] %}
{%- do acl_entry.append('path -i -m beg /%s || ' % (path.replace('%', '%%'),)) %}
{%- endfor %}
{%- do acl_entry.append('always_false') %}
{{ ''.join(acl_entry) }}
{%- else %}
acl is_websocket always_true
{%- endif %}
http-request set-header X-Forwarded-Proto {{ scheme }} if !is_websocket
http-request set-header X-Forwarded-Port {{ configuration[scheme + '-port'] }} if !is_websocket
{%- if slave_instance['websocket-transparent'] %}
http-request set-header X-Real-Ip "%ci" if is_websocket
http-request set-header X-Forwarded-Proto {{ scheme }} if is_websocket
http-request set-header X-Forwarded-Port {{ configuration[scheme + '-port'] }} if is_websocket
{%- else %}
{#- Pass-thourgh: X-Forwarded-Proto, X-Forwarded-Port #}
{%- endif %}
{%- else %}
http-request set-header X-Forwarded-Proto {{ scheme }}
http-request set-header X-Forwarded-Port {{ configuration[scheme + '-port'] }}
{%- endif %} {# if slave_instance['type'] == 'websocket' #}
{%- if slave_instance['type'] == 'zope' %}
{%- if slave_instance['default-path'] %}
http-request redirect location {{ scheme}}://%[hdr(host)]/{{ slave_instance['default-path'] | replace('%', '%%') }} code 301 if { path / }
{%- set not_path_acl = 'if ! { path / }' %}
{%- else %}
{%- set not_path_acl = '' %}
{%- endif %}
{%- if slave_instance['path'].strip().strip('/') %}
{%- set zope_path = slave_instance['path'].strip().strip('/').replace('%', '%%') ~ '/' %}
{%- else %}
{%- set zope_path = '' %}
{%- endif %}
http-request set-path /VirtualHostBase/{{ scheme }}/%[req.hdr(Host),field(1,:)]:{{ slave_instance['virtualhostroot-%s-port' % (scheme,)] }}/{{ zope_path }}VirtualHostRoot%[path] {{ not_path_acl }}
{%- endif %}
{%- if info_dict['path'] %}
http-request set-path {{ info_dict['path'] }}%[path]
{%- endif %} {# if info_dict['path'] #}
{%- endif %} {# if slave_instance['type'] == 'redirect' #}
{%- endif %} {# if 'hostname' in info_dict and 'port' in info_dict #}
{%- endif %} {# if scheme == 'http' and slave_instance['https-only'] #}
{%- endfor %} {# for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() #}
{%- endfor %} {# for slave_instance in frontend_slave_list #}
backend BACKEND_NOT_FOUND
{#- a bit hacky but working way to provide default CDN's 404 #}
{#- inspired by https://sleeplessbeastie.eu/2020/05/11/how-to-serve-single-file-using-haproxy/ #}
http-request set-log-level silent
errorfile 503 {{ configuration['not-found-file'] }}
{# END OF FILE #}
HTTP/1.0 404 Not Found
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html> <html>
<head> <head>
<title>Instance not found</title> <title>Instance not found</title>
......
...@@ -27,11 +27,11 @@ ...@@ -27,11 +27,11 @@
from setuptools import setup, find_packages from setuptools import setup, find_packages
version = '0.0.1.dev0' version = '0.0.1.dev0'
name = 'slapos.test.caddy-frontend' name = 'slapos.test.rapid-cdn'
setup(name=name, setup(name=name,
version=version, version=version,
description="Test for SlapOS' Caddy Frontend", description="Test for SlapOS' Rapid.CDN",
maintainer="Nexedi", maintainer="Nexedi",
maintainer_email="info@nexedi.com", maintainer_email="info@nexedi.com",
url="https://lab.nexedi.com/nexedi/slapos", url="https://lab.nexedi.com/nexedi/slapos",
......
...@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source ...@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source
import json import json
import multiprocessing import multiprocessing
import subprocess import subprocess
from unittest import skip, expectedFailure from unittest import skip
import ssl import ssl
from http.server import HTTPServer from http.server import HTTPServer
from http.server import BaseHTTPRequestHandler from http.server import BaseHTTPRequestHandler
...@@ -406,7 +406,7 @@ class TestDataMixin(object): ...@@ -406,7 +406,7 @@ class TestDataMixin(object):
# test00 name chosen to be run just after setup # test00 name chosen to be run just after setup
self._test_file_list(['var', 'run'], [ self._test_file_list(['var', 'run'], [
# can't be sure regarding its presence # can't be sure regarding its presence
'caddy_configuration_last_state', 'frontend_haproxy_configuration_last_state',
'validate_configuration_state_signature', 'validate_configuration_state_signature',
# run by cron from time to time # run by cron from time to time
'monitor/monitor-collect.pid', 'monitor/monitor-collect.pid',
...@@ -430,11 +430,6 @@ class TestDataMixin(object): ...@@ -430,11 +430,6 @@ class TestDataMixin(object):
data_replacement_dict = { data_replacement_dict = {
'{hash-generic}': generateHashFromFiles(hash_file_list) '{hash-generic}': generateHashFromFiles(hash_file_list)
} }
for caddy_wrapper_path in glob.glob(os.path.join(
self.instance_path, '*', 'bin', 'caddy-wrapper')):
partition_id = caddy_wrapper_path.split('/')[-3]
data_replacement_dict['{hash-caddy-%s}' % (partition_id)] = \
generateHashFromFiles([caddy_wrapper_path] + hash_file_list)
for backend_haproxy_wrapper_path in glob.glob(os.path.join( for backend_haproxy_wrapper_path in glob.glob(os.path.join(
self.instance_path, '*', 'bin', 'backend-haproxy-wrapper')): self.instance_path, '*', 'bin', 'backend-haproxy-wrapper')):
partition_id = backend_haproxy_wrapper_path.split('/')[-3] partition_id = backend_haproxy_wrapper_path.split('/')[-3]
...@@ -708,7 +703,8 @@ class TestHandler(BaseHTTPRequestHandler): ...@@ -708,7 +703,8 @@ class TestHandler(BaseHTTPRequestHandler):
response = base64.b64decode(self.headers['x-reply-body']) response = base64.b64decode(self.headers['x-reply-body'])
time.sleep(timeout) time.sleep(timeout)
self.send_response(status_code) self.send_response_only(status_code)
self.send_header('Server', self.server_version)
for key, value in list(header_dict.items()): for key, value in list(header_dict.items()):
self.send_header(key, value) self.send_header(key, value)
...@@ -937,8 +933,8 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -937,8 +933,8 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
time.sleep(2) time.sleep(2)
# assert that in the worst case last run was correct # assert that in the worst case last run was correct
assert return_code == 0, output assert return_code == 0, output
# give caddy a moment to refresh its config, as sending signal does not # give haproxy a moment to refresh its config, as sending signal does not
# block until caddy is refreshed # block until haproxy is refreshed
time.sleep(2) time.sleep(2)
@classmethod @classmethod
...@@ -989,15 +985,11 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -989,15 +985,11 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
def assertResponseHeaders( def assertResponseHeaders(
self, result, cached=False, via=True, backend_reached=True): self, result, cached=False, via=True, backend_reached=True):
headers = result.headers.copy() headers = result.headers.copy()
self.assertKeyWithPop('Date', headers) self.assertKeyWithPop('Content-Length', headers)
# drop vary-keys
headers.pop('Connection', None)
headers.pop('Content-Length', None)
headers.pop('Keep-Alive', None)
headers.pop('Transfer-Encoding', None)
if backend_reached: if backend_reached:
self.assertEqual('TestBackend', headers.pop('Server', '')) self.assertEqual('TestBackend', headers.pop('Server', ''))
self.assertKeyWithPop('Date', headers)
via_id = '%s-%s' % ( via_id = '%s-%s' % (
self.node_information_dict['node-id'], self.node_information_dict['node-id'],
...@@ -1047,17 +1039,9 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -1047,17 +1039,9 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
) )
self.assertEqual( self.assertEqual(
sorted([q['name'] for q in result.json()]), sorted([q['name'] for q in result.json()]),
['access.log', 'backend.log', 'error.log']) ['access.log', 'backend.log'])
self.assertEqual( # assert only for few tests, as logs are available for sure only
http.client.OK, # for few of them
requests.get(url + 'access.log', verify=False).status_code
)
self.assertEqual(
http.client.OK,
requests.get(url + 'error.log', verify=False).status_code
)
# assert only for few tests, as backend log is not available for many of
# them, as it's created on the fly
for test_name in [ for test_name in [
'test_url', 'test_auth_to_backend', 'test_compressed_result']: 'test_url', 'test_auth_to_backend', 'test_compressed_result']:
if self.id().endswith(test_name): if self.id().endswith(test_name):
...@@ -1065,6 +1049,10 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -1065,6 +1049,10 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
http.client.OK, http.client.OK,
requests.get(url + 'backend.log', verify=False).status_code requests.get(url + 'backend.log', verify=False).status_code
) )
self.assertEqual(
http.client.OK,
requests.get(url + 'access.log', verify=False).status_code
)
def assertKedifaKeysWithPop(self, parameter_dict, prefix=''): def assertKedifaKeysWithPop(self, parameter_dict, prefix=''):
generate_auth_url = parameter_dict.pop('%skey-generate-auth-url' % ( generate_auth_url = parameter_dict.pop('%skey-generate-auth-url' % (
...@@ -1229,13 +1217,13 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -1229,13 +1217,13 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
break break
@classmethod @classmethod
def waitForCaddy(cls): def waitForFrontend(cls):
def method(): def method():
fakeHTTPSResult( fakeHTTPSResult(
cls._ipv4_address, cls._ipv4_address,
'/', '/',
) )
cls.waitForMethod('waitForCaddy', method) cls.waitForMethod('waitForFrontend', method)
@classmethod @classmethod
def _cleanup(cls, snapshot_name): def _cleanup(cls, snapshot_name):
...@@ -1250,7 +1238,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -1250,7 +1238,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
os.environ.get( os.environ.get(
'SLAPOS_TEST_WORKING_DIR', 'SLAPOS_TEST_WORKING_DIR',
os.path.join(os.getcwd(), '.slapos'))), os.path.join(os.getcwd(), '.slapos'))),
'caddy-frontend-test') 'rapid-cdn-test')
if not os.path.isdir(cls.working_directory): if not os.path.isdir(cls.working_directory):
os.mkdir(cls.working_directory) os.mkdir(cls.working_directory)
...@@ -1282,7 +1270,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -1282,7 +1270,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
cls.software_path = os.path.realpath(os.path.join( cls.software_path = os.path.realpath(os.path.join(
cls.computer_partition_root_path, 'software_release')) cls.computer_partition_root_path, 'software_release'))
cls.setUpMaster() cls.setUpMaster()
cls.waitForCaddy() cls.waitForFrontend()
except BaseException: except BaseException:
cls.logger.exception("Error during setUpClass") cls.logger.exception("Error during setUpClass")
# "{}.{}.setUpClass".format(cls.__module__, cls.__name__) is already used # "{}.{}.setUpClass".format(cls.__module__, cls.__name__) is already used
...@@ -1450,10 +1438,16 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -1450,10 +1438,16 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
self.instance_path, '*', 'var', 'log', 'httpd', log_name self.instance_path, '*', 'var', 'log', 'httpd', log_name
))[0] ))[0]
with open(log_file) as fh: # sometimes logs appear with a bit of delay, so give it a chance
self.assertRegex( for _ in range(5):
fh.readlines()[-1], with open(log_file, 'r') as fh:
log_regexp) line = fh.readlines()[-1]
if re.match(log_regexp, line):
break
time.sleep(0.5)
self.assertRegex(
line,
log_regexp)
class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin): class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin):
...@@ -1646,7 +1640,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -1646,7 +1640,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT, 'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
'request-timeout': '12', 'request-timeout': '12',
} }
...@@ -1925,7 +1918,19 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -1925,7 +1918,19 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
}, },
'ciphers': { 'ciphers': {
'ciphers': 'RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA', 'ciphers': 'RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA',
} },
'ciphers-translation-all': {
# all ciphers from instance-master.cfg.in found in GOOD_CIPHER_LIST
# and keys of CIPHER_TRANSLATION_DICT in order to check translations
'ciphers':
'ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 '
'ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 '
'ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 '
'ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA '
'ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA '
'RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA '
'RSA-3DES-EDE-CBC-SHA',
},
} }
monitor_setup_url_key = 'monitor-setup-url' monitor_setup_url_key = 'monitor-setup-url'
...@@ -2095,15 +2100,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2095,15 +2100,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address, 'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '55', 'accepted-slave-amount': '56',
'rejected-slave-amount': '0', 'rejected-slave-amount': '0',
'slave-amount': '55', 'slave-amount': '56',
'rejected-slave-dict': { 'rejected-slave-dict': {
}, },
'warning-slave-dict': { 'warning-slave-dict': {
'_Url': [ '_Url': [
"slave url ' %(backend)s/?a=b&c= ' has been converted to " "slave url ' %(backend)s/?a=b&c= ' has been converted to "
"'%(backend)s/?a=b&c='" % {'backend': self.backend_url}]} "'%(backend)s/?a=b&c='" % {'backend': self.backend_url}],
'_ciphers': [
"Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
"Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'"],
'_ciphers-translation-all': [
"Cipher 'ECDHE-ECDSA-AES128-CBC-SHA' translated to "
"'ECDHE-ECDSA-AES128-SHA'",
"Cipher 'ECDHE-ECDSA-AES256-CBC-SHA' translated to "
"'ECDHE-ECDSA-AES256-SHA'",
"Cipher 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305' translated to "
"'ECDHE-ECDSA-CHACHA20-POLY1305'",
"Cipher 'ECDHE-RSA-3DES-EDE-CBC-SHA' translated to "
"'ECDHE-RSA-DES-CBC3-SHA'",
"Cipher 'ECDHE-RSA-AES128-CBC-SHA' translated to "
"'ECDHE-RSA-AES128-SHA'",
"Cipher 'ECDHE-RSA-AES256-CBC-SHA' translated to "
"'ECDHE-RSA-AES256-SHA'",
"Cipher 'ECDHE-RSA-WITH-CHACHA20-POLY1305' translated to "
"'ECDHE-RSA-CHACHA20-POLY1305'",
"Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
"Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'",
"Cipher 'RSA-AES256-CBC-SHA' translated to 'AES256-SHA'"]
}
} }
self.assertEqual( self.assertEqual(
...@@ -2163,11 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2163,11 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
expected_node_information expected_node_information
) )
def test_slave_partition_state(self):
partition_path = self.getSlavePartitionPath()
with open(os.path.join(partition_path, 'bin', 'caddy-wrapper')) as fh:
self.assertIn('-grace 2s', fh.read())
def test_monitor_conf(self): def test_monitor_conf(self):
monitor_conf_list = glob.glob( monitor_conf_list = glob.glob(
os.path.join( os.path.join(
...@@ -2249,25 +2272,23 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2249,25 +2272,23 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertFalse('connection-parameter-hash' in line) self.assertFalse('connection-parameter-hash' in line)
self.assertFalse('timestamp' in line) self.assertFalse('timestamp' in line)
def assertBackendHeaders( def assertRequestHeaders(
self, backend_header_dict, domain, source_ip=SOURCE_IP, port=HTTPS_PORT, self, header_dict, domain=None, source_ip=SOURCE_IP,
proto='https', ignore_header_list=None, cached=False): port=HTTPS_PORT, proto='https', cached=False):
if ignore_header_list is None: if domain is not None:
ignore_header_list = []
if 'Host' not in ignore_header_list:
self.assertEqual( self.assertEqual(
backend_header_dict['host'], header_dict['host'],
'%s:%s' % (domain, port)) '%s:%s' % (domain, port))
self.assertEqual( self.assertEqual(
backend_header_dict['x-forwarded-for'], header_dict['x-forwarded-for'],
source_ip source_ip
) )
self.assertEqual( self.assertEqual(
backend_header_dict['x-forwarded-port'], header_dict['x-forwarded-port'],
port port
) )
self.assertEqual( self.assertEqual(
backend_header_dict['x-forwarded-proto'], header_dict['x-forwarded-proto'],
proto proto
) )
via_id = '%s-%s' % ( via_id = '%s-%s' % (
...@@ -2281,7 +2302,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2281,7 +2302,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'http/1.1 rapid-cdn-cache-%(via_id)s' % dict(via_id=via_id), 'http/1.1 rapid-cdn-cache-%(via_id)s' % dict(via_id=via_id),
'HTTP/1.1 rapid-cdn-backend-%(via_id)s' % dict(via_id=via_id) 'HTTP/1.1 rapid-cdn-backend-%(via_id)s' % dict(via_id=via_id)
], ],
backend_header_dict['via'] header_dict['via']
) )
else: else:
self.assertEqual( self.assertEqual(
...@@ -2290,18 +2311,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2290,18 +2311,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'HTTP/1.1 rapid-cdn-frontend-%(via_id)s' % dict(via_id=via_id), 'HTTP/1.1 rapid-cdn-frontend-%(via_id)s' % dict(via_id=via_id),
'HTTP/1.1 rapid-cdn-backend-%(via_id)s' % dict(via_id=via_id) 'HTTP/1.1 rapid-cdn-backend-%(via_id)s' % dict(via_id=via_id)
], ],
backend_header_dict['via'] header_dict['via']
) )
def test_telemetry_disabled(self):
# here we trust that telemetry not present in error log means it was
# really disabled
error_log_file = glob.glob(
os.path.join(
self.instance_path, '*', 'var', 'log', 'frontend-error.log'))[0]
with open(error_log_file) as fh:
self.assertNotIn('Sending telemetry', fh.read(), 'Telemetry enabled')
def test_url(self): def test_url(self):
parameter_dict = self.assertSlaveBase( parameter_dict = self.assertSlaveBase(
'Url', 'Url',
...@@ -2336,7 +2348,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2336,7 +2348,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqual(j['Incoming Headers']['timeout'], '10') self.assertEqual(j['Incoming Headers']['timeout'], '10')
self.assertFalse('Content-Encoding' in headers) self.assertFalse('Content-Encoding' in headers)
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'secured=value;secure, nonsecured=value', 'secured=value;secure, nonsecured=value',
...@@ -2373,6 +2385,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2373,6 +2385,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
headers = self.assertResponseHeaders( headers = self.assertResponseHeaders(
result_http, via=False, backend_reached=False) result_http, via=False, backend_reached=False)
self.assertEqual( self.assertEqual(
'https://url.example.com:%s/test-path/deeper' % (HTTP_PORT,), 'https://url.example.com:%s/test-path/deeper' % (HTTP_PORT,),
headers['Location'] headers['Location']
...@@ -2396,6 +2409,19 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2396,6 +2409,19 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertIn("backend _Url-http\n", content) self.assertIn("backend _Url-http\n", content)
self.assertNotIn("backend _Url-https\n", content) self.assertNotIn("backend _Url-https\n", content)
# check out access via IPv6
out_ipv6, err_ipv6 = self._curl(
parameter_dict['domain'], self._ipv6_address, HTTPS_PORT)
try:
j = json.loads(out_ipv6.decode())
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (out_ipv6.decode(),))
self.assertEqual(
self._ipv6_address,
j['Incoming Headers']['x-forwarded-for']
)
def test_url_netloc_list(self): def test_url_netloc_list(self):
parameter_dict = self.assertSlaveBase('url-netloc-list') parameter_dict = self.assertSlaveBase('url-netloc-list')
result = fakeHTTPSResult(parameter_dict['domain'], 'path') result = fakeHTTPSResult(parameter_dict['domain'], 'path')
...@@ -2443,7 +2469,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2443,7 +2469,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqual(j['Incoming Headers']['timeout'], '10') self.assertEqual(j['Incoming Headers']['timeout'], '10')
self.assertFalse('Content-Encoding' in result.headers) self.assertFalse('Content-Encoding' in result.headers)
self.assertBackendHeaders( self.assertRequestHeaders(
j['Incoming Headers'], parameter_dict['domain']) j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
...@@ -2518,7 +2544,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2518,7 +2544,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqual(j['Incoming Headers']['timeout'], '10') self.assertEqual(j['Incoming Headers']['timeout'], '10')
self.assertFalse('Content-Encoding' in result.headers) self.assertFalse('Content-Encoding' in result.headers)
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'secured=value;secure, nonsecured=value', 'secured=value;secure, nonsecured=value',
...@@ -2607,40 +2633,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2607,40 +2633,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
} }
) )
self.assertEqual( self.assertNotIn('Content-Type', result.headers)
'text/xml; charset=utf-8',
result.headers['Content-Type']
)
@skip('Feature postponed')
def test_url_ipv6_access(self):
parameter_dict = self.parseSlaveParameterDict('url')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'url.example.com',
'replication_number': '1',
'url': 'http://url.example.com',
'site_url': 'http://url.example.com',
'secure_access': 'https://url.example.com',
},
parameter_dict
)
result_ipv6 = fakeHTTPSResult(
parameter_dict['domain'], self._ipv6_address, 'test-path',
source_ip=self._ipv6_address)
self.assertEqual(
self._ipv6_address,
result_ipv6.json()['Incoming Headers']['x-forwarded-for']
)
self.assertEqual(
self.certificate_pem,
der2pem(result_ipv6.peercert))
self.assertEqualResultJson(result_ipv6, 'Path', '/test-path')
def test_type_zope_path(self): def test_type_zope_path(self):
parameter_dict = self.assertSlaveBase('type-zope-path') parameter_dict = self.assertSlaveBase('type-zope-path')
...@@ -2749,7 +2742,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2749,7 +2742,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqual(j['Incoming Headers']['timeout'], '10') self.assertEqual(j['Incoming Headers']['timeout'], '10')
self.assertFalse('Content-Encoding' in result.headers) self.assertFalse('Content-Encoding' in result.headers)
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'secured=value;secure, nonsecured=value', 'secured=value;secure, nonsecured=value',
...@@ -3057,7 +3050,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3057,7 +3050,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -3076,7 +3069,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3076,7 +3069,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
self.assertEqual( self.assertEqual(
'https://typezope.example.com:%s/test-path/deep/.././deeper' % ( 'https://typezope.example.com:%s/test-path/deeper' % (
HTTP_PORT,), HTTP_PORT,),
result.headers['Location'] result.headers['Location']
) )
...@@ -3097,7 +3090,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3097,7 +3090,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -3132,7 +3125,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3132,7 +3125,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -3175,7 +3168,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3175,7 +3168,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -3195,7 +3188,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3195,7 +3188,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
self.assertEqual( self.assertEqual(
'https://%s:%s/test-path/deep/.././deeper' % ( 'https://%s:%s/test-path/deeper' % (
parameter_dict['domain'], HTTP_PORT), parameter_dict['domain'], HTTP_PORT),
result.headers['Location'] result.headers['Location']
) )
...@@ -3213,7 +3206,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3213,7 +3206,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -3236,7 +3229,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3236,7 +3229,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
self.assertEqual( self.assertEqual(
'https://%s:%s/test-path/deep/.././deeper' % ( 'https://%s:%s/test-path/deeper' % (
parameter_dict['domain'], HTTP_PORT), parameter_dict['domain'], HTTP_PORT),
result.headers['Location'] result.headers['Location']
) )
...@@ -3274,29 +3267,35 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3274,29 +3267,35 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
def test_type_notebook(self): def test_type_notebook(self):
# CDN's type:notebook in haproxy world is simply like type:websocket on
# default parameters, so test has been adapted
# generally, websocket is possible to be served on any path, which is
# haproxy default
parameter_dict = self.assertSlaveBase('type-notebook') parameter_dict = self.assertSlaveBase('type-notebook')
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['domain'], 'test-path',
'test-path', headers={'Connection': 'Upgrade'})
HTTPS_PORT)
self.assertEqual( self.assertEqual(
self.certificate_pem, self.certificate_pem,
der2pem(result.peercert)) der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(
result,
result = fakeHTTPSResult( 'Path',
parameter_dict['domain'], '/test-path'
'test/terminals/websocket/test', )
HTTPS_PORT) try:
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
self.certificate_pem, 'Upgrade',
der2pem(result.peercert)) j['Incoming Headers']['connection']
)
self.assertEqualResultJson(result, 'Path', '/terminals/websocket') self.assertTrue('x-real-ip' in j['Incoming Headers'])
self.assertFalse( self.assertFalse(
isHTTP2(parameter_dict['domain'])) isHTTP2(parameter_dict['domain']))
...@@ -3321,7 +3320,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3321,7 +3320,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -3351,10 +3350,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3351,10 +3350,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
parsed = urllib.parse.urlparse(self.backend_url) self.assertRequestHeaders(
self.assertBackendHeaders( j['Incoming Headers'], port='17', proto='irc')
j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
ignore_header_list=['Host'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -3386,8 +3383,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3386,8 +3383,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertTrue('x-real-ip' in j['Incoming Headers']) self.assertFalse('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], 'ws/test-path', parameter_dict['domain'], 'ws/test-path',
...@@ -3404,7 +3401,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3404,7 +3401,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -3426,7 +3423,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3426,7 +3423,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -3457,10 +3454,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3457,10 +3454,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
parsed = urllib.parse.urlparse(self.backend_url) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertBackendHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
ignore_header_list=['Host'])
self.assertFalse('x-real-ip' in j['Incoming Headers']) self.assertFalse('x-real-ip' in j['Incoming Headers'])
result = fakeHTTPSResult( result = fakeHTTPSResult(
...@@ -3478,9 +3472,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3478,9 +3472,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders( self.assertRequestHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc', j['Incoming Headers'], port='17', proto='irc')
ignore_header_list=['Host'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -3502,9 +3495,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3502,9 +3495,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders( self.assertRequestHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc', j['Incoming Headers'], port='17', proto='irc')
ignore_header_list=['Host'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -3532,6 +3524,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3532,6 +3524,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
result.headers['Location'] result.headers['Location']
) )
self.assertResponseHeaders(
result, via=False, backend_reached=False)
result = fakeHTTPResult( result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['domain'],
'test-path/deep/.././deeper') 'test-path/deep/.././deeper')
...@@ -3546,6 +3541,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3546,6 +3541,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
result.headers['Location'] result.headers['Location']
) )
self.assertResponseHeaders(
result, via=False, backend_reached=False)
def test_type_redirect_custom_domain(self): def test_type_redirect_custom_domain(self):
parameter_dict = self.assertSlaveBase( parameter_dict = self.assertSlaveBase(
'type-redirect-custom_domain', hostname='customdomaintyperedirect') 'type-redirect-custom_domain', hostname='customdomaintyperedirect')
...@@ -3568,6 +3566,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3568,6 +3566,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
result.headers['Location'] result.headers['Location']
) )
self.assertResponseHeaders(
result, via=False, backend_reached=False)
def test_ssl_proxy_verify_ssl_proxy_ca_crt_unverified(self): def test_ssl_proxy_verify_ssl_proxy_ca_crt_unverified(self):
parameter_dict = self.assertSlaveBase( parameter_dict = self.assertSlaveBase(
'ssl-proxy-verify_ssl_proxy_ca_crt-unverified') 'ssl-proxy-verify_ssl_proxy_ca_crt-unverified')
...@@ -3614,7 +3615,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3614,7 +3615,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain']) self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertFalse('Content-Encoding' in result.headers) self.assertFalse('Content-Encoding' in result.headers)
...@@ -3728,7 +3729,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3728,7 +3729,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
def test_ciphers(self): def test_ciphers(self):
parameter_dict = self.assertSlaveBase('ciphers') parameter_dict = self.assertSlaveBase(
'ciphers', expected_parameter_dict={
'warning-list': [
"Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
"Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'"]})
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path') parameter_dict['domain'], 'test-path')
...@@ -3754,12 +3759,73 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3754,12 +3759,73 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
configuration_file = glob.glob( configuration_file = glob.glob(
os.path.join( os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d', '_ciphers.conf' self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
))[0] ))[0]
with open(configuration_file) as fh: with open(configuration_file) as fh:
self.assertIn( self.assertTrue(
'ciphers RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA', '/_ciphers.pem [ciphers DES-CBC3-SHA:AES128-SHA '
fh.read()) in fh.read()
)
def test_ciphers_translation_all(self):
parameter_dict = self.assertSlaveBase(
'ciphers-translation-all', expected_parameter_dict={
'warning-list': [
"Cipher 'ECDHE-ECDSA-AES128-CBC-SHA' translated to "
"'ECDHE-ECDSA-AES128-SHA'",
"Cipher 'ECDHE-ECDSA-AES256-CBC-SHA' translated to "
"'ECDHE-ECDSA-AES256-SHA'",
"Cipher 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305' translated to "
"'ECDHE-ECDSA-CHACHA20-POLY1305'",
"Cipher 'ECDHE-RSA-3DES-EDE-CBC-SHA' translated to "
"'ECDHE-RSA-DES-CBC3-SHA'",
"Cipher 'ECDHE-RSA-AES128-CBC-SHA' translated to "
"'ECDHE-RSA-AES128-SHA'",
"Cipher 'ECDHE-RSA-AES256-CBC-SHA' translated to "
"'ECDHE-RSA-AES256-SHA'",
"Cipher 'ECDHE-RSA-WITH-CHACHA20-POLY1305' translated to "
"'ECDHE-RSA-CHACHA20-POLY1305'",
"Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
"Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'",
"Cipher 'RSA-AES256-CBC-SHA' translated to 'AES256-SHA'"]})
result = fakeHTTPSResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(http.client.SERVICE_UNAVAILABLE, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], 'test-path')
self.assertEqual(
http.client.FOUND,
result_http.status_code
)
self.assertEqual(
'https://cipherstranslationall.example.com:%s/test-path' % (HTTP_PORT,),
result_http.headers['Location']
)
configuration_file = glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
))[0]
with open(configuration_file) as fh:
self.assertTrue(
'/_ciphers.translation.all.pem [ciphers '
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:'
'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:'
'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:'
'ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:'
'ECDHE-ECDSA-AES128-SHA:AES256-SHA:AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:'
'DES-CBC3-SHA'
in fh.read()
)
def test_enable_cache_custom_domain(self): def test_enable_cache_custom_domain(self):
parameter_dict = self.assertSlaveBase( parameter_dict = self.assertSlaveBase(
...@@ -3788,7 +3854,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3788,7 +3854,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders( self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True) backend_headers, parameter_dict['domain'], cached=True)
def test_enable_cache_server_alias(self): def test_enable_cache_server_alias(self):
...@@ -3816,7 +3882,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3816,7 +3882,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders( self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True) backend_headers, parameter_dict['domain'], cached=True)
result = fakeHTTPResult( result = fakeHTTPResult(
...@@ -3899,7 +3965,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -3899,7 +3965,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders( self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True) backend_headers, parameter_dict['domain'], cached=True)
# BEGIN: Check that squid.log is correctly filled in # BEGIN: Check that squid.log is correctly filled in
...@@ -4038,7 +4104,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4038,7 +4104,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders( self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True) backend_headers, parameter_dict['domain'], cached=True)
# check stale-if-error support is really respected if not present in the # check stale-if-error support is really respected if not present in the
...@@ -4168,7 +4234,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4168,7 +4234,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders( self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True) backend_headers, parameter_dict['domain'], cached=True)
try: try:
...@@ -4202,7 +4268,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4202,7 +4268,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders( self.assertRequestHeaders(
backend_headers, parameter_dict['domain'], cached=True) backend_headers, parameter_dict['domain'], cached=True)
def test_enable_http2_false(self): def test_enable_http2_false(self):
...@@ -4223,6 +4289,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4223,6 +4289,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
{ {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'Set-Cookie': 'secured=value;secure, nonsecured=value', 'Set-Cookie': 'secured=value;secure, nonsecured=value',
'Connection': 'keep-alive',
}, },
headers headers
) )
...@@ -4247,6 +4314,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4247,6 +4314,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
{ {
'Content-type': 'application/json', 'Content-type': 'application/json',
'Set-Cookie': 'secured=value;secure, nonsecured=value', 'Set-Cookie': 'secured=value;secure, nonsecured=value',
'Connection': 'keep-alive',
}, },
headers headers
) )
...@@ -4269,7 +4337,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4269,7 +4337,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders( self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain']) result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
...@@ -4281,7 +4349,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4281,7 +4349,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders( self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain']) result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding']) 'deflate', result.json()['Incoming Headers']['accept-encoding'])
...@@ -4309,7 +4377,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4309,7 +4377,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders( self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'], result.json()['Incoming Headers'], parameter_dict['domain'],
port=HTTP_PORT, proto='http') port=HTTP_PORT, proto='http')
self.assertEqual( self.assertEqual(
...@@ -4322,7 +4390,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4322,7 +4390,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders( self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'], result.json()['Incoming Headers'], parameter_dict['domain'],
port=HTTP_PORT, proto='http') port=HTTP_PORT, proto='http')
self.assertEqual( self.assertEqual(
...@@ -4355,7 +4423,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4355,7 +4423,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders( self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain']) result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
...@@ -4367,7 +4435,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4367,7 +4435,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders( self.assertRequestHeaders(
result.json()['Incoming Headers'], parameter_dict['domain']) result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding']) 'deflate', result.json()['Incoming Headers']['accept-encoding'])
...@@ -4446,16 +4514,18 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4446,16 +4514,18 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
result.headers['Location'] result.headers['Location']
) )
def _curl(self, domain, ip, port, cookie): def _curl(self, domain, ip, port, cookie=None):
replacement_dict = dict( replacement_dict = dict(
domain=domain, ip=TEST_IP, port=HTTPS_PORT) domain=domain, ip=ip, port=port)
curl_command = [ curl_command = [
'curl', '-v', '-k', 'curl', '-v', '-k',
'-H', 'Host: %(domain)s' % replacement_dict, '-H', 'Host: %(domain)s' % replacement_dict,
'--resolve', '%(domain)s:%(port)s:%(ip)s' % replacement_dict, '--resolve', '%(domain)s:%(port)s:%(ip)s' % replacement_dict,
'--cookie', cookie,
'https://%(domain)s:%(port)s/' % replacement_dict,
] ]
if cookie is not None:
curl_command.extend(['--cookie', cookie])
curl_command.extend([
'https://%(domain)s:%(port)s/' % replacement_dict])
prc = subprocess.Popen( prc = subprocess.Popen(
curl_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE curl_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE
) )
...@@ -4466,37 +4536,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4466,37 +4536,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
curl_command, out, err)) curl_command, out, err))
return out, err return out, err
@expectedFailure
def test_disabled_cookie_list(self): def test_disabled_cookie_list(self):
parameter_dict = self.assertSlaveBase('disabled-cookie-list') parameter_dict = self.assertSlaveBase('disabled-cookie-list')
out, err = self._curl( out, err = self._curl(
parameter_dict['domain'], TEST_IP, HTTPS_PORT, parameter_dict['domain'], TEST_IP, HTTPS_PORT,
# Note: Cookie order is extremely important here, do not change # Note: Cookie order is extremely important here, do not change
# or test will start to pass incorrectly # or test will start to pass incorrectly
'Coconut=absent; Chocolate=absent; Coffee=present; Vanilia=absent', 'Tea=present; Coconut=absent; DarkChocolate=present; Chocolate=absent; '
'Coffee=present; Vanilia=absent; Water=present',
) )
# self check - were the cookies sent in required order? # self check - were the cookies sent in required order?
self.assertIn( self.assertIn(
'ookie: Coconut=absent; Chocolate=absent; Coffee=present; ' 'ookie: Tea=present; Coconut=absent; DarkChocolate=present; '
'Vanilia=absent', 'Chocolate=absent; Coffee=present; Vanilia=absent; Water=present',
err.decode()) err.decode())
# real test - all configured cookies are dropped # real test - all configured cookies are dropped
self.assertEqual( self.assertEqual(
'Coffee=present', json.loads(out)['Incoming Headers']['cookie']) 'Tea=present; DarkChocolate=present; Coffee=present; Water=present',
json.loads(out)['Incoming Headers']['cookie'])
def test_disabled_cookie_list_simple(self): def test_disabled_cookie_list_simple(self):
parameter_dict = self.assertSlaveBase('disabled-cookie-list') parameter_dict = self.assertSlaveBase('disabled-cookie-list-simple')
out, err = self._curl( out, err = self._curl(
parameter_dict['domain'], TEST_IP, HTTPS_PORT, parameter_dict['domain'], TEST_IP, HTTPS_PORT,
'WhiteChocolate=present; Chocolate=absent; Coffee=present', 'Chocolate=absent; Coffee=present',
) )
# self check - were the cookies sent in required order? # self check - were the cookies sent in required order?
self.assertIn( self.assertIn(
'ookie: WhiteChocolate=present; Chocolate=absent; Coffee=present', 'ookie: Chocolate=absent; Coffee=present',
err.decode()) err.decode())
# real test - all configured cookies are dropped # real test - all configured cookies are dropped
self.assertEqual( self.assertEqual(
'WhiteChocolate=present ; Coffee=present', 'Coffee=present',
json.loads(out)['Incoming Headers']['cookie']) json.loads(out)['Incoming Headers']['cookie'])
def test_https_url(self): def test_https_url(self):
...@@ -4515,7 +4586,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4515,7 +4586,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
result.headers['Strict-Transport-Security']) result.headers['Strict-Transport-Security'])
self.assertEqualResultJson(result, 'Path', '/https/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/https/test-path/deeper')
self.assertBackendHeaders( self.assertRequestHeaders(
result.json()['Incoming Headers'], result.json()['Incoming Headers'],
parameter_dict['domain']) parameter_dict['domain'])
...@@ -4545,6 +4616,30 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4545,6 +4616,30 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
timeout connect 10s timeout connect 10s
retries 5""" in content) retries 5""" in content)
def test_header_date(self):
# Precisely check out Date header behaviour
frontend = 'url_https-url'
parameter_dict = self.assertSlaveBase(frontend)
backend_url = self.getSlaveParameterDictDict()[
frontend]['https-url'].strip()
normal_path = 'normal'
with_date_path = 'with_date'
specific_date = 'Fri, 07 Dec 2001 00:00:00 GMT'
result_configure = requests.put(
backend_url + '/' + with_date_path, headers={
'X-Reply-Header-Date': specific_date
})
self.assertEqual(result_configure.status_code, http.client.CREATED)
result_normal = fakeHTTPSResult(parameter_dict['domain'], normal_path)
result_with_date = fakeHTTPSResult(
parameter_dict['domain'], with_date_path)
# Prove that Date header with value specific_date send by backend is NOT
# modified by the CDN, but some Date header is added, if backend sends non
self.assertEqual(result_with_date.headers['Date'], specific_date)
self.assertNotEqual(result_normal.headers['Date'], specific_date)
def test_https_url_netloc_list(self): def test_https_url_netloc_list(self):
parameter_dict = self.assertSlaveBase('https-url-netloc-list') parameter_dict = self.assertSlaveBase('https-url-netloc-list')
result = fakeHTTPSResult(parameter_dict['domain'], 'path') result = fakeHTTPSResult(parameter_dict['domain'], 'path')
...@@ -4651,17 +4746,21 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4651,17 +4746,21 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
parameter_dict['domain'], 'test-path') parameter_dict['domain'], 'test-path')
self.assertEqual(http.client.FOUND, result_http.status_code) self.assertEqual(http.client.FOUND, result_http.status_code)
# prove 2nd frontend by inspection of the instance # prove replication by asserting that slave ended up in both nodes
slave_configuration_name = '_replicate.conf' frontend_haproxy_cfg_list = glob.glob(
slave_configuration_file_list = [ os.path.join(self.instance_path, '*', 'etc', 'frontend-haproxy.cfg'))
'/'.join([f[0], slave_configuration_name]) for f in [ self.assertEqual(2, len(frontend_haproxy_cfg_list))
q for q in os.walk(self.instance_path) for frontend_haproxy_cfg in frontend_haproxy_cfg_list:
if slave_configuration_name in q[2] with open(frontend_haproxy_cfg) as fh:
] self.assertIn('backend _replicate-http', fh.read())
]
self.assertEqual( self.assertEqual(
2, len(slave_configuration_file_list), slave_configuration_file_list) 2,
len(
glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'frontend-haproxy.d',
'._replicate.htpasswd')))
)
class TestReplicateSlaveOtherDestroyed(SlaveHttpFrontendTestCase): class TestReplicateSlaveOtherDestroyed(SlaveHttpFrontendTestCase):
...@@ -4947,7 +5046,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster( ...@@ -4947,7 +5046,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT, 'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
} }
@classmethod @classmethod
...@@ -5106,7 +5204,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5106,7 +5204,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT, 'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
} }
@classmethod @classmethod
...@@ -5665,7 +5762,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate( ...@@ -5665,7 +5762,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT, 'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
} }
@classmethod @classmethod
...@@ -5761,7 +5857,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -5761,7 +5857,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT, 'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
'ciphers': 'ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384' 'ciphers': 'ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384'
} }
...@@ -5821,12 +5916,12 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -5821,12 +5916,12 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
configuration_file = glob.glob( configuration_file = glob.glob(
os.path.join( os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d', self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
'_default_ciphers.conf'
))[0] ))[0]
with open(configuration_file) as fh: with open(configuration_file) as fh:
self.assertIn( self.assertIn(
'ciphers ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384', '_default_ciphers.pem [ciphers '
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384 ',
fh.read()) fh.read())
def test_own_ciphers(self): def test_own_ciphers(self):
...@@ -5847,12 +5942,12 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -5847,12 +5942,12 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
configuration_file = glob.glob( configuration_file = glob.glob(
os.path.join( os.path.join(
self.instance_path, '*', 'etc', 'caddy-slave-conf.d', self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
'_own_ciphers.conf'
))[0] ))[0]
with open(configuration_file) as fh: with open(configuration_file) as fh:
self.assertIn( self.assertIn(
'ciphers ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256', '_own_ciphers.pem [ciphers '
'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 ',
fh.read()) fh.read())
...@@ -6470,7 +6565,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -6470,7 +6565,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT, 'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
'request-timeout': '12', 'request-timeout': '12',
} }
...@@ -6573,7 +6667,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6573,7 +6667,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'apache-key': self.key_pem, 'apache-key': self.key_pem,
'domain': 'example.com', 'domain': 'example.com',
'enable-http2-by-default': True, 'enable-http2-by-default': True,
'mpm-graceful-shutdown-timeout': 2,
're6st-verification-url': 're6st-verification-url', 're6st-verification-url': 're6st-verification-url',
'backend-connect-timeout': 2, 'backend-connect-timeout': 2,
'backend-connect-retries': 1, 'backend-connect-retries': 1,
...@@ -6665,12 +6758,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6665,12 +6758,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'domain': 'example.com', 'domain': 'example.com',
'enable-http2-by-default': 'True', 'enable-http2-by-default': 'True',
'extra_slave_instance_list': '[]', 'extra_slave_instance_list': '[]',
'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-1', 'frontend-name': 'caddy-frontend-1',
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8411, 'monitor-httpd-port': 8411,
'monitor-username': 'admin', 'monitor-username': 'admin',
'mpm-graceful-shutdown-timeout': '2',
'plain_http_port': '11080', 'plain_http_port': '11080',
'port': '11443', 'port': '11443',
'ram-cache-size': '512K', 'ram-cache-size': '512K',
...@@ -6691,12 +6785,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6691,12 +6785,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'domain': 'example.com', 'domain': 'example.com',
'enable-http2-by-default': 'True', 'enable-http2-by-default': 'True',
'extra_slave_instance_list': '[]', 'extra_slave_instance_list': '[]',
'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-2', 'frontend-name': 'caddy-frontend-2',
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8412, 'monitor-httpd-port': 8412,
'monitor-username': 'admin', 'monitor-username': 'admin',
'mpm-graceful-shutdown-timeout': '2',
'plain_http_port': '11080', 'plain_http_port': '11080',
'port': '11443', 'port': '11443',
'ram-cache-size': '256K', 'ram-cache-size': '256K',
...@@ -6717,12 +6812,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6717,12 +6812,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'domain': 'example.com', 'domain': 'example.com',
'enable-http2-by-default': 'True', 'enable-http2-by-default': 'True',
'extra_slave_instance_list': '[]', 'extra_slave_instance_list': '[]',
'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-3', 'frontend-name': 'caddy-frontend-3',
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8413, 'monitor-httpd-port': 8413,
'monitor-username': 'admin', 'monitor-username': 'admin',
'mpm-graceful-shutdown-timeout': '2',
'plain_http_port': '11080', 'plain_http_port': '11080',
'port': '11443', 'port': '11443',
're6st-verification-url': 're6st-verification-url', 're6st-verification-url': 're6st-verification-url',
...@@ -6765,7 +6861,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6765,7 +6861,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'full_address_list': [], 'full_address_list': [],
'instance_title': 'testing partition 0', 'instance_title': 'testing partition 0',
'kedifa_port': '15080', 'kedifa_port': '15080',
'mpm-graceful-shutdown-timeout': '2',
'plain_http_port': '11080', 'plain_http_port': '11080',
'port': '11443', 'port': '11443',
're6st-verification-url': 're6st-verification-url', 're6st-verification-url': 're6st-verification-url',
...@@ -6793,7 +6888,6 @@ class TestSlaveHealthCheck(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -6793,7 +6888,6 @@ class TestSlaveHealthCheck(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT, 'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
'request-timeout': '12', 'request-timeout': '12',
} }
...@@ -6930,7 +7024,7 @@ backend _health-check-custom-http ...@@ -6930,7 +7024,7 @@ backend _health-check-custom-http
retries 3 retries 3
server _health-check-custom-backend-http %s check inter 15s""" server _health-check-custom-backend-http %s check inter 15s"""
""" rise 3 fall 7 """ rise 3 fall 7
option httpchk POST /POST-path%%20to%%20be%%20encoded HTTP/1.0 option httpchk POST /POST-path%%%%20to%%%%20be%%%%20encoded HTTP/1.0
timeout check 7s""" % (backend,), timeout check 7s""" % (backend,),
'health-check-default': """\ 'health-check-default': """\
backend _health-check-default-http backend _health-check-default-http
......
...@@ -104,6 +104,8 @@ ...@@ -104,6 +104,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -106,6 +106,8 @@ ...@@ -106,6 +106,8 @@
"domain": "example.com", "domain": "example.com",
"enable-http2-by-default": "false", "enable-http2-by-default": "false",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -62,6 +62,8 @@ ...@@ -62,6 +62,8 @@
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"extra_slave_instance_list": "[]", "extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -15,8 +15,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -15,8 +15,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -25,8 +23,9 @@ T-2:bootstrap-monitor EXITED ...@@ -25,8 +23,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -30,14 +30,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -30,14 +30,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -60,6 +60,8 @@ ...@@ -60,6 +60,8 @@
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"extra_slave_instance_list": "[]", "extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -62,6 +62,8 @@ ...@@ -62,6 +62,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[]", "extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -76,6 +76,8 @@ ...@@ -76,6 +76,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,10 +7,7 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,10 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_default_access_log
T-2/var/log/httpd/_default_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -76,6 +76,8 @@ ...@@ -76,6 +76,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_default_access_log T-2/var/log/httpd/_default_access_log
T-2/var/log/httpd/_default_backend_log T-2/var/log/httpd/_default_backend_log
T-2/var/log/httpd/_default_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -80,6 +80,8 @@ ...@@ -80,6 +80,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
...@@ -117,6 +119,8 @@ ...@@ -117,6 +119,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-2", "frontend-name": "caddy-frontend-2",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_replicate_access_log T-2/var/log/httpd/_replicate_access_log
T-2/var/log/httpd/_replicate_backend_log T-2/var/log/httpd/_replicate_backend_log
T-2/var/log/httpd/_replicate_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
...@@ -19,10 +17,7 @@ T-2/var/log/slave-introspection-error.log ...@@ -19,10 +17,7 @@ T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log T-2/var/log/trafficserver/manager.log
T-3/var/log/backend-haproxy.log T-3/var/log/backend-haproxy.log
T-3/var/log/expose-csr.log T-3/var/log/expose-csr.log
T-3/var/log/frontend-access.log T-3/var/log/frontend-haproxy.log
T-3/var/log/frontend-error.log
T-3/var/log/httpd/_replicate_access_log
T-3/var/log/httpd/_replicate_error_log
T-3/var/log/monitor-httpd-access.log T-3/var/log/monitor-httpd-access.log
T-3/var/log/monitor-httpd-error.log T-3/var/log/monitor-httpd-error.log
T-3/var/log/slave-introspection-access.log T-3/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
...@@ -16,5 +18,6 @@ T-3/var/run/backend-haproxy.pid ...@@ -16,5 +18,6 @@ T-3/var/run/backend-haproxy.pid
T-3/var/run/backend_haproxy_configuration_last_state T-3/var/run/backend_haproxy_configuration_last_state
T-3/var/run/backend_haproxy_graceful_configuration_state_signature T-3/var/run/backend_haproxy_graceful_configuration_state_signature
T-3/var/run/graceful_configuration_state_signature T-3/var/run/graceful_configuration_state_signature
T-3/var/run/httpd.pid
T-3/var/run/slave_introspection_configuration_last_state T-3/var/run/slave_introspection_configuration_last_state
T-3/var/run/slave_introspection_graceful_configuration_state_signature T-3/var/run/slave_introspection_graceful_configuration_state_signature
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
...@@ -37,8 +36,6 @@ T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING ...@@ -37,8 +36,6 @@ T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED T-2:trafficserver-reload EXITED
T-3:6tunnel-11080-{hash-generic}-on-watch STOPPED
T-3:6tunnel-11443-{hash-generic}-on-watch STOPPED
T-3:backend-client-login-certificate-caucase-updater-on-watch STOPPED T-3:backend-client-login-certificate-caucase-updater-on-watch STOPPED
T-3:backend-haproxy-{hash-generic}-on-watch STOPPED T-3:backend-haproxy-{hash-generic}-on-watch STOPPED
T-3:backend-haproxy-rsyslogd-{hash-generic}-on-watch STOPPED T-3:backend-haproxy-rsyslogd-{hash-generic}-on-watch STOPPED
...@@ -47,8 +44,9 @@ T-3:bootstrap-monitor EXITED ...@@ -47,8 +44,9 @@ T-3:bootstrap-monitor EXITED
T-3:certificate_authority-{hash-generic}-on-watch STOPPED T-3:certificate_authority-{hash-generic}-on-watch STOPPED
T-3:crond-{hash-generic}-on-watch STOPPED T-3:crond-{hash-generic}-on-watch STOPPED
T-3:expose-csr-{hash-generic}-on-watch STOPPED T-3:expose-csr-{hash-generic}-on-watch STOPPED
T-3:frontend-caddy-safe-graceful EXITED T-3:frontend-haproxy-{hash-generic}-on-watch STOPPED
T-3:frontend_caddy-{hash-caddy-T-3}-on-watch STOPPED T-3:frontend-haproxy-rsyslogd-{hash-generic}-on-watch STOPPED
T-3:frontend-haproxy-safe-graceful EXITED
T-3:kedifa-login-certificate-caucase-updater-on-watch STOPPED T-3:kedifa-login-certificate-caucase-updater-on-watch STOPPED
T-3:kedifa-updater-{hash-generic}-on-watch STOPPED T-3:kedifa-updater-{hash-generic}-on-watch STOPPED
T-3:monitor-httpd-{hash-generic}-on-watch STOPPED T-3:monitor-httpd-{hash-generic}-on-watch STOPPED
......
...@@ -35,14 +35,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -35,14 +35,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
...@@ -60,14 +60,14 @@ T-3/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -60,14 +60,14 @@ T-3/etc/plugin/backend-haproxy-statistic-frontend.py
T-3/etc/plugin/backend_haproxy_http.py T-3/etc/plugin/backend_haproxy_http.py
T-3/etc/plugin/backend_haproxy_https.py T-3/etc/plugin/backend_haproxy_https.py
T-3/etc/plugin/buildout-T-3-status.py T-3/etc/plugin/buildout-T-3-status.py
T-3/etc/plugin/caddy_frontend_ipv4_http.py
T-3/etc/plugin/caddy_frontend_ipv4_https.py
T-3/etc/plugin/caddy_frontend_ipv6_http.py
T-3/etc/plugin/caddy_frontend_ipv6_https.py
T-3/etc/plugin/caucase-updater.py T-3/etc/plugin/caucase-updater.py
T-3/etc/plugin/check-free-disk-space.py T-3/etc/plugin/check-free-disk-space.py
T-3/etc/plugin/expose-csr-ip-port-listening.py T-3/etc/plugin/expose-csr-ip-port-listening.py
T-3/etc/plugin/frontend-caddy-configuration-promise.py T-3/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-3/etc/plugin/frontend_haproxy_ipv4_http.py
T-3/etc/plugin/frontend_haproxy_ipv4_https.py
T-3/etc/plugin/frontend_haproxy_ipv6_http.py
T-3/etc/plugin/frontend_haproxy_ipv6_https.py
T-3/etc/plugin/monitor-bootstrap-status.py T-3/etc/plugin/monitor-bootstrap-status.py
T-3/etc/plugin/monitor-http-frontend.py T-3/etc/plugin/monitor-http-frontend.py
T-3/etc/plugin/monitor-httpd-listening-on-tcp.py T-3/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -15,7 +15,6 @@ ...@@ -15,7 +15,6 @@
] ]
], ],
"kedifa_port": "15080", "kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"request-timeout": "12", "request-timeout": "12",
...@@ -435,6 +434,12 @@ ...@@ -435,6 +434,12 @@
"slap_software_type": "RootSoftwareInstance", "slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ciphers", "slave_reference": "_ciphers",
"slave_title": "_ciphers" "slave_title": "_ciphers"
},
{
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA RSA-3DES-EDE-CBC-SHA",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ciphers-translation-all",
"slave_title": "_ciphers-translation-all"
} }
], ],
"timestamp": "@@TIMESTAMP@@" "timestamp": "@@TIMESTAMP@@"
...@@ -476,6 +481,10 @@ ...@@ -476,6 +481,10 @@
"ciphers": "RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA", "ciphers": "RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA",
"slave_reference": "_ciphers" "slave_reference": "_ciphers"
}, },
{
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA RSA-3DES-EDE-CBC-SHA",
"slave_reference": "_ciphers-translation-all"
},
{ {
"custom_domain": "mycustomdomain.example.com", "custom_domain": "mycustomdomain.example.com",
"slave_reference": "_custom_domain", "slave_reference": "_custom_domain",
...@@ -777,7 +786,9 @@ ...@@ -777,7 +786,9 @@
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"authenticate-to-backend\": true, \"slave_reference\": \"_Url\", \"url\": \" http://@@_ipv4_address@@:@@_server_http_port@@//?a=b&c= \"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend-backend-ignore\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_auth-to-backend-not-configured\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"slave_reference\": \"_bad-backend\", \"url\": \"http://bad.backend/\"}, {\"ciphers\": \"RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA\", \"slave_reference\": \"_ciphers\"}, {\"custom_domain\": \"mycustomdomain.example.com\", \"slave_reference\": \"_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"mycustomdomainserveralias.example.com\", \"server-alias\": \"mycustomdomainserveralias1.example.com\", \"slave_reference\": \"_custom_domain_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"*.customdomain.example.com\", \"slave_reference\": \"_custom_domain_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Coconut Chocolate Vanilia\", \"slave_reference\": \"_disabled-cookie-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Chocolate\", \"slave_reference\": \"_disabled-cookie-list-simple\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_empty\"}, {\"slave_reference\": \"_enable-http2-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable-http2\": false, \"slave_reference\": \"_enable-http2-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_enable_cache\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-no-cache-request\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-no-cache-request\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-via-header\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-via-header\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"https-only\": false, \"slave_reference\": \"_enable_cache-https-only-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainenablecache.example.com\", \"enable_cache\": true, \"slave_reference\": \"_enable_cache_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"server-alias\": \"enablecacheserveralias1.example.com\", \"slave_reference\": \"_enable_cache_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"slave_reference\": \"_https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"https-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"slave_reference\": \"_https-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}, {\"monitor-ipv4-test\": \"monitor-ipv4-test\", \"slave_reference\": \"_monitor-ipv4-test\"}, {\"monitor-ipv6-test\": \"monitor-ipv6-test\", \"slave_reference\": \"_monitor-ipv6-test\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend-https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias1.example.com alias2.example.com\", \"slave_reference\": \"_server-alias\", \"strict-transport-security\": \"200\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias3.example.com\", \"slave_reference\": \"_server-alias-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"\", \"slave_reference\": \"_server-alias-empty\", \"strict-transport-security\": \"200\", \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"*.alias1.example.com\", \"slave_reference\": \"_server-alias-wildcard\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"alias4.example.com\", \"server-alias\": \"\", \"slave_reference\": \"_server-alias_custom_domain-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify-unverified\", \"ssl-proxy-verify\": true, \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@test_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@another_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"https-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"slave_reference\": \"_type-redirect\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomaintyperedirect.example.com\", \"slave_reference\": \"_type-redirect-custom_domain\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-websocket-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-zope\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"default-path\": \"///default-path/to/some/resource///\", \"slave_reference\": \"_type-zope-default-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"path\": \"///path/to/some/resource///\", \"slave_reference\": \"_type-zope-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend-https-only\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"slave_reference\": \"_type-zope-virtualhostroot-http-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-http-port\": \"12345\"}, {\"slave_reference\": \"_type-zope-virtualhostroot-https-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-https-port\": \"12345\"}, {\"slave_reference\": \"_url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\"}, {\"backend-connect-retries\": 5, \"backend-connect-timeout\": 10, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"request-timeout\": 15, \"slave_reference\": \"_url_https-url\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}]", "extra_slave_instance_list": "[{\"authenticate-to-backend\": true, \"slave_reference\": \"_Url\", \"url\": \" http://@@_ipv4_address@@:@@_server_http_port@@//?a=b&c= \"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend-backend-ignore\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_auth-to-backend-not-configured\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"slave_reference\": \"_bad-backend\", \"url\": \"http://bad.backend/\"}, {\"ciphers\": \"RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA\", \"slave_reference\": \"_ciphers\"}, {\"ciphers\": \"ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA RSA-3DES-EDE-CBC-SHA\", \"slave_reference\": \"_ciphers-translation-all\"}, {\"custom_domain\": \"mycustomdomain.example.com\", \"slave_reference\": \"_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"mycustomdomainserveralias.example.com\", \"server-alias\": \"mycustomdomainserveralias1.example.com\", \"slave_reference\": \"_custom_domain_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"*.customdomain.example.com\", \"slave_reference\": \"_custom_domain_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Coconut Chocolate Vanilia\", \"slave_reference\": \"_disabled-cookie-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Chocolate\", \"slave_reference\": \"_disabled-cookie-list-simple\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_empty\"}, {\"slave_reference\": \"_enable-http2-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable-http2\": false, \"slave_reference\": \"_enable-http2-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_enable_cache\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-no-cache-request\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-no-cache-request\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-via-header\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-via-header\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"https-only\": false, \"slave_reference\": \"_enable_cache-https-only-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainenablecache.example.com\", \"enable_cache\": true, \"slave_reference\": \"_enable_cache_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"server-alias\": \"enablecacheserveralias1.example.com\", \"slave_reference\": \"_enable_cache_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"slave_reference\": \"_https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"https-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"slave_reference\": \"_https-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}, {\"monitor-ipv4-test\": \"monitor-ipv4-test\", \"slave_reference\": \"_monitor-ipv4-test\"}, {\"monitor-ipv6-test\": \"monitor-ipv6-test\", \"slave_reference\": \"_monitor-ipv6-test\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend-https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias1.example.com alias2.example.com\", \"slave_reference\": \"_server-alias\", \"strict-transport-security\": \"200\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias3.example.com\", \"slave_reference\": \"_server-alias-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"\", \"slave_reference\": \"_server-alias-empty\", \"strict-transport-security\": \"200\", \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"*.alias1.example.com\", \"slave_reference\": \"_server-alias-wildcard\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"alias4.example.com\", \"server-alias\": \"\", \"slave_reference\": \"_server-alias_custom_domain-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify-unverified\", \"ssl-proxy-verify\": true, \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@test_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@another_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"https-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"slave_reference\": \"_type-redirect\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomaintyperedirect.example.com\", \"slave_reference\": \"_type-redirect-custom_domain\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-websocket-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-zope\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"default-path\": \"///default-path/to/some/resource///\", \"slave_reference\": \"_type-zope-default-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"path\": \"///path/to/some/resource///\", \"slave_reference\": \"_type-zope-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend-https-only\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"slave_reference\": \"_type-zope-virtualhostroot-http-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-http-port\": \"12345\"}, {\"slave_reference\": \"_type-zope-virtualhostroot-https-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-https-port\": \"12345\"}, {\"slave_reference\": \"_url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\"}, {\"backend-connect-retries\": 5, \"backend-connect-timeout\": 10, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"request-timeout\": 15, \"slave_reference\": \"_url_https-url\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
...@@ -785,11 +796,10 @@ ...@@ -785,11 +796,10 @@
"monitor-httpd-port": 8411, "monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"request-timeout": "12", "request-timeout": "12",
"slave-kedifa-information": "{\"_Url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-backend-ignore\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-not-configured\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@?auth=\"}, \"_bad-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@?auth=\"}, \"_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@?auth=\"}, \"_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@?auth=\"}, \"_custom_domain_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_custom_domain_wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list-simple\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@?auth=\"}, \"_empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@?auth=\"}, \"_enable-http2-default\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@?auth=\"}, \"_enable-http2-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-no-cache-request\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-via-header\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@?auth=\"}, \"_enable_cache-https-only-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@?auth=\"}, \"_enable_cache_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@?auth=\"}, \"_https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@?auth=\"}, \"_https-url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv4-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv6-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_server-alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@?auth=\"}, \"_server-alias-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@?auth=\"}, \"_server-alias-empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@?auth=\"}, \"_server-alias-wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@?auth=\"}, \"_server-alias_custom_domain-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@?auth=\"}, \"_type-notebook\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@?auth=\"}, \"_type-redirect\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@?auth=\"}, \"_type-redirect-custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@?auth=\"}, \"_type-websocket\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-zope\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@?auth=\"}, \"_type-zope-default-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-http-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-https-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@?auth=\"}, \"_url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_url_https-url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_Url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-backend-ignore\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-not-configured\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@?auth=\"}, \"_bad-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@?auth=\"}, \"_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@?auth=\"}, \"_ciphers-translation-all\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers-translation-all_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers-translation-all_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers-translation-all_key-generate-auth-url@@?auth=\"}, \"_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@?auth=\"}, \"_custom_domain_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_custom_domain_wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list-simple\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@?auth=\"}, \"_empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@?auth=\"}, \"_enable-http2-default\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@?auth=\"}, \"_enable-http2-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-no-cache-request\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-via-header\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@?auth=\"}, \"_enable_cache-https-only-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@?auth=\"}, \"_enable_cache_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@?auth=\"}, \"_https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@?auth=\"}, \"_https-url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv4-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv6-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_server-alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@?auth=\"}, \"_server-alias-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@?auth=\"}, \"_server-alias-empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@?auth=\"}, \"_server-alias-wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@?auth=\"}, \"_server-alias_custom_domain-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@?auth=\"}, \"_type-notebook\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@?auth=\"}, \"_type-redirect\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@?auth=\"}, \"_type-redirect-custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@?auth=\"}, \"_type-websocket\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-zope\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@?auth=\"}, \"_type-zope-default-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-http-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-https-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@?auth=\"}, \"_url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_url_https-url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@?auth=\"}}"
}, },
"full_address_list": [], "full_address_list": [],
"instance_title": "caddy-frontend-1", "instance_title": "caddy-frontend-1",
......
...@@ -7,166 +7,109 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,166 +7,109 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_Url_access_log T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_backend_log T-2/var/log/httpd/_Url_backend_log
T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_auth-to-backend-backend-ignore_access_log T-2/var/log/httpd/_auth-to-backend-backend-ignore_access_log
T-2/var/log/httpd/_auth-to-backend-backend-ignore_backend_log T-2/var/log/httpd/_auth-to-backend-backend-ignore_backend_log
T-2/var/log/httpd/_auth-to-backend-backend-ignore_error_log
T-2/var/log/httpd/_auth-to-backend-not-configured_access_log T-2/var/log/httpd/_auth-to-backend-not-configured_access_log
T-2/var/log/httpd/_auth-to-backend-not-configured_backend_log T-2/var/log/httpd/_auth-to-backend-not-configured_backend_log
T-2/var/log/httpd/_auth-to-backend-not-configured_error_log
T-2/var/log/httpd/_auth-to-backend_access_log T-2/var/log/httpd/_auth-to-backend_access_log
T-2/var/log/httpd/_auth-to-backend_backend_log T-2/var/log/httpd/_auth-to-backend_backend_log
T-2/var/log/httpd/_auth-to-backend_error_log
T-2/var/log/httpd/_bad-backend_access_log T-2/var/log/httpd/_bad-backend_access_log
T-2/var/log/httpd/_bad-backend_backend_log T-2/var/log/httpd/_bad-backend_backend_log
T-2/var/log/httpd/_bad-backend_error_log T-2/var/log/httpd/_ciphers-translation-all_access_log
T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
T-2/var/log/httpd/_custom_domain_backend_log T-2/var/log/httpd/_custom_domain_backend_log
T-2/var/log/httpd/_custom_domain_error_log
T-2/var/log/httpd/_custom_domain_server_alias_access_log T-2/var/log/httpd/_custom_domain_server_alias_access_log
T-2/var/log/httpd/_custom_domain_server_alias_backend_log T-2/var/log/httpd/_custom_domain_server_alias_backend_log
T-2/var/log/httpd/_custom_domain_server_alias_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
T-2/var/log/httpd/_custom_domain_wildcard_access_log
T-2/var/log/httpd/_custom_domain_wildcard_error_log
T-2/var/log/httpd/_disabled-cookie-list-simple_access_log T-2/var/log/httpd/_disabled-cookie-list-simple_access_log
T-2/var/log/httpd/_disabled-cookie-list-simple_backend_log T-2/var/log/httpd/_disabled-cookie-list-simple_backend_log
T-2/var/log/httpd/_disabled-cookie-list-simple_error_log
T-2/var/log/httpd/_disabled-cookie-list_access_log T-2/var/log/httpd/_disabled-cookie-list_access_log
T-2/var/log/httpd/_disabled-cookie-list_backend_log T-2/var/log/httpd/_disabled-cookie-list_backend_log
T-2/var/log/httpd/_disabled-cookie-list_error_log
T-2/var/log/httpd/_empty_access_log T-2/var/log/httpd/_empty_access_log
T-2/var/log/httpd/_empty_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_backend_log T-2/var/log/httpd/_enable-http2-default_backend_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_backend_log T-2/var/log/httpd/_enable-http2-false_backend_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable_cache-disable-no-cache-request_access_log T-2/var/log/httpd/_enable_cache-disable-no-cache-request_access_log
T-2/var/log/httpd/_enable_cache-disable-no-cache-request_backend_log T-2/var/log/httpd/_enable_cache-disable-no-cache-request_backend_log
T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
T-2/var/log/httpd/_enable_cache-disable-via-header_access_log T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log
T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
T-2/var/log/httpd/_enable_cache-https-only-false_access_log T-2/var/log/httpd/_enable_cache-https-only-false_access_log
T-2/var/log/httpd/_enable_cache-https-only-false_backend_log T-2/var/log/httpd/_enable_cache-https-only-false_backend_log
T-2/var/log/httpd/_enable_cache-https-only-false_error_log
T-2/var/log/httpd/_enable_cache_access_log T-2/var/log/httpd/_enable_cache_access_log
T-2/var/log/httpd/_enable_cache_backend_log T-2/var/log/httpd/_enable_cache_backend_log
T-2/var/log/httpd/_enable_cache_custom_domain_access_log T-2/var/log/httpd/_enable_cache_custom_domain_access_log
T-2/var/log/httpd/_enable_cache_custom_domain_backend_log T-2/var/log/httpd/_enable_cache_custom_domain_backend_log
T-2/var/log/httpd/_enable_cache_custom_domain_error_log
T-2/var/log/httpd/_enable_cache_error_log
T-2/var/log/httpd/_enable_cache_server_alias_access_log T-2/var/log/httpd/_enable_cache_server_alias_access_log
T-2/var/log/httpd/_enable_cache_server_alias_backend_log T-2/var/log/httpd/_enable_cache_server_alias_backend_log
T-2/var/log/httpd/_enable_cache_server_alias_error_log
T-2/var/log/httpd/_https-only_access_log T-2/var/log/httpd/_https-only_access_log
T-2/var/log/httpd/_https-only_backend_log T-2/var/log/httpd/_https-only_backend_log
T-2/var/log/httpd/_https-only_error_log
T-2/var/log/httpd/_https-url-netloc-list_access_log T-2/var/log/httpd/_https-url-netloc-list_access_log
T-2/var/log/httpd/_https-url-netloc-list_backend_log T-2/var/log/httpd/_https-url-netloc-list_backend_log
T-2/var/log/httpd/_https-url-netloc-list_error_log
T-2/var/log/httpd/_monitor-ipv4-test_access_log T-2/var/log/httpd/_monitor-ipv4-test_access_log
T-2/var/log/httpd/_monitor-ipv4-test_error_log
T-2/var/log/httpd/_monitor-ipv6-test_access_log T-2/var/log/httpd/_monitor-ipv6-test_access_log
T-2/var/log/httpd/_monitor-ipv6-test_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_backend_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_backend_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_server-alias-duplicated_access_log T-2/var/log/httpd/_server-alias-duplicated_access_log
T-2/var/log/httpd/_server-alias-duplicated_backend_log T-2/var/log/httpd/_server-alias-duplicated_backend_log
T-2/var/log/httpd/_server-alias-duplicated_error_log
T-2/var/log/httpd/_server-alias-empty_access_log T-2/var/log/httpd/_server-alias-empty_access_log
T-2/var/log/httpd/_server-alias-empty_backend_log T-2/var/log/httpd/_server-alias-empty_backend_log
T-2/var/log/httpd/_server-alias-empty_error_log
T-2/var/log/httpd/_server-alias-wildcard_access_log T-2/var/log/httpd/_server-alias-wildcard_access_log
T-2/var/log/httpd/_server-alias-wildcard_backend_log T-2/var/log/httpd/_server-alias-wildcard_backend_log
T-2/var/log/httpd/_server-alias-wildcard_error_log
T-2/var/log/httpd/_server-alias_access_log T-2/var/log/httpd/_server-alias_access_log
T-2/var/log/httpd/_server-alias_backend_log T-2/var/log/httpd/_server-alias_backend_log
T-2/var/log/httpd/_server-alias_custom_domain-duplicated_access_log T-2/var/log/httpd/_server-alias_custom_domain-duplicated_access_log
T-2/var/log/httpd/_server-alias_custom_domain-duplicated_backend_log T-2/var/log/httpd/_server-alias_custom_domain-duplicated_backend_log
T-2/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
T-2/var/log/httpd/_server-alias_error_log
T-2/var/log/httpd/_ssl-proxy-verify-unverified_access_log T-2/var/log/httpd/_ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd/_ssl-proxy-verify-unverified_backend_log T-2/var/log/httpd/_ssl-proxy-verify-unverified_backend_log
T-2/var/log/httpd/_ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_backend_log T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_backend_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_backend_log T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_backend_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_error_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
T-2/var/log/httpd/_ssl_ca_crt_only_access_log T-2/var/log/httpd/_ssl_ca_crt_only_access_log
T-2/var/log/httpd/_ssl_ca_crt_only_backend_log T-2/var/log/httpd/_ssl_ca_crt_only_backend_log
T-2/var/log/httpd/_ssl_ca_crt_only_error_log
T-2/var/log/httpd/_type-notebook_access_log T-2/var/log/httpd/_type-notebook_access_log
T-2/var/log/httpd/_type-notebook_backend_log T-2/var/log/httpd/_type-notebook_backend_log
T-2/var/log/httpd/_type-notebook_error_log
T-2/var/log/httpd/_type-redirect-custom_domain_access_log T-2/var/log/httpd/_type-redirect-custom_domain_access_log
T-2/var/log/httpd/_type-redirect-custom_domain_error_log
T-2/var/log/httpd/_type-redirect_access_log T-2/var/log/httpd/_type-redirect_access_log
T-2/var/log/httpd/_type-redirect_error_log
T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_access_log T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_access_log
T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_backend_log T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_backend_log
T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_error_log
T-2/var/log/httpd/_type-websocket-websocket-path-list_access_log T-2/var/log/httpd/_type-websocket-websocket-path-list_access_log
T-2/var/log/httpd/_type-websocket-websocket-path-list_backend_log T-2/var/log/httpd/_type-websocket-websocket-path-list_backend_log
T-2/var/log/httpd/_type-websocket-websocket-path-list_error_log
T-2/var/log/httpd/_type-websocket-websocket-transparent-false_access_log T-2/var/log/httpd/_type-websocket-websocket-transparent-false_access_log
T-2/var/log/httpd/_type-websocket-websocket-transparent-false_backend_log T-2/var/log/httpd/_type-websocket-websocket-transparent-false_backend_log
T-2/var/log/httpd/_type-websocket-websocket-transparent-false_error_log
T-2/var/log/httpd/_type-websocket_access_log T-2/var/log/httpd/_type-websocket_access_log
T-2/var/log/httpd/_type-websocket_backend_log T-2/var/log/httpd/_type-websocket_backend_log
T-2/var/log/httpd/_type-websocket_error_log
T-2/var/log/httpd/_type-zope-default-path_access_log T-2/var/log/httpd/_type-zope-default-path_access_log
T-2/var/log/httpd/_type-zope-default-path_backend_log
T-2/var/log/httpd/_type-zope-default-path_error_log
T-2/var/log/httpd/_type-zope-path_access_log T-2/var/log/httpd/_type-zope-path_access_log
T-2/var/log/httpd/_type-zope-path_backend_log T-2/var/log/httpd/_type-zope-path_backend_log
T-2/var/log/httpd/_type-zope-path_error_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_access_log T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_backend_log T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_backend_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_backend_log T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_backend_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log
T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_backend_log T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_backend_log
T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_error_log
T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_access_log T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_access_log
T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_backend_log T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_backend_log
T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_error_log
T-2/var/log/httpd/_type-zope_access_log T-2/var/log/httpd/_type-zope_access_log
T-2/var/log/httpd/_type-zope_backend_log T-2/var/log/httpd/_type-zope_backend_log
T-2/var/log/httpd/_type-zope_error_log
T-2/var/log/httpd/_url-netloc-list_access_log T-2/var/log/httpd/_url-netloc-list_access_log
T-2/var/log/httpd/_url-netloc-list_backend_log T-2/var/log/httpd/_url-netloc-list_backend_log
T-2/var/log/httpd/_url-netloc-list_error_log
T-2/var/log/httpd/_url_https-url_access_log T-2/var/log/httpd/_url_https-url_access_log
T-2/var/log/httpd/_url_https-url_backend_log T-2/var/log/httpd/_url_https-url_backend_log
T-2/var/log/httpd/_url_https-url_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,16 +34,16 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,16 +34,16 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -16,7 +16,6 @@ ...@@ -16,7 +16,6 @@
] ]
], ],
"kedifa_port": "15080", "kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"root_instance_title": "testing partition 0", "root_instance_title": "testing partition 0",
...@@ -93,6 +92,8 @@ ...@@ -93,6 +92,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"ciphers\": \"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256\", \"enable_cache\": true, \"slave_reference\": \"_own_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"ciphers\": \"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256\", \"enable_cache\": true, \"slave_reference\": \"_own_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
...@@ -100,7 +101,6 @@ ...@@ -100,7 +101,6 @@
"monitor-httpd-port": 8411, "monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"slave-kedifa-information": "{\"_default_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@?auth=\"}, \"_own_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_default_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@?auth=\"}, \"_own_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@?auth=\"}}"
......
...@@ -7,14 +7,11 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,14 +7,11 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_default_ciphers_access_log T-2/var/log/httpd/_default_ciphers_access_log
T-2/var/log/httpd/_default_ciphers_backend_log T-2/var/log/httpd/_default_ciphers_backend_log
T-2/var/log/httpd/_default_ciphers_error_log
T-2/var/log/httpd/_own_ciphers_access_log T-2/var/log/httpd/_own_ciphers_access_log
T-2/var/log/httpd/_own_ciphers_backend_log T-2/var/log/httpd/_own_ciphers_backend_log
T-2/var/log/httpd/_own_ciphers_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -34,16 +34,16 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,16 +34,16 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -15,7 +15,6 @@ ...@@ -15,7 +15,6 @@
] ]
], ],
"kedifa_port": "15080", "kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"request-timeout": "12", "request-timeout": "12",
...@@ -282,6 +281,8 @@ ...@@ -282,6 +281,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"health-check\": true, \"health-check-http-method\": \"CONNECT\", \"slave_reference\": \"_health-check-connect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-fall\": \"7\", \"health-check-http-method\": \"POST\", \"health-check-http-path\": \"/POST-path to be encoded\", \"health-check-http-version\": \"HTTP/1.0\", \"health-check-interval\": \"15\", \"health-check-rise\": \"3\", \"health-check-timeout\": \"7\", \"slave_reference\": \"_health-check-custom\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"slave_reference\": \"_health-check-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_health-check-disabled\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-authenticate-to-failover-backend\": true, \"health-check-failover-https-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url-auth-to-backend\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-auth-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-failover-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@test_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-missing\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-missing\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@another_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-unverified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-unverified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"health-check\": true, \"health-check-http-method\": \"CONNECT\", \"slave_reference\": \"_health-check-connect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-fall\": \"7\", \"health-check-http-method\": \"POST\", \"health-check-http-path\": \"/POST-path to be encoded\", \"health-check-http-version\": \"HTTP/1.0\", \"health-check-interval\": \"15\", \"health-check-rise\": \"3\", \"health-check-timeout\": \"7\", \"slave_reference\": \"_health-check-custom\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"slave_reference\": \"_health-check-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_health-check-disabled\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-authenticate-to-failover-backend\": true, \"health-check-failover-https-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url-auth-to-backend\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-auth-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-failover-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@test_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-missing\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-missing\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@another_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-unverified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-unverified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
...@@ -289,7 +290,6 @@ ...@@ -289,7 +290,6 @@
"monitor-httpd-port": 8411, "monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"request-timeout": "12", "request-timeout": "12",
......
...@@ -7,38 +7,27 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,38 +7,27 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_health-check-connect_access_log T-2/var/log/httpd/_health-check-connect_access_log
T-2/var/log/httpd/_health-check-connect_backend_log T-2/var/log/httpd/_health-check-connect_backend_log
T-2/var/log/httpd/_health-check-connect_error_log
T-2/var/log/httpd/_health-check-custom_access_log T-2/var/log/httpd/_health-check-custom_access_log
T-2/var/log/httpd/_health-check-custom_backend_log T-2/var/log/httpd/_health-check-custom_backend_log
T-2/var/log/httpd/_health-check-custom_error_log
T-2/var/log/httpd/_health-check-default_access_log T-2/var/log/httpd/_health-check-default_access_log
T-2/var/log/httpd/_health-check-default_backend_log T-2/var/log/httpd/_health-check-default_backend_log
T-2/var/log/httpd/_health-check-default_error_log
T-2/var/log/httpd/_health-check-disabled_access_log T-2/var/log/httpd/_health-check-disabled_access_log
T-2/var/log/httpd/_health-check-disabled_backend_log T-2/var/log/httpd/_health-check-disabled_backend_log
T-2/var/log/httpd/_health-check-disabled_error_log
T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_access_log T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_access_log
T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_backend_log T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_backend_log
T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_error_log
T-2/var/log/httpd/_health-check-failover-url-netloc-list_access_log T-2/var/log/httpd/_health-check-failover-url-netloc-list_access_log
T-2/var/log/httpd/_health-check-failover-url-netloc-list_backend_log T-2/var/log/httpd/_health-check-failover-url-netloc-list_backend_log
T-2/var/log/httpd/_health-check-failover-url-netloc-list_error_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_access_log T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_access_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_backend_log T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_backend_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_error_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_access_log T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_access_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_backend_log T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_backend_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_error_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_access_log T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_backend_log T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_backend_log
T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd/_health-check-failover-url_access_log T-2/var/log/httpd/_health-check-failover-url_access_log
T-2/var/log/httpd/_health-check-failover-url_backend_log T-2/var/log/httpd/_health-check-failover-url_backend_log
T-2/var/log/httpd/_health-check-failover-url_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -15,7 +15,6 @@ ...@@ -15,7 +15,6 @@
] ]
], ],
"kedifa_port": "15080", "kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"request-timeout": "12", "request-timeout": "12",
...@@ -90,6 +89,8 @@ ...@@ -90,6 +89,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"custom_domain\": \"*.alias1.example.com\", \"slave_reference\": \"_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/wildcard\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/zspecific\"}]", "extra_slave_instance_list": "[{\"custom_domain\": \"*.alias1.example.com\", \"slave_reference\": \"_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/wildcard\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/zspecific\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
...@@ -97,7 +98,6 @@ ...@@ -97,7 +98,6 @@
"monitor-httpd-port": 8411, "monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"request-timeout": "12", "request-timeout": "12",
......
...@@ -7,14 +7,11 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,14 +7,11 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_wildcard_access_log T-2/var/log/httpd/_wildcard_access_log
T-2/var/log/httpd/_wildcard_backend_log T-2/var/log/httpd/_wildcard_backend_log
T-2/var/log/httpd/_wildcard_error_log
T-2/var/log/httpd/_zspecific_access_log T-2/var/log/httpd/_zspecific_access_log
T-2/var/log/httpd/_zspecific_backend_log T-2/var/log/httpd/_zspecific_backend_log
T-2/var/log/httpd/_zspecific_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -17,7 +17,6 @@ ...@@ -17,7 +17,6 @@
] ]
], ],
"kedifa_port": "15080", "kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"root_instance_title": "testing partition 0", "root_instance_title": "testing partition 0",
...@@ -241,6 +240,8 @@ ...@@ -241,6 +240,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"ssl_crt\": \"@@customdomain_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@customdomain_ca_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@certificate_pem_double@@\", \"ssl_key\": \"@@key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"ssl_ca_crt\": \"some garbage\", \"ssl_crt\": \"@@sslcacrtgarbage_ca_certificate_pem_double@@\", \"ssl_key\": \"@@sslcacrtgarbage_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_master_kedifa_overrides\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave\", \"ssl_crt\": \"@@ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master_kedifa_overrides\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"ssl_crt\": \"@@customdomain_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@customdomain_ca_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@certificate_pem_double@@\", \"ssl_key\": \"@@key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"ssl_ca_crt\": \"some garbage\", \"ssl_crt\": \"@@sslcacrtgarbage_ca_certificate_pem_double@@\", \"ssl_key\": \"@@sslcacrtgarbage_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_master_kedifa_overrides\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave\", \"ssl_crt\": \"@@ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master_kedifa_overrides\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
...@@ -248,7 +249,6 @@ ...@@ -248,7 +249,6 @@
"monitor-httpd-port": 8411, "monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"slave-kedifa-information": "{\"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}}"
......
...@@ -7,44 +7,31 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,44 +7,31 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
T-2/var/log/httpd/_ssl_from_master_access_log T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_backend_log T-2/var/log/httpd/_ssl_from_master_backend_log
T-2/var/log/httpd/_ssl_from_master_error_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_access_log T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_backend_log T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_backend_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_error_log
T-2/var/log/httpd/_ssl_from_slave_access_log T-2/var/log/httpd/_ssl_from_slave_access_log
T-2/var/log/httpd/_ssl_from_slave_backend_log T-2/var/log/httpd/_ssl_from_slave_backend_log
T-2/var/log/httpd/_ssl_from_slave_error_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_access_log T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_access_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_backend_log T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_backend_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_access_log T-2/var/log/httpd/_type-notebook-ssl_from_master_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_backend_log T-2/var/log/httpd/_type-notebook-ssl_from_master_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_access_log T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_backend_log T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_access_log T-2/var/log/httpd/_type-notebook-ssl_from_slave_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_backend_log T-2/var/log/httpd/_type-notebook-ssl_from_slave_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_access_log T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_backend_log T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_backend_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -17,7 +17,6 @@ ...@@ -17,7 +17,6 @@
] ]
], ],
"kedifa_port": "15080", "kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"root_instance_title": "testing partition 0", "root_instance_title": "testing partition 0",
...@@ -81,6 +80,8 @@ ...@@ -81,6 +80,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
...@@ -88,7 +89,6 @@ ...@@ -88,7 +89,6 @@
"monitor-httpd-port": 8411, "monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}"
......
...@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_backend_log T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_backend_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -17,7 +17,6 @@ ...@@ -17,7 +17,6 @@
] ]
], ],
"kedifa_port": "15080", "kedifa_port": "15080",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"root_instance_title": "testing partition 0", "root_instance_title": "testing partition 0",
...@@ -81,6 +80,8 @@ ...@@ -81,6 +80,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
...@@ -88,7 +89,6 @@ ...@@ -88,7 +89,6 @@
"monitor-httpd-port": 8411, "monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"mpm-graceful-shutdown-timeout": "2",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}"
......
...@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_ssl_from_master_access_log T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_backend_log T-2/var/log/httpd/_ssl_from_master_backend_log
T-2/var/log/httpd/_ssl_from_master_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -13,6 +13,7 @@ extends = ...@@ -13,6 +13,7 @@ extends =
../../component/python-mysqlclient/buildout.cfg ../../component/python-mysqlclient/buildout.cfg
../../component/python-pynacl/buildout.cfg ../../component/python-pynacl/buildout.cfg
../../component/python-backports-lzma/buildout.cfg ../../component/python-backports-lzma/buildout.cfg
../../component/selenium/buildout.cfg
../../stack/slapos.cfg ../../stack/slapos.cfg
../../stack/nxdtest.cfg ../../stack/nxdtest.cfg
...@@ -41,11 +42,6 @@ setup = ${slapos-repository:location}/ ...@@ -41,11 +42,6 @@ setup = ${slapos-repository:location}/
egg = slapos.test.backupserver egg = slapos.test.backupserver
setup = ${slapos-repository:location}/software/backupserver/test/ setup = ${slapos-repository:location}/software/backupserver/test/
[slapos.test.caddy-frontend-setup]
<= setup-develop-egg
egg = slapos.test.caddy-frontend
setup = ${slapos-repository:location}/software/caddy-frontend/test/
[slapos.test.dufs-setup] [slapos.test.dufs-setup]
<= setup-develop-egg <= setup-develop-egg
egg = slapos.test.dufs egg = slapos.test.dufs
...@@ -101,6 +97,11 @@ setup = ${slapos-repository:location}/software/powerdns/test/ ...@@ -101,6 +97,11 @@ setup = ${slapos-repository:location}/software/powerdns/test/
egg = slapos.test.proftpd egg = slapos.test.proftpd
setup = ${slapos-repository:location}/software/proftpd/test/ setup = ${slapos-repository:location}/software/proftpd/test/
[slapos.test.rapid-cdn-setup]
<= setup-develop-egg
egg = slapos.test.rapid-cdn
setup = ${slapos-repository:location}/software/rapid-cdn/test/
[slapos.test.re6stnet-setup] [slapos.test.re6stnet-setup]
<= setup-develop-egg <= setup-develop-egg
egg = slapos.test.re6stnet egg = slapos.test.re6stnet
...@@ -296,12 +297,12 @@ eggs += ...@@ -296,12 +297,12 @@ eggs +=
${backports.lzma:egg} ${backports.lzma:egg}
${bcrypt:egg} ${bcrypt:egg}
${psycopg2:egg} ${psycopg2:egg}
${selenium:egg}
slapos.libnetworkcache slapos.libnetworkcache
supervisor supervisor
${slapos.cookbook-setup:egg} ${slapos.cookbook-setup:egg}
${slapos.test.backupserver-setup:egg} ${slapos.test.backupserver-setup:egg}
${slapos.test.beremiz-ide-setup:egg} ${slapos.test.beremiz-ide-setup:egg}
${slapos.test.caddy-frontend-setup:egg}
${slapos.test.caucase-setup:egg} ${slapos.test.caucase-setup:egg}
${slapos.test.cloudooo-setup:egg} ${slapos.test.cloudooo-setup:egg}
${slapos.test.dream-setup:egg} ${slapos.test.dream-setup:egg}
...@@ -330,6 +331,7 @@ eggs += ...@@ -330,6 +331,7 @@ eggs +=
${slapos.test.plantuml-setup:egg} ${slapos.test.plantuml-setup:egg}
${slapos.test.powerdns-setup:egg} ${slapos.test.powerdns-setup:egg}
${slapos.test.proftpd-setup:egg} ${slapos.test.proftpd-setup:egg}
${slapos.test.rapid-cdn-setup:egg}
${slapos.test.re6stnet-setup:egg} ${slapos.test.re6stnet-setup:egg}
${slapos.test.repman-setup:egg} ${slapos.test.repman-setup:egg}
${slapos.test.restic_rest_server-setup:egg} ${slapos.test.restic_rest_server-setup:egg}
...@@ -389,7 +391,6 @@ tests = ...@@ -389,7 +391,6 @@ tests =
json-schemas ${slapos.cookbook-setup:setup} json-schemas ${slapos.cookbook-setup:setup}
backupserver ${slapos.test.backupserver-setup:setup} backupserver ${slapos.test.backupserver-setup:setup}
beremiz-ide ${slapos.test.beremiz-ide-setup:setup} beremiz-ide ${slapos.test.beremiz-ide-setup:setup}
caddy-frontend ${slapos.test.caddy-frontend-setup:setup}
caucase ${slapos.test.caucase-setup:setup} caucase ${slapos.test.caucase-setup:setup}
cloudooo ${slapos.test.cloudooo-setup:setup} cloudooo ${slapos.test.cloudooo-setup:setup}
dream ${slapos.test.dream-setup:setup} dream ${slapos.test.dream-setup:setup}
...@@ -421,6 +422,7 @@ tests = ...@@ -421,6 +422,7 @@ tests =
plantuml ${slapos.test.plantuml-setup:setup} plantuml ${slapos.test.plantuml-setup:setup}
powerdns ${slapos.test.powerdns-setup:setup} powerdns ${slapos.test.powerdns-setup:setup}
proftpd ${slapos.test.proftpd-setup:setup} proftpd ${slapos.test.proftpd-setup:setup}
rapid-cdn ${slapos.test.rapid-cdn-setup:setup}
re6stnet ${slapos.test.re6stnet-setup:setup} re6stnet ${slapos.test.re6stnet-setup:setup}
repman ${slapos.test.repman-setup:setup} repman ${slapos.test.repman-setup:setup}
restic-rest-server ${slapos.test.restic_rest_server-setup:setup} restic-rest-server ${slapos.test.restic_rest_server-setup:setup}
...@@ -443,7 +445,6 @@ image = 1.5.25 ...@@ -443,7 +445,6 @@ image = 1.5.25
plantuml = 0.3.0:whl plantuml = 0.3.0:whl
pysftp = 0.2.9 pysftp = 0.2.9
requests-toolbelt = 0.8.0 requests-toolbelt = 0.8.0
selenium = 3.141.0
testfixtures = 6.11.0 testfixtures = 6.11.0
mysqlclient = 2.1.1 mysqlclient = 2.1.1
pexpect = 4.8.0 pexpect = 4.8.0
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
[instance-theia] [instance-theia]
_update_hash_filename_ = instance-theia.cfg.jinja.in _update_hash_filename_ = instance-theia.cfg.jinja.in
md5sum = bd79a9e6306b321414b9f83524308e5f md5sum = 937f8ebdfa8112aafe11235a23fb85a9
[instance] [instance]
_update_hash_filename_ = instance.cfg.in _update_hash_filename_ = instance.cfg.in
......
...@@ -13,7 +13,9 @@ theia-environment-parts = ...@@ -13,7 +13,9 @@ theia-environment-parts =
settings.json settings.json
theia-parts = theia-parts =
frontend-reload frontend-instance
frontend-instance-rsyslogd
python-server
promises promises
parts = parts =
...@@ -90,11 +92,13 @@ recipe = ...@@ -90,11 +92,13 @@ recipe =
instance-promises = instance-promises =
$${theia-listen-promise:name} $${theia-listen-promise:name}
$${frontend-listen-promise:name} $${frontend-listen-promise:name}
$${python-server-listen-promise:name}
$${frontend-authentication-promise:name} $${frontend-authentication-promise:name}
$${remote-frontend-url-available-promise:name} $${remote-frontend-url-available-promise:name}
{% if additional_frontend %} {% if additional_frontend %}
$${remote-additional-frontend-url-available-promise:name} $${remote-additional-frontend-url-available-promise:name}
{% endif %} {% endif %}
$${frontend-instance-rsyslogd-promise:name}
$${slapos-standalone-listen-promise:name} $${slapos-standalone-listen-promise:name}
$${slapos-standalone-ready-promise:name} $${slapos-standalone-ready-promise:name}
$${slapos-autorun-promise:name} $${slapos-autorun-promise:name}
...@@ -116,6 +120,13 @@ name = $${:_buildout_section_name_}.py ...@@ -116,6 +120,13 @@ name = $${:_buildout_section_name_}.py
config-host = $${frontend-instance:ip} config-host = $${frontend-instance:ip}
config-port = $${frontend-instance:port} config-port = $${frontend-instance:port}
[python-server-listen-promise]
<= monitor-promise-base
promise = check_socket_listening
name = $${:_buildout_section_name_}.py
config-host = $${python-server-port:ip}
config-port = $${python-server-port:port}
[frontend-authentication-promise] [frontend-authentication-promise]
<= monitor-promise-base <= monitor-promise-base
promise = check_url_available promise = check_url_available
...@@ -142,6 +153,12 @@ config-url = $${remote-additional-frontend:connection-secure_access} ...@@ -142,6 +153,12 @@ config-url = $${remote-additional-frontend:connection-secure_access}
config-http-code = 401 config-http-code = 401
{% endif %} {% endif %}
[frontend-instance-rsyslogd-promise]
<= monitor-promise-base
promise = check_command_execute
name = rsyslogd_listen_promise.py
config-command = test -S $${frontend-instance-rsyslogd-config:log-socket}
[slapos-standalone-listen-promise] [slapos-standalone-listen-promise]
<= monitor-promise-base <= monitor-promise-base
promise = check_socket_listening promise = check_socket_listening
...@@ -207,7 +224,7 @@ sla-instance_guid = {{ parameter_dict['additional-frontend-guid'] }} ...@@ -207,7 +224,7 @@ sla-instance_guid = {{ parameter_dict['additional-frontend-guid'] }}
{% endif %} {% endif %}
# Local Caddy Frontend # Local Haproxy Frontend
# -------------------- # --------------------
[frontend-instance-password] [frontend-instance-password]
...@@ -215,6 +232,39 @@ recipe = slapos.cookbook:generate.password ...@@ -215,6 +232,39 @@ recipe = slapos.cookbook:generate.password
username = admin username = admin
storage-path = $${buildout:parts-directory}/.$${:_buildout_section_name_} storage-path = $${buildout:parts-directory}/.$${:_buildout_section_name_}
[frontend-instance-rsyslogd-config]
recipe = slapos.recipe.template
output = $${directory:etc}/$${:_buildout_section_name_}
log-file = $${directory:log}/frontend-instance.log
log-socket = $${directory:run}/rsyslog.sock
pidfile = $${directory:pidfiles}/rsyslogd.pid
inline =
module(
load="imuxsock"
SysSock.Name="$${:log-socket}")
# Just simply output the raw line without any additional information, as
# haproxy emits enough information by itself
# Also cut out first empty space in msg, which is related to rsyslogd
# internal and end up cutting on 8k, as it's default of $MaxMessageSize
template(name="rawoutput" type="string" string="%msg:2:8192%\n")
$ActionFileDefaultTemplate rawoutput
$FileCreateMode 0600
$DirCreateMode 0700
$Umask 0022
$WorkDirectory $${directory:run}
*.* $${:log-file};rawoutput
[frontend-instance-rsyslogd]
recipe = slapos.cookbook:wrapper
command-line = ${rsyslogd:location}/sbin/rsyslogd -i $${frontend-instance-rsyslogd-config:pidfile} -n -f $${frontend-instance-rsyslogd-config:output}
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
hash-files = $${frontend-instance-rsyslogd-config:output}
[frontend-instance-port] [frontend-instance-port]
recipe = slapos.cookbook:free_port recipe = slapos.cookbook:free_port
minimum = 3000 minimum = 3000
...@@ -224,61 +274,83 @@ ip = {{ ipv6_random }} ...@@ -224,61 +274,83 @@ ip = {{ ipv6_random }}
[frontend-instance-certificate] [frontend-instance-certificate]
recipe = plone.recipe.command recipe = plone.recipe.command
command = command =
if [ ! -e $${:key-file} ] if [ ! -e $${:cert-file} ]
then then
${openssl-output:openssl} req -x509 -nodes -days 3650 \ ${openssl-output:openssl} req -x509 -nodes -days 3650 \
-subj "/C=AA/ST=X/L=X/O=Dis/CN=$${:common-name}" \ -subj "/C=AA/ST=X/L=X/O=Dis/CN=$${:common-name}" \
-newkey rsa:1024 -keyout $${:key-file} \ -newkey rsa:1024 -keyout $${:cert-file} \
-out $${:cert-file} -out $${:cert-file}
fi fi
update-command = $${:command} update-command = $${:command}
key-file = $${directory:etc}/$${:_buildout_section_name_}.key cert-file = $${directory:etc}/$${:_buildout_section_name_}.pem
cert-file = $${directory:etc}/$${:_buildout_section_name_}.crt
common-name = $${frontend-instance-config:ip} common-name = $${frontend-instance-config:ip}
location = location =
$${:key-file}
$${:cert-file} $${:cert-file}
[frontend-instance-config] [frontend-instance-config]
recipe = slapos.recipe.template recipe = slapos.recipe.template
output = $${directory:etc}/$${:_buildout_section_name_} output = $${directory:etc}/$${:_buildout_section_name_}
blankline =
inline = inline =
:$${:port} { global
bind $${:ip} maxconn 4096
tls $${frontend-instance-certificate:cert-file} $${frontend-instance-certificate:key-file} master-worker
log stdout pidfile $${frontend-instance:pidfile}
errors stderr log $${frontend-instance-rsyslogd-config:log-socket} local0 info
gzip
# because caddy does not support upgrade http2 to websocket defaults
# https://tools.ietf.org/html/rfc8441 log global
tls { option httplog
alpn http/1.1 mode http
} retries 1
root $${directory:frontend-static} option redispatch
browse maxconn 2000
proxy / $${theia-instance:base-url} { balance roundrobin
except $${frontend-instance-fonts:folder-name} $${frontend-instance-slapos.css:folder-name} public $${favicon.ico:filename} $${frontend-instance-logo:filename} timeout connect 10s
} timeout queue 60s
proxy /services $${theia-instance:base-url} { timeout server 305s
websocket timeout client 305s
}
proxy /socket.io $${theia-instance:base-url} { # compress some content types
websocket compression algo gzip
} compression type application/font-woff application/font-woff2 application/hal+json application/javascript application/json application/rss+xml application/wasm application/x-font-opentype application/x-font-ttf application/x-javascript application/xml image/svg+xml text/cache-manifest text/css text/html text/javascript text/plain text/xml
basicauth $${frontend-instance-password:username} $${frontend-instance-password:passwd} {
realm "Theia"
/ userlist basic-auth-list
} user $${frontend-instance-password:username} insecure-password $${frontend-instance-password:passwd}
}
frontend app
log global
bind $${:ip}:$${:port} ssl crt $${frontend-instance-certificate:cert-file} alpn h2,http/1.1
# writing twice the same ACL is doing OR
acl is_public path_beg /public/
acl is_public path /$${favicon.ico:filename}
acl auth_ok http_auth(basic-auth-list)
# No authentication for public folder
http-request auth unless auth_ok || is_public
use_backend static if { path_beg /$${frontend-instance-fonts:folder-name} } || { path_beg /$${frontend-instance-slapos.css:folder-name} } || { path /$${frontend-instance-logo:filename} } || is_public
default_backend nodejs
backend nodejs
log global
server nodejs_backend $${theia-instance:ip}:$${theia-instance:port}
backend static
log global
server static_backend $${python-server-port:ip}:$${python-server-port:port}
$${:blankline}
ip = $${frontend-instance-port:ip} ip = $${frontend-instance-port:ip}
hostname = [$${:ip}] hostname = [$${:ip}]
port = $${frontend-instance-port:port} port = $${frontend-instance-port:port}
pidfile = $${directory:pidfiles}/haproxy.pid
[frontend-instance] [frontend-instance]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_} wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line = command-line =
${caddy:output} -conf $${frontend-instance-config:output} -pidfile $${:pidfile} ${haproxy:location}/sbin/haproxy -f $${frontend-instance-config:output}
hash-files = $${frontend-instance-config:output}
ip = $${frontend-instance-config:ip} ip = $${frontend-instance-config:ip}
hostname = $${frontend-instance-config:hostname} hostname = $${frontend-instance-config:hostname}
...@@ -287,7 +359,7 @@ pidfile = $${directory:pidfiles}/$${:_buildout_section_name_}.pid ...@@ -287,7 +359,7 @@ pidfile = $${directory:pidfiles}/$${:_buildout_section_name_}.pid
url = https://$${:hostname}:$${:port}/ url = https://$${:hostname}:$${:port}/
[frontend-instance-fonts] [frontend-instance-fonts]
; XXX caddy 1 does not seem to serve different folders at different locations ; XXX python server only serves one folder
; so we link fonts in static folder ; so we link fonts in static folder
recipe = plone.recipe.command recipe = plone.recipe.command
location = $${directory:frontend-static}/$${:folder-name} location = $${directory:frontend-static}/$${:folder-name}
...@@ -314,18 +386,6 @@ folder-name = css ...@@ -314,18 +386,6 @@ folder-name = css
context = context =
key logo_image frontend-instance-logo:filename key logo_image frontend-instance-logo:filename
[frontend-reload]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line =
${bash:location}/bin/bash -c
"kill -s USR1 $$(${coreutils:location}/bin/cat $${frontend-instance:pidfile}) \
&& ${coreutils:location}/bin/sleep infinity"
hash-files =
$${frontend-instance-config:output}
$${frontend-instance:wrapper-path}
wait-for-files = $${frontend-instance:pidfile}
[favicon.ico] [favicon.ico]
# generate a pseudo random favicon, different for each instance name. # generate a pseudo random favicon, different for each instance name.
recipe = slapos.recipe.build recipe = slapos.recipe.build
...@@ -350,6 +410,20 @@ install = ...@@ -350,6 +410,20 @@ install =
location = $${directory:frontend-static}/$${:filename} location = $${directory:frontend-static}/$${:filename}
filename = $${:_buildout_section_name_} filename = $${:_buildout_section_name_}
# Local Python Server
# -------------------
[python-server-port]
recipe = slapos.cookbook:free_port
minimum = 3000
maximum = 3100
ip = {{ ipv4_random }}
[python-server]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line = $${buildout:executable} -m http.server $${python-server-port:port} --bind $${python-server-port:ip} --directory $${directory:frontend-static}
# Common Environment # Common Environment
# ------------------ # ------------------
...@@ -406,7 +480,6 @@ hash-existing-files = ...@@ -406,7 +480,6 @@ hash-existing-files =
ip = {{ ipv4_random }} ip = {{ ipv4_random }}
hostname = $${:ip} hostname = $${:ip}
port = $${theia-service:port} port = $${theia-service:port}
base-url = $${theia-service:base-url}
[theia-shell] [theia-shell]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
......
[buildout] [buildout]
extends = extends =
../../component/caddy/buildout.cfg ../../component/haproxy/buildout.cfg
../../component/rsyslogd/buildout.cfg
../../component/git/buildout.cfg ../../component/git/buildout.cfg
../../component/bash/buildout.cfg ../../component/bash/buildout.cfg
../../component/bash-completion/buildout.cfg ../../component/bash-completion/buildout.cfg
......
...@@ -146,17 +146,17 @@ class TestTheia(TheiaTestCase): ...@@ -146,17 +146,17 @@ class TestTheia(TheiaTestCase):
)).geturl() )).geturl()
self.get(authenticated_url) self.get(authenticated_url)
# there's a public folder to serve file # there's a public folder to serve file (no need for authentication)
with open('{}/srv/frontend-static/public/test_file'.format( with open('{}/srv/frontend-static/public/test_file'.format(
self.getPath()), 'w') as f: self.getPath()), 'w') as f:
f.write("hello") f.write("hello")
resp = self.get(urljoin(authenticated_url, '/public/')) resp = self.get(urljoin(url, '/public/'))
self.assertIn('test_file', resp.text) self.assertIn('test_file', resp.text)
resp = self.get(urljoin(authenticated_url, '/public/test_file')) resp = self.get(urljoin(url, '/public/test_file'))
self.assertEqual('hello', resp.text) self.assertEqual('hello', resp.text)
# there's a (not empty) favicon # there's a (not empty) favicon (no need for authentication)
resp = self.get(urljoin(authenticated_url, '/favicon.ico')) resp = self.get(urljoin(url, '/favicon.ico'))
self.assertTrue(resp.raw) self.assertTrue(resp.raw)
# there is a CSS referencing fonts # there is a CSS referencing fonts
......
...@@ -62,6 +62,7 @@ extends = ...@@ -62,6 +62,7 @@ extends =
../../component/bcrypt/buildout.cfg ../../component/bcrypt/buildout.cfg
../../component/python-pynacl/buildout.cfg ../../component/python-pynacl/buildout.cfg
../../component/python-xmlsec/buildout.cfg ../../component/python-xmlsec/buildout.cfg
../../component/selenium/buildout.cfg
../../stack/caucase/buildout.cfg ../../stack/caucase/buildout.cfg
../../software/neoppod/software-common.cfg ../../software/neoppod/software-common.cfg
# keep neoppod extends last # keep neoppod extends last
...@@ -595,7 +596,7 @@ eggs = ${neoppod:eggs} ...@@ -595,7 +596,7 @@ eggs = ${neoppod:eggs}
pycountry pycountry
xfw xfw
jsonschema jsonschema
selenium ${selenium:egg}
pytesseract pytesseract
decorator decorator
networkx networkx
...@@ -813,7 +814,6 @@ uuid = 1.30 ...@@ -813,7 +814,6 @@ uuid = 1.30
validictory = 1.1.0 validictory = 1.1.0
xfw = 0.10 xfw = 0.10
xupdate-processor = 0.5 xupdate-processor = 0.5
selenium = 3.14.1
scikit-image = 0.14.0 scikit-image = 0.14.0
PyWavelets = 0.5.2 PyWavelets = 0.5.2
networkx = 2.1 networkx = 2.1
......
...@@ -137,16 +137,23 @@ zc.buildout = 2.7.1+slapos019 ...@@ -137,16 +137,23 @@ zc.buildout = 2.7.1+slapos019
zc.recipe.egg = 2.0.3+slapos003 zc.recipe.egg = 2.0.3+slapos003
apache-libcloud = 2.4.0 apache-libcloud = 2.4.0
argon2-cffi = 20.1.0
asn1crypto = 1.3.0 asn1crypto = 1.3.0
astor = 0.5
async-generator = 1.10
atomicwrites = 1.4.0 atomicwrites = 1.4.0
atomize = 0.2.0 atomize = 0.2.0
attrs = 22.1.0 attrs = 22.1.0
backcall = 0.2.0
backports-abc = 0.5
backports.functools-lru-cache = 1.6.1:whl backports.functools-lru-cache = 1.6.1:whl
backports.lzma = 0.0.14 backports.lzma = 0.0.14
backports.shutil-get-terminal-size = 1.0.0
bcrypt = 3.1.4 bcrypt = 3.1.4
bleach = 5.0.1
CacheControl = 0.12.6:whl CacheControl = 0.12.6:whl
certifi = 2022.6.15 certifi = 2022.6.15
cffi = 1.14.0 cffi = 1.15.0
chardet = 3.0.4 chardet = 3.0.4
charset-normalizer = 2.1.1 charset-normalizer = 2.1.1
click = 8.1.3 click = 8.1.3
...@@ -158,13 +165,20 @@ configparser = 4.0.2:whl ...@@ -158,13 +165,20 @@ configparser = 4.0.2:whl
contextlib2 = 0.6.0.post1 contextlib2 = 0.6.0.post1
croniter = 0.3.25 croniter = 0.3.25
cryptography = 3.3.2 cryptography = 3.3.2
dataclasses = 0.8
dateparser = 0.7.6 dateparser = 0.7.6
decorator = 4.3.0 decorator = 4.3.0
defusedxml = 0.6.0
distro = 1.7.0 distro = 1.7.0
dnspython = 1.16.0 dnspython = 1.16.0
entrypoints = 0.3
enum34 = 1.1.10 enum34 = 1.1.10
erp5.util = 0.4.74 erp5.util = 0.4.74
feedparser = 5.2.1 et-xmlfile = 1.0.1
# need wheel because there is no setup.py
# (see https://erp5js.nexedi.net/#/bug_module/20221102-1C1B293)
exceptiongroup = 1.0.0:whl
feedparser = 6.0.10
Flask = 1.1.2 Flask = 1.1.2
funcsigs = 1.0.2 funcsigs = 1.0.2
functools32 = 3.2.3.post2 functools32 = 3.2.3.post2
...@@ -173,59 +187,102 @@ geventmp = 0.0.1 ...@@ -173,59 +187,102 @@ geventmp = 0.0.1
gitdb2 = 2.0.5 gitdb2 = 2.0.5
GitPython = 2.1.11 GitPython = 2.1.11
greenlet = 0.4.17 greenlet = 0.4.17
h5py = 2.7.1
h11 = 0.14.0
idna = 2.9 idna = 2.9
igmp = 1.0.4 igmp = 1.0.4
Importing = 1.10 Importing = 1.10
importlib-metadata = 1.7.0:whl importlib-metadata = 1.7.0:whl
inotify-simple = 1.1.1 inotify-simple = 1.1.1
ipaddress = 1.0.23 ipaddress = 1.0.23
ipykernel = 5.3.4:whl
ipython = 7.16.3
ipython-genutils = 0.1.0
ipywidgets = 6.0.0
itsdangerous = 0.24 itsdangerous = 0.24
jdcal = 1.4
jedi = 0.17.2
Jinja2 = 2.11.3 Jinja2 = 2.11.3
jsonschema = 3.0.2:whl jsonschema = 3.0.2:whl
jupyter = 1.0.0
jupyter-client = 7.3.1
jupyter-console = 6.4.4
jupyter-core = 4.9.2
jupyterlab = 0.26.3
jupyterlab-launcher = 0.3.1
jupyterlab-pygments = 0.1.2
lock-file = 2.0 lock-file = 2.0
lockfile = 0.12.2:whl lockfile = 0.12.2:whl
lxml = 4.9.1 lxml = 4.9.1
MarkupSafe = 2.0.1 MarkupSafe = 2.0.1
matplotlib = 2.1.2
meld3 = 1.0.2 meld3 = 1.0.2
mistune = 0.8.4
mock = 3.0.5 mock = 3.0.5
more-itertools = 5.0.0 more-itertools = 5.0.0
mpmath = 1.0.0
msgpack = 0.6.2 msgpack = 0.6.2
nbclient = 0.5.1
nbconvert = 6.0.7
nbformat = 5.0.8
nest-asyncio = 1.5.6
netaddr = 0.7.19 netaddr = 0.7.19
netifaces = 0.10.7 netifaces = 0.10.7
notebook = 6.1.5
openpyxl = 2.5.2
outcome = 1.2.0
packaging = 16.8 packaging = 16.8
pandocfilters = 1.4.3
paramiko = 2.11.0 paramiko = 2.11.0
parso = 0.7.1
passlib = 1.7.1 passlib = 1.7.1
pathlib2 = 2.3.5 pathlib2 = 2.3.5
pbr = 2.0.0 patsy = 0.5.1
pbr = 5.9.0
pexpect = 4.8.0
pickleshare = 0.7.4
pim-dm = 1.4.0nxd001 pim-dm = 1.4.0nxd001
pkgconfig = 1.5.1 pkgconfig = 1.5.1
plone.recipe.command = 1.1 plone.recipe.command = 1.1
pluggy = 0.13.1:whl pluggy = 0.13.1:whl
ply = 3.11 ply = 3.11
prettytable = 0.7.2 prettytable = 0.7.2
prometheus-client = 0.9.0
prompt-toolkit = 3.0.19
psutil = 5.8.0 psutil = 5.8.0
ptyprocess = 0.5.1
py = 1.11.0:whl py = 1.11.0:whl
py-mld = 1.0.3 py-mld = 1.0.3
pyasn1 = 0.4.5 pyasn1 = 0.4.5
pycparser = 2.20 pycparser = 2.20
pycurl = 7.43.0 pycurl = 7.43.0
Pygments = 2.9.0
PyNaCl = 1.3.0 PyNaCl = 1.3.0
pyOpenSSL = 19.1.0 pyOpenSSL = 19.1.0
pyparsing = 3.0.9:whl pyparsing = 3.0.9:whl
pyroute2 = 0.6.9 pyroute2 = 0.6.9
pyrsistent = 0.18.1 pyrsistent = 0.18.1
PyRSS2Gen = 1.1 PyRSS2Gen = 1.1
PySocks = 1.7.1
pytest-runner = 5.2:whl pytest-runner = 5.2:whl
python-dateutil = 2.8.2:whl python-dateutil = 2.8.2:whl
pytz = 2022.2.1 pytz = 2022.2.1
PyYAML = 5.4.1 PyYAML = 5.4.1
pyzmq = 22.3.0
qtconsole = 4.3.0
regex = 2020.9.27 regex = 2020.9.27
requests = 2.28.1 requests = 2.28.1
rpdb = 0.1.5 rpdb = 0.1.5
rubygemsrecipe = 0.4.3 rubygemsrecipe = 0.4.3
scandir = 1.10.0 scandir = 1.10.0
scikit-learn = 0.20.4
seaborn = 0.7.1
Send2Trash = 1.5.0
setproctitle = 1.1.10 setproctitle = 1.1.10
setuptools-dso = 1.7 setuptools-dso = 1.7
sgmllib3k = 1.0.0
simplegeneric = 0.8.1
singledispatch = 3.4.0.3
six = 1.16.0 six = 1.16.0
slapos.cookbook = 1.0.297 slapos.cookbook = 1.0.297
slapos.core = 1.8.5 slapos.core = 1.8.5
...@@ -236,19 +293,32 @@ slapos.recipe.build = 0.56 ...@@ -236,19 +293,32 @@ slapos.recipe.build = 0.56
slapos.recipe.cmmi = 0.19 slapos.recipe.cmmi = 0.19
slapos.recipe.template = 5.0 slapos.recipe.template = 5.0
slapos.toolbox = 0.128 slapos.toolbox = 0.128
statsmodels = 0.11.1
smmap2 = 2.0.5 smmap2 = 2.0.5
sniffio = 1.3.0
sortedcontainers = 2.4.0
stevedore = 1.21.0:whl stevedore = 1.21.0:whl
subprocess32 = 3.5.4 subprocess32 = 3.5.4
supervisor = 4.1.0 supervisor = 4.1.0
traitlets = 4.3.3 sympy = 1.1.1
terminado = 0.9.1
testpath = 0.4.4
tornado = 6.1
traitlets = 5.0.5
trio = 0.22.0
trio-websocket = 0.9.2
tzlocal = 1.5.1 tzlocal = 1.5.1
unicodecsv = 0.14.1 unicodecsv = 0.14.1
uritemplate = 3.0.0 uritemplate = 3.0.0
urllib3 = 1.26.12 urllib3 = 1.26.12
wcwidth = 0.2.5 wcwidth = 0.2.5
webencodings = 0.5.1
Werkzeug = 2.0.2 Werkzeug = 2.0.2
wheel = 0.35.1:whl wheel = 0.35.1:whl
widgetsnbextension = 2.0.0
wsproto = 1.2.0
xml-marshaller = 1.0.2 xml-marshaller = 1.0.2
xlrd = 1.1.0
zc.lockfile = 1.4 zc.lockfile = 1.4
ZConfig = 3.6.1 ZConfig = 3.6.1
zdaemon = 4.2.0 zdaemon = 4.2.0
...@@ -264,6 +334,7 @@ certifi = 2020.4.5.1 ...@@ -264,6 +334,7 @@ certifi = 2020.4.5.1
charset-normalizer = 2.0.12 charset-normalizer = 2.0.12
click = 6.7 click = 6.7
distro = 1.6.0 distro = 1.6.0
feedparser = 5.2.1
pyparsing = 2.2.0 pyparsing = 2.2.0
pyrsistent = 0.16.1 pyrsistent = 0.16.1
requests = 2.27.1 requests = 2.27.1
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment