caddy-frontend: Raise promise only on slave errors impacting cluster

If slaves clashes domain, this can lead to very bad situation, then only in this case raise a promise error. Otherwise the slave requester is informed anyway about the problem, so there is no reason to make the whole cluster raising an monitoring issue.

caddy-frontend: Raise promise only on slave errors impacting cluster
If slaves clashes domain, this can lead to very bad situation, then only in this case raise a promise error. Otherwise the slave requester is informed anyway about the problem, so there is no reason to make the whole cluster raising an monitoring issue.
b7836a14 · Łukasz Nowak · 762daa2c · b7836a14 · b7836a14 · b7836a14
Commit b7836a14 authored Sep 09, 2021 by Łukasz Nowak
3 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -26,7 +26,7 @@ md5sum = 51087ac7615bd7cc01e60eb23701f625

 [profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = b6fc5a004a1235ffad3af0b4cb0e661f
+md5sum = 99741e618b1c249bd17c9e02778d74ee

 [profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in

--- a/software/caddy-frontend/instance-apache-replicate.cfg.in
+++ b/software/caddy-frontend/instance-apache-replicate.cfg.in
@@ -103,10 +103,12 @@ context =
 {% set authorized_slave_string_list = [] %}
 {% set authorized_slave_list = [] %}
 {% set rejected_slave_dict = {} %}
+{% set critical_rejected_slave_dict = {} %}
 {% set warning_slave_dict = {} %}
 {% set used_host_list = [] %}
 {% for slave in sorted(instance_parameter_dict['slave-instance-list']) %}
 {%   set slave_error_list = [] %}
+{%   set slave_critical_error_list = [] %}
 {%   set slave_warning_list = [] %}
 {%   set slave_server_alias_unclashed = [] %}
 {%   set slave_type = slave.get('type') %}
@@ -165,7 +167,9 @@ context =
 {%     endif %}
 {%   set custom_domain = slave.get('custom_domain') %}
 {%   if custom_domain and custom_domain in used_host_list %}
-{%      do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %}
+{%      set message = 'custom_domain %r clashes' % (custom_domain,) %}
+{%      do slave_error_list.append(message) %}
+{%      do slave_critical_error_list.append(message) %}
 {%   else %}
 {%      do used_host_list.append(custom_domain) %}
 {%   endif %}
@@ -182,7 +186,9 @@ context =
 {%         if slave_alias in slave_server_alias_unclashed or slave_alias == custom_domain %}
 {#           optionally do something about reporting back that server-alias has been unclashed #}
 {%         elif slave_alias in used_host_list %}
-{%           do slave_error_list.append('server-alias \'%s\' clashes' % (slave_alias,)) %}
+{%           set message = 'server-alias \'%s\' clashes' % (slave_alias,) %}
+{%           do slave_error_list.append(message) %}
+{%           do slave_critical_error_list.append(message) %}
 {%         else %}
 {%           do slave_server_alias_unclashed.append(slave_alias) %}
 {%           do used_host_list.append(slave_alias) %}
@@ -251,6 +257,9 @@ context =
 {%   else %}
 {%     do rejected_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_error_list)) %}
 {%   endif %}
+{%   if len(slave_critical_error_list) > 0 %}
+{%     do critical_rejected_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_critical_error_list)) %}
+{%   endif %}
 {%   if len(slave_warning_list) > 0 %}
 {%     do warning_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_warning_list)) %}
 {%   endif %}
@@ -752,9 +761,9 @@ filename = rejected-slave.json
 directory = ${directory:promise-output}
 rendered = ${:directory}/${:filename}
 template = {{ software_parameter_dict['template_empty'] }}
-{% if rejected_slave_dict %}
+{% if critical_rejected_slave_dict %}
 {# sort_keys are important in order to avoid shuffling parameters on each run #}
-content = {{ dumps(json_module.dumps(rejected_slave_dict, indent=2, sort_keys=True)) }}
+content = {{ dumps(json_module.dumps(critical_rejected_slave_dict, indent=2, sort_keys=True)) }}
 {% else %}
 content =
 {% endif %}

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -795,7 +795,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
    with cls.slap.instance_supervisor_rpc as instance_supervisor:
      return getattr(instance_supervisor, method)(*args, **kwargs)

-  def assertRejectedSlavePromiseWithPop(self, parameter_dict):
+  def assertRejectedSlavePromiseEmptyWithPop(self, parameter_dict):
    rejected_slave_promise_url = parameter_dict.pop(
      'rejected-slave-promise-url')

@@ -806,7 +806,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
      else:
        result_json = result.json()
      self.assertEqual(
-        parameter_dict['rejected-slave-dict'],
+        {},
        result_json
      )
    except AssertionError:
@@ -1238,7 +1238,7 @@ class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin):
    self.assertKeyWithPop('monitor-setup-url', parameter_dict)
    self.assertBackendHaproxyStatisticUrl(parameter_dict)
    self.assertKedifaKeysWithPop(parameter_dict, 'master-')
-    self.assertRejectedSlavePromiseWithPop(parameter_dict)
+    self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)

    self.assertEqual(
      {
@@ -1269,7 +1269,7 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
    self.assertKeyWithPop('monitor-setup-url', parameter_dict)
    self.assertBackendHaproxyStatisticUrl(parameter_dict)
    self.assertKedifaKeysWithPop(parameter_dict, 'master-')
-    self.assertRejectedSlavePromiseWithPop(parameter_dict)
+    self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)
    self.assertEqual(
      {
        'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
@@ -1707,7 +1707,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertKeyWithPop('monitor-setup-url', parameter_dict)
    self.assertBackendHaproxyStatisticUrl(parameter_dict)
    self.assertKedifaKeysWithPop(parameter_dict, 'master-')
-    self.assertRejectedSlavePromiseWithPop(parameter_dict)
+    self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)

    expected_parameter_dict = {
      'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
@@ -5286,7 +5286,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    self.assertKeyWithPop('monitor-setup-url', parameter_dict)
    self.assertBackendHaproxyStatisticUrl(parameter_dict)
    self.assertKedifaKeysWithPop(parameter_dict, 'master-')
-    self.assertRejectedSlavePromiseWithPop(parameter_dict)
+    self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)

    expected_parameter_dict = {
      'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
@@ -5296,10 +5296,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
      'rejected-slave-amount': '0',
      'slave-amount': '12',
      'rejected-slave-dict': {
-        # u"_ssl_ca_crt_only":
-        # [u"ssl_ca_crt is present, so ssl_crt and ssl_key are required"],
-        # u"_ssl_key-ssl_crt-unsafe":
-        # [u"slave ssl_key and ssl_crt does not match"]
      },
      'warning-list': [
        u'apache-certificate is obsolete, please use master-key-upload-url',
@@ -5948,7 +5944,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
    self.assertKeyWithPop('monitor-setup-url', parameter_dict)
    self.assertBackendHaproxyStatisticUrl(parameter_dict)
    self.assertKedifaKeysWithPop(parameter_dict, 'master-')
-    self.assertRejectedSlavePromiseWithPop(parameter_dict)
+    self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)

    expected_parameter_dict = {
      'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
@@ -6053,7 +6049,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertKeyWithPop('monitor-setup-url', parameter_dict)
    self.assertBackendHaproxyStatisticUrl(parameter_dict)
    self.assertKedifaKeysWithPop(parameter_dict, 'master-')
-    self.assertRejectedSlavePromiseWithPop(parameter_dict)
+    self.assertRejectedSlavePromiseEmptyWithPop(parameter_dict)

    expected_parameter_dict = {
      'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
@@ -6293,6 +6289,29 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
      }
    }

+  def assertRejectedSlavePromiseWithPop(self, parameter_dict):
+    rejected_slave_promise_url = parameter_dict.pop(
+      'rejected-slave-promise-url')
+
+    try:
+      result = requests.get(rejected_slave_promise_url, verify=False)
+      if result.text == '':
+        result_json = {}
+      else:
+        result_json = result.json()
+      self.assertEqual(
+        {
+          u'_SITE_4': [u"custom_domain 'duplicate.example.com' clashes"],
+          u'_SITE_2': [u"custom_domain 'duplicate.example.com' clashes"],
+          u'_SITE_3': [u"server-alias 'duplicate.example.com' clashes"]
+        },
+        result_json
+      )
+    except AssertionError:
+      raise
+    except Exception as e:
+      self.fail(e)
+
  def test_master_partition_state(self):
    parameter_dict = self.parseConnectionParameterDict()
    self.assertKeyWithPop('monitor-setup-url', parameter_dict)