use new check_url_available promise from slapos.toolbox 0.123

See merge request !1022

use new check_url_available promise from slapos.toolbox 0.123
See merge request !1022
cc4b577d · Thomas Gambier · 405fc71c · c536eb7c · cc4b577d · cc4b577d
Commit cc4b577d authored Jul 28, 2021 by Thomas Gambier 🚴🏼
23 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -106,7 +106,7 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8

 [profile-kedifa]
 filename = instance-kedifa.cfg.in
-md5sum = 16901e9eeb0d4f87e708ad91e7756f12
+md5sum = eab5ae579471ca86b40bd2da3b53fefa

 [template-backend-haproxy-rsyslogd-conf]
 _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in

--- a/software/caddy-frontend/instance-kedifa.cfg.in
+++ b/software/caddy-frontend/instance-kedifa.cfg.in
@@ -253,7 +253,7 @@ extra-context =
 module = check_url_available
 name = kedifa-http-reply.py
 # Kedifa replies 400 on /, so use it to be sure that Kedifa replied
-config-http_code = 400
+config-http-code = 400
 config-url = https://[${kedifa-config:ip}]:${kedifa-config:port}
 config-ca-cert-file = ${kedifa-config:ca-certificate}


--- a/software/cloudooo/buildout.hash.cfg
+++ b/software/cloudooo/buildout.hash.cfg
@@ -18,4 +18,4 @@ md5sum = e986de01a57161b32425f1cd3ccac924

 [template-cloudooo-instance]
 filename = instance-cloudooo.cfg.in
-md5sum = 440f2b82b119cbfa6f8c7d27652c3170
+md5sum = 6e4bdb1df02aed5c96ccf7b9c3c71b89
--- a/software/cloudooo/instance-cloudooo.cfg.in
+++ b/software/cloudooo/instance-cloudooo.cfg.in
@@ -110,7 +110,7 @@ name = apache.py
 config-url = https://{{ ipv4 }}:{{ apache_dict.values()[0][0] }}
 # XXX cloudooo replies "400 Bad Request" for GET on / but what we want to check
 # is that we don't have a "503 Service Unavailable" from apache or haproxy.
-config-http_code = 400
+config-http-code = 400

 [apache-conf-ssl]
 cert = ${directory:apache-conf}/apache.crt

--- a/software/gitlab/buildout.hash.cfg
+++ b/software/gitlab/buildout.hash.cfg
@@ -54,7 +54,7 @@ md5sum = 0f1ec4077dab586cc003ae13f689eda2

 [instance-gitlab.cfg.in]
 _update_hash_filename_ = instance-gitlab.cfg.in
-md5sum = dfeff229aa696bb6b6051a2aff4301fe
+md5sum = 64ec65b2daa0648453022f3afcbc4da3

 [instance-gitlab-export.cfg.in]
 _update_hash_filename_ = instance-gitlab-export.cfg.in

--- a/software/gitlab/instance-gitlab.cfg.in
+++ b/software/gitlab/instance-gitlab.cfg.in
@@ -444,7 +444,7 @@ tune-command =
 <= monitor-promise-base
 module = check_command_execute
 name   = ${:_buildout_section_name_}.py
-config-http_code   = 200
+config-http-code   = 200




--- a/software/html5as/buildout.hash.cfg
+++ b/software/html5as/buildout.hash.cfg
@@ -21,7 +21,7 @@ md5sum = 9e486efe4ab1aba8cb72b04f6c6da8ad

 [instance_html5as]
 _update_hash_filename_ = instance_html5as.cfg.in
-md5sum = 191ec2a8b967a3944971709365bdcd2d
+md5sum = 115918e0f8854e957ea8388bb064f457

 [template_nginx_conf]
 _update_hash_filename_ = templates/nginx_conf.in

--- a/software/html5as/instance_html5as.cfg.in
+++ b/software/html5as/instance_html5as.cfg.in
@@ -239,4 +239,4 @@ module = check_url_available
 name = html5as-http-frontend.py
 url = ${html5as-frontend:connection-secure_access}
 config-url = ${:url}
-config-check-secure = 1
+config-http-code = 401
--- a/software/jscrawler/buildout.hash.cfg
+++ b/software/jscrawler/buildout.hash.cfg
@@ -19,7 +19,7 @@ md5sum = 6c17361a49cfc47564063b867aab6e8c

 [template-jscrawler]
 filename = instance-jscrawler.cfg.jinja2.in
-md5sum = fece076231740b414612da5ef3a1685a
+md5sum = e76e35d9070bdeca014063e0a00879da

 [template-jscrawler-builder]
 filename = template-jscrawler.builder.sh.in

--- a/software/jscrawler/instance-jscrawler.cfg.jinja2.in
+++ b/software/jscrawler/instance-jscrawler.cfg.jinja2.in
@@ -50,7 +50,7 @@ return = secure_access domain
 module = check_url_available
 name = jscrawler_frontend.py
 config-url = ${request-jscrawler-frontend:connection-secure_access}
-config-check-secure = 1
+config-http-code = 401

 [logrotate-entry-httpd]
 <= logrotate-entry-base

--- a/software/repman/buildout.hash.cfg
+++ b/software/repman/buildout.hash.cfg
@@ -18,7 +18,7 @@ md5sum = 8a08be95a04f1a47098c4fdef80bdfed

 [instance-repman.cfg]
 _update_hash_filename_ = instance-repman.cfg.jinja2.in
-md5sum = 0c173313b48d0005c46d968db1c8ab5f
+md5sum = b2273a47198d38f74c0bf84163b2ea1a

 [config-toml.in]
 _update_hash_filename_ = templates/config.toml.in

--- a/software/repman/instance-repman.cfg.jinja2.in
+++ b/software/repman/instance-repman.cfg.jinja2.in
@@ -511,14 +511,14 @@ return = domain secure_access
 module = check_url_available
 name = check_repman_frontend.py
 config-url = https://${repman-frontend:connection-domain}
-config-check-secure = 1
+config-http-code = 401

 [repman-backend-promise]
 <= monitor-promise-base
 module = check_url_available
 name = check_repman_backend.py
 config-url = ${nginx-parameter:backend-ssl-url}
-config-check-secure = 1
+config-http-code = 401

 [template-proxysql-need-stop-start]
 recipe = slapos.recipe.template:jinja2

--- a/software/restic-rest-server/buildout.hash.cfg
+++ b/software/restic-rest-server/buildout.hash.cfg
@@ -15,4 +15,4 @@

 [instance.cfg.in]
 filename = instance.cfg.in
-md5sum = fee2097f3d12fd4bcfbc2698ecf49afc
+md5sum = 0e5521cbbf78be884241e8cf585646ae
--- a/software/restic-rest-server/instance.cfg.in
+++ b/software/restic-rest-server/instance.cfg.in
@@ -185,7 +185,7 @@ return = domain secure_access
 [frontend-available-promise]
 <= check-url-available-promise
 url = ${frontend:connection-secure_access}
-check-secure = 1
+config-http-code = 401


 [promises]

--- a/software/slaprunner/buildout.hash.cfg
+++ b/software/slaprunner/buildout.hash.cfg
@@ -18,7 +18,7 @@ md5sum = 8d6878ff1d2e75010c50a1a2b0c13b24

 [template-runner]
 filename = instance-runner.cfg
-md5sum = ebdecea5c1653ed752e06fbc8be7e6b2
+md5sum = 60b4d2025eace8da7de14b5bae3772d9

 [template-runner-import-script]
 filename = template/runner-import.sh.jinja2

--- a/software/slaprunner/instance-runner.cfg
+++ b/software/slaprunner/instance-runner.cfg
@@ -91,7 +91,7 @@ module = check_url_available
 name = custom_frontend_promise.py
 config-url = https://$${request-custom-frontend:connection-domain}
 {% if slapparameter_dict.get('custom-frontend-basic-auth') -%}
-config-check-secure = 1
+config-http-code = 401
 {% endif -%}

 [custom-frontend-url-ready-promise-bin]
@@ -440,7 +440,7 @@ module = check_url_available
 name = $${:filename}.py
 filename = apache-httpd-listening-on-tcp
 config-url = $${apache-httpd:access-url}
-config-check-secure = 1
+config-http-code = 401

 [slaprunner-httpd-cors]
 recipe = plone.recipe.command
@@ -541,7 +541,7 @@ return = site_url domain
 module = check_url_available
 name = slaprunner_frontend.py
 config-url = https://$${request-frontend:connection-domain}/login
-config-check-secure = 1
+config-http-code = 401

 [request-httpd-frontend]
 <= slap-connection
@@ -561,7 +561,7 @@ return = secure_access domain
 module = check_url_available
 name = slaprunner-apache-http-frontend.py
 config-url = $${request-httpd-frontend:connection-secure_access}
-config-check-secure = 1
+config-http-code = 401

 {% endif %}


--- a/software/theia/buildout.hash.cfg
+++ b/software/theia/buildout.hash.cfg
@@ -15,7 +15,7 @@

 [instance-theia]
 _update_hash_filename_ = instance-theia.cfg.jinja.in
-md5sum = 557dec61b7bf58601051575234e7fd05
+md5sum = 11d347dd2bf762902341746a388673a0

 [instance]
 _update_hash_filename_ = instance.cfg.in

--- a/software/theia/instance-theia.cfg.jinja.in
+++ b/software/theia/instance-theia.cfg.jinja.in
@@ -94,7 +94,7 @@ config-port = $${frontend-instance:port}
 module = check_url_available
 name = $${:_buildout_section_name_}.py
 config-url = $${remote-frontend:connection-secure_access}
-config-check-secure = 1
+config-http-code = 401

 {% if additional_frontend %}
 [remote-additional-frontend-url-available-promise]
@@ -102,7 +102,7 @@ config-check-secure = 1
 module = check_url_available
 name = $${:_buildout_section_name_}.py
 config-url = $${remote-additional-frontend:connection-secure_access}
-config-check-secure = 1
+config-http-code = 401
 {% endif %}

 [slapos-standalone-listen-promise]

--- a/stack/lamp/buildout.hash.cfg
+++ b/stack/lamp/buildout.hash.cfg
@@ -22,7 +22,7 @@ md5sum = 4afee4377fa9cbc1e4ff80647b2f279c

 [instance-lamp]
 filename = instance-lamp.cfg.jinja2.in
-md5sum = 52b76d3c8aa23f467db33e32a2b50ed6
+md5sum = 437ec82ac37b28626091000ba7a991a6

 [template-apache.conf]
 filename = apache.conf.in

--- a/stack/lamp/instance-lamp.cfg.jinja2.in
+++ b/stack/lamp/instance-lamp.cfg.jinja2.in
@@ -82,7 +82,7 @@ name = lamp-http-frontend.py
 url = ${request-frontend:connection-secure_access}
 config-url = ${:url}
 config-custom-domain = {{ slapparameter_dict.get('custom-domain', '') }}
-config-check-secure = 1
+config-http-code = 401

 {% do publish_dict.__setitem__('url', '${lamp-frontend-promise:url}') -%}


--- a/stack/monitor/buildout.hash.cfg
+++ b/stack/monitor/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [monitor2-template]
 filename = instance-monitor.cfg.jinja2.in
-md5sum = 200bb126dbfc33e5c5c165ae17bab64b
+md5sum = be2953358a3af37c6e1e0846a18f44ec

 [monitor-httpd-conf]
 _update_hash_filename_ = templates/monitor-httpd.conf.in

--- a/stack/monitor/instance-monitor.cfg.jinja2.in
+++ b/stack/monitor/instance-monitor.cfg.jinja2.in
@@ -127,9 +127,9 @@ recipe = slapos.recipe.template:jinja2
 template = {{ monitor_conf_template }}
 rendered = ${directory:etc}/${:filename}
 filename = monitor.conf
-context = section parameter_dict           monitor-conf-parameters
+context = section parameter_dict          monitor-conf-parameters
          section promise_parameter_dict  monitor-promise-conf
-          section monitor_base_urls        monitor-base-url-dict
+          section monitor_base_urls       monitor-base-url-dict

 [start-monitor]
 recipe = slapos.cookbook:wrapper
@@ -312,7 +312,7 @@ output = ${directory:plugins}/${:name}
 module = check_url_available
 name = monitor-httpd-listening-on-tcp.py
 config-url = ${monitor-httpd-conf-parameter:url}
-config-check-secure = 1
+config-http-code = 401

 [monitor-publish-parameters]
 # XXX depends on monitor-base section
@@ -326,7 +326,7 @@ monitor-title = ${slap-configuration:instance-title}
 monitor-httpd-ipv6 = ${slap-configuration:ipv6-random}
 monitor-httpd-port = 8196
 # XXX - Set monitor-base-url = ${monitor-httpd-conf-parameter:url} => https://[ipv6]:port
-monitor-base-url = ${monitor-frontend-promise:url}
+monitor-base-url = ${monitor-frontend:connection-secure_access}
 #monitor-base-url = ${monitor-httpd-conf-parameter:url}
 root-instance-title = ${slap-configuration:root-instance-title}
 monitor-url-list =
@@ -356,13 +356,26 @@ config-https-only = true
 #software-type = custom-personal
 return = domain secure_access

+# Requests to the frontend URL should succeed with the correct
+# credentials.
+[check-monitor-password-promise]
+<= monitor-promise-base
+module = check_url_available
+name = check-monitor-frontend-password.py
+url = ${monitor-frontend:connection-secure_access}
+config-url = ${:url}
+config-username = ${monitor-instance-parameter:username}
+config-password = ${monitor-instance-parameter:username}
+
+# Requests to the frontend URL should fail when no credentials are
+# supplied.
 [monitor-frontend-promise]
 <= monitor-promise-base
 module = check_url_available
 name = monitor-http-frontend.py
 url = ${monitor-frontend:connection-secure_access}
 config-url = ${:url}
-config-check-secure = 1
+config-http-code = 401

 [monitor-bootstrap-promise]
 <= monitor-promise-base
@@ -402,6 +415,8 @@ depends =
  ${start-monitor:wrapper-path}
  ${ca-monitor-httpd-service:wrapper-path}
  ${monitor-httpd-promise:name}
+  ${monitor-frontend-promise:name}
+  ${check-monitor-password-promise:name}
  ${monitor-bootstrap-promise:name}
  ${monitor-symlink:recipe}
  ${promise-check-slapgrid:recipe}

--- a/stack/slapos.cfg
+++ b/stack/slapos.cfg
@@ -198,7 +198,7 @@ slapos.rebootstrap = 4.5
 slapos.recipe.build = 0.47
 slapos.recipe.cmmi = 0.17
 slapos.recipe.template = 4.6
-slapos.toolbox = 0.122
+slapos.toolbox = 0.123
 stevedore = 1.21.0:whl
 subprocess32 = 3.5.4
 unicodecsv = 0.14.1