Commit e2990393 authored by Thomas Gambier's avatar Thomas Gambier

Update Release Candidate

parents bf837297 27dd12f0
...@@ -6,6 +6,6 @@ parts = ...@@ -6,6 +6,6 @@ parts =
[lz4] [lz4]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = https://github.com/lz4/lz4/archive/v1.9.2.tar.gz url = https://github.com/lz4/lz4/archive/v1.9.3.tar.gz
md5sum = 3898c56c82fb3d9455aefd48db48eaad md5sum = 3a1ab1684e14fc1afc66228ce61b2db3
configure-command = true configure-command = true
...@@ -30,8 +30,8 @@ parts = ...@@ -30,8 +30,8 @@ parts =
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = https://archive.mariadb.org//mariadb-${:version}/source/mariadb-${:version}.tar.gz url = https://archive.mariadb.org//mariadb-${:version}/source/mariadb-${:version}.tar.gz
version = 10.4.14 version = 10.4.17
md5sum = 9801120ae8acb33904ab4a3366a7714f md5sum = e8193b9cd008b6d7f177f5a5c44c7a9f
location = @@LOCATION@@ location = @@LOCATION@@
pre-configure = pre-configure =
set '\bSET(PLUGIN_AUTH_PAM YES CACHE BOOL "")' cmake/build_configurations/mysql_release.cmake set '\bSET(PLUGIN_AUTH_PAM YES CACHE BOOL "")' cmake/build_configurations/mysql_release.cmake
...@@ -131,12 +131,8 @@ environment = ...@@ -131,12 +131,8 @@ environment =
### (we just override here for easier revert) ### (we just override here for easier revert)
[mariadb-10.3] [mariadb-10.3]
<= mariadb-10.4 <= mariadb-10.4
version = 10.3.22 version = 10.3.27
md5sum = f712a5e6fde038d0c9c6d2a2cd88b84e md5sum = 6ab2934a671191d8ca8730e9a626c5c9
pre-configure =
set -e '\bSET(PLUGIN_AUTH_PAM YES)' cmake/build_configurations/mysql_release.cmake
grep -q "$@"
sed -i "/$1/d" "$2"
post-install = post-install =
ldd=`ldd ${:location}/lib/plugin/ha_rocksdb.so` ldd=`ldd ${:location}/lib/plugin/ha_rocksdb.so`
for x in ${lz4:location} ${snappy:location} ${zstd:location} for x in ${lz4:location} ${snappy:location} ${zstd:location}
......
...@@ -10,7 +10,7 @@ parts = ...@@ -10,7 +10,7 @@ parts =
<= tomcat9 <= tomcat9
[tomcat7] [tomcat7]
recipe = hexagonit.recipe.download recipe = slapos.recipe.build:download-unpacked
ignore-existing = true ignore-existing = true
strip-top-level-dir = true strip-top-level-dir = true
url = https://archive.apache.org/dist/tomcat/tomcat-7/v${:version}/bin/apache-tomcat-${:version}.tar.gz url = https://archive.apache.org/dist/tomcat/tomcat-7/v${:version}/bin/apache-tomcat-${:version}.tar.gz
...@@ -18,7 +18,7 @@ version = 7.0.100 ...@@ -18,7 +18,7 @@ version = 7.0.100
md5sum = 79be4ba5a6e770730a4be3d5cb3c7862 md5sum = 79be4ba5a6e770730a4be3d5cb3c7862
[tomcat9] [tomcat9]
recipe = hexagonit.recipe.download recipe = slapos.recipe.build:download-unpacked
ignore-existing = true ignore-existing = true
strip-top-level-dir = true strip-top-level-dir = true
url = https://archive.apache.org/dist/tomcat/tomcat-9/v${:version}/bin/apache-tomcat-${:version}.tar.gz url = https://archive.apache.org/dist/tomcat/tomcat-9/v${:version}/bin/apache-tomcat-${:version}.tar.gz
......
...@@ -5,8 +5,10 @@ parts= ...@@ -5,8 +5,10 @@ parts=
[zbar] [zbar]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = https://jaist.dl.sourceforge.net/project/zbar/zbar/0.10/zbar-0.10.tar.bz2 url = https://github.com/mchehab/zbar/archive/0.23.1.tar.gz
md5sum = 0fd61eb590ac1bab62a77913c8b086a5 md5sum = 04f1ffafd0f12473d82763931d9c7c68
pre-configure =
autoreconf -vfi -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal
configure-options = configure-options =
--disable-video --disable-video
--without-imagemagick --without-imagemagick
...@@ -17,4 +19,5 @@ configure-options = ...@@ -17,4 +19,5 @@ configure-options =
--without-x --without-x
--without-jpg --without-jpg
environment = environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${gettext:location}/bin:${libtool:location}/bin:${m4:location}/bin:%(PATH)s
CFLAGS= CFLAGS=
...@@ -245,6 +245,15 @@ Necessary to activate cache. ...@@ -245,6 +245,15 @@ Necessary to activate cache.
``enable_cache`` is an optional parameter. ``enable_cache`` is an optional parameter.
backend-active-check-*
~~~~~~~~~~~~~~~~~~~~~~
This set of parameters is used to control the way how the backend checks will be done. Such active checks can be really useful for `stale-if-error` caching technique and especially in case if backend is very slow to reply or to connect to.
`backend-active-check-http-method` can be used to configure the HTTP method used to check the backend. Special method `CONNECT` can be used to check only for connection attempt.
Please be aware that the `backend-active-check-timeout` is really short by default, so in case if `/` of the backend is slow to reply configure proper path with `backend-active-check-http-path` to not mark such backend down too fast, before increasing the check timeout.
Examples Examples
======== ========
......
...@@ -22,23 +22,23 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,23 +22,23 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend] [profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = e7d7e1448b6420657e953026573311ca md5sum = e8db3179e3278c6390a786cdcc947173
[profile-caddy-replicate] [profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = b70f9ce80dd927ead51b4526997b75ed md5sum = b29a4764dd489030030a72770162c157
[profile-slave-list] [profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = ab143bfa2e20725aa35940c9033fa0ee md5sum = 2cbcdff6fe75ec469ab7d6accd72f83c
[profile-replicate-publish-slave-information] [profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
md5sum = de268251dafa5ad83ebf5b20636365d9 md5sum = df304a8aee87b6f2425241016a48f7a5
[profile-caddy-frontend-configuration] [profile-caddy-frontend-configuration]
_update_hash_filename_ = templates/Caddyfile.in _update_hash_filename_ = templates/Caddyfile.in
md5sum = 2503056e35463e045db3329bb8b6fae8 md5sum = 8cdc462956b6b492c14a53f987c0df5c
[template-not-found-html] [template-not-found-html]
_update_hash_filename_ = templates/notfound.html _update_hash_filename_ = templates/notfound.html
...@@ -50,11 +50,7 @@ md5sum = 266f175dbdfc588af7a86b0b1884fe73 ...@@ -50,11 +50,7 @@ md5sum = 266f175dbdfc588af7a86b0b1884fe73
[template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in _update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = bf40f8d0a049a8dd924ccc731956c87e md5sum = 5c807d34198f334b143cfa9263f6bc4e
[template-log-access]
_update_hash_filename_ = templates/template-log-access.conf.in
md5sum = f8068179333ce19e95df561c70073857
[template-empty] [template-empty]
_update_hash_filename_ = templates/empty.in _update_hash_filename_ = templates/empty.in
......
...@@ -90,8 +90,8 @@ frontend_cluster = ${:var}/frontend_cluster ...@@ -90,8 +90,8 @@ frontend_cluster = ${:var}/frontend_cluster
# csr_id publication # csr_id publication
csr_id = ${:srv}/csr_id csr_id = ${:srv}/csr_id
caddy-csr_id = ${:etc}/caddy-csr_id certificate-csr_id = ${:etc}/certificate-csr_id
caddy-csr_id-log = ${:log}/httpd-csr_id expose-csr_id-var = ${:var}/expose-csr_id
# slave introspection # slave introspection
slave-introspection-var = ${:var}/slave-introspection slave-introspection-var = ${:var}/slave-introspection
...@@ -102,7 +102,6 @@ single-default = ${dynamic-custom-personal-profile-slave-list:rendered} ...@@ -102,7 +102,6 @@ single-default = ${dynamic-custom-personal-profile-slave-list:rendered}
single-custom-personal = ${dynamic-custom-personal-profile-slave-list:rendered} single-custom-personal = ${dynamic-custom-personal-profile-slave-list:rendered}
[frontend-configuration] [frontend-configuration]
log-access-configuration = ${directory:etc}/log-access.conf
ip-access-certificate = ${self-signed-ip-access:certificate} ip-access-certificate = ${self-signed-ip-access:certificate}
caddy-ipv6 = {{ instance_parameter_dict['ipv6-random'] }} caddy-ipv6 = {{ instance_parameter_dict['ipv6-random'] }}
caddy-https-port = ${configuration:port} caddy-https-port = ${configuration:port}
...@@ -583,7 +582,7 @@ template = {{ software_parameter_dict['template_configuration_state_script'] }} ...@@ -583,7 +582,7 @@ template = {{ software_parameter_dict['template_configuration_state_script'] }}
rendered = ${directory:bin}/${:_buildout_section_name_} rendered = ${directory:bin}/${:_buildout_section_name_}
mode = 0700 mode = 0700
path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt path_list = ${caddy-configuration:frontend-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
sha256sum = {{ software_parameter_dict['sha256sum'] }} sha256sum = {{ software_parameter_dict['sha256sum'] }}
extra-context = extra-context =
...@@ -712,7 +711,7 @@ statistic-certificate = ${self-signed-ip-access:certificate} ...@@ -712,7 +711,7 @@ statistic-certificate = ${self-signed-ip-access:certificate}
statistic-port = ${configuration:backend-haproxy-statistic-port} statistic-port = ${configuration:backend-haproxy-statistic-port}
statistic-username = ${monitor-instance-parameter:username} statistic-username = ${monitor-instance-parameter:username}
statistic-password = ${monitor-htpasswd:passwd} statistic-password = ${monitor-htpasswd:passwd}
statistic-identification = {{ slapparameter_dict['cluster-identification'] }} statistic-identification = {{ instance_parameter_dict['configuration.frontend-name'] + ' @ ' + slapparameter_dict['cluster-identification'] }}
statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access} statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access}
[backend-haproxy] [backend-haproxy]
......
...@@ -124,6 +124,35 @@ context = ...@@ -124,6 +124,35 @@ context =
{% elif slave_type not in [None, '', 'default', 'zope', 'redirect', 'notebook', 'websocket'] %} {% elif slave_type not in [None, '', 'default', 'zope', 'redirect', 'notebook', 'websocket'] %}
{% do slave_error_list.append('type:%s is not supported' % (slave_type,)) %} {% do slave_error_list.append('type:%s is not supported' % (slave_type,)) %}
{% endif %} {% endif %}
{# Check backend-active-check-* #}
{% set backend_active_check = (str(slave.get('backend-active-check', False)) or 'false').lower() %}
{% if backend_active_check in TRUE_VALUES %}
{% set backend_active_check_http_method = slave.get('backend-active-check-http-method') or 'GET' %}
{% if backend_active_check_http_method not in ['GET', 'OPTIONS', 'CONNECT', 'POST'] %}
{% do slave_error_list.append('Wrong backend-active-check-http-method %s' % (backend_active_check_http_method,)) %}
{% endif %}
{% set backend_active_check_http_path = slave.get('backend-active-check-http-path') or '/' %}
{% set backend_active_check_http_version = slave.get('backend-active-check-http-version') or 'HTTP/1.1' %}
{% if backend_active_check_http_version not in ['HTTP/1.1', 'HTTP/1.0'] %}
{% do slave_error_list.append('Wrong backend-active-check-http-version %s' % (backend_active_check_http_version,)) %}
{% endif %}
{% set backend_active_check_timeout = (slave.get('backend-active-check-timeout') or '2') | int(False) %}
{% if backend_active_check_timeout in [False] or backend_active_check_timeout <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-timeout %s' % (slave.get('backend-active-check-timeout'),)) %}
{% endif %}
{% set backend_active_check_interval = (slave.get('backend-active-check-interval') or '5') | int(False) %}
{% if backend_active_check_interval in [False] or backend_active_check_interval <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-interval %s' % (slave.get('backend-active-check-interval'),)) %}
{% endif %}
{% set backend_active_check_rise = (slave.get('backend-active-check-rise') or '1') | int(False) %}
{% if backend_active_check_rise in [False] or backend_active_check_rise <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-rise %s' % (slave.get('backend-active-check-rise'),)) %}
{% endif %}
{% set backend_active_check_fall = (slave.get('backend-active-check-fall') or '1') | int(False) %}
{% if backend_active_check_fall in [False] or backend_active_check_fall <= 0 %}
{% do slave_error_list.append('Wrong backend-active-check-fall %s' % (slave.get('backend-active-check-fall'),)) %}
{% endif %}
{% endif %}
{# Check ciphers #} {# Check ciphers #}
{% set slave_cipher_list = slave.get('ciphers', '').strip().split() %} {% set slave_cipher_list = slave.get('ciphers', '').strip().split() %}
{% if slave_cipher_list %} {% if slave_cipher_list %}
...@@ -217,11 +246,11 @@ context = ...@@ -217,11 +246,11 @@ context =
{% endfor %} {% endfor %}
{% do authorized_slave_list.append(authorized_slave) %} {% do authorized_slave_list.append(authorized_slave) %}
{% else %} {% else %}
{% do rejected_slave_dict.__setitem__(slave.get('slave_reference'), slave_error_list) %} {% do rejected_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_error_list)) %}
{% do rejected_slave_title_dict.__setitem__(slave.get('slave_title'), slave_error_list) %} {% do rejected_slave_title_dict.__setitem__(slave.get('slave_title'), sorted(slave_error_list)) %}
{% endif %} {% endif %}
{% if len(slave_warning_list) > 0 %} {% if len(slave_warning_list) > 0 %}
{% do warning_slave_dict.__setitem__(slave.get('slave_reference'), slave_warning_list) %} {% do warning_slave_dict.__setitem__(slave.get('slave_reference'), sorted(slave_warning_list)) %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% do authorized_slave_list.sort() %} {% do authorized_slave_list.sort() %}
...@@ -335,6 +364,19 @@ kedifa-csr_id-certificate = ${request-kedifa:connection-csr_id-certificate} ...@@ -335,6 +364,19 @@ kedifa-csr_id-certificate = ${request-kedifa:connection-csr_id-certificate}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
# Generate promises for requested nodes
{% for frontend in frontend_list %}
{% set part_name = 'promise-backend-haproxy-statistic-url-' + frontend %}
{% do part_list.append(part_name) %}
{% set section_part = '${request-' + frontend %}
[{{ part_name }}]
<= monitor-promise-base
module = check_url_available
name = check-backend-haproxy-statistic-url-{{ frontend }}.py
config-url =
{{ section_part }}:connection-backend-haproxy-statistic-url}
{% endfor %}
#---------------------------- #----------------------------
#-- #--
#-- Publish slave information #-- Publish slave information
...@@ -379,16 +421,10 @@ sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }} ...@@ -379,16 +421,10 @@ sla-{{ key[sla_kedifa_key_length:] }} = {{ slapparameter_dict.pop(key) }}
{% endfor %} {% endfor %}
[rejected-slave-information] [rejected-slave-information]
{% for slave_id, rejected_list in rejected_slave_dict.iteritems() %} rejected-slave-dict = {{ dumps(rejected_slave_dict) }}
{# sort_keys are important in order to avoid shuffling parameters on each run #}
{{ slave_id }} = {{ dumps(json_module.dumps(rejected_list, sort_keys=True)) }}
{% endfor %}
[warning-slave-information] [warning-slave-information]
{% for slave_id, warning_list in warning_slave_dict.iteritems() %} warning-slave-dict = {{ dumps(warning_slave_dict) }}
{# sort_keys are important in order to avoid shuffling parameters on each run #}
{{ slave_id }} = {{ dumps(json_module.dumps(warning_list, sort_keys=True)) }}
{% endfor %}
[slave-information] [slave-information]
{% for frontend_section in frontend_section_list %} {% for frontend_section in frontend_section_list %}
......
...@@ -223,6 +223,68 @@ ...@@ -223,6 +223,68 @@
], ],
"title": "Authenticate to backend", "title": "Authenticate to backend",
"type": "string" "type": "string"
},
"backend-active-check": {
"title": "Backend Active Check",
"description": "Enables active checks of the backend. For HTTP level checks the HTTP code shall be 2xx or 3xx, otherwise backend will be considered down.",
"enum": [
"false",
"true"
],
"default": "false",
"type": "string"
},
"backend-active-check-http-method": {
"title": "Backend Active Check HTTP Metod",
"description": "Selects method to do the active check. CONNECT means that connection will be enough for the check, otherwise it's HTTP method.",
"enum": [
"GET",
"OPTIONS",
"POST",
"CONNECT"
],
"default": "GET",
"type": "string"
},
"backend-active-check-http-path": {
"title": "Backend Active Check HTTP Path",
"description": "A path on which do the active check, unused in case of CONNECT.",
"default": "/",
"type": "string"
},
"backend-active-check-http-version": {
"title": "Backend Active Check HTTP Version",
"description": "A HTTP version to use to check the backend, unused in case of CONNECT.",
"enum": [
"HTTP/1.1",
"HTTP/1.0"
],
"default": "HTTP/1.1",
"type": "string"
},
"backend-active-check-timeout": {
"title": "Backend Active Check Timeout (seconds)",
"description": "A timeout to for the request to be fulfilled, after connection happen.",
"default": "2",
"type": "integer"
},
"backend-active-check-interval": {
"title": "Backend Active Check Interval (seconds)",
"description": "An interval of backend active check.",
"default": "5",
"type": "integer"
},
"backend-active-check-rise": {
"title": "Backend Active Check Rise",
"description": "Amount of correct responses from the backend to consider it up.",
"default": "1",
"type": "integer"
},
"backend-active-check-fall": {
"title": "Backend Active Check Fall",
"description": "Amount of bad responses from the backend to consider it down.",
"default": "1",
"type": "integer"
} }
}, },
"title": "Input Parameters", "title": "Input Parameters",
......
...@@ -107,7 +107,6 @@ template_configuration_state_script = ${template-configuration-state-script:targ ...@@ -107,7 +107,6 @@ template_configuration_state_script = ${template-configuration-state-script:targ
template_default_slave_virtualhost = ${template-default-slave-virtualhost:target} template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
template_empty = ${template-empty:target} template_empty = ${template-empty:target}
template_graceful_script = ${template-graceful-script:target} template_graceful_script = ${template-graceful-script:target}
template_log_access = ${template-log-access:target}
template_not_found_html = ${template-not-found-html:target} template_not_found_html = ${template-not-found-html:target}
template_rotate_script = ${template-rotate-script:target} template_rotate_script = ${template-rotate-script:target}
template_slave_introspection_httpd_nginx = ${template-slave-introspection-httpd-nginx:target} template_slave_introspection_httpd_nginx = ${template-slave-introspection-httpd-nginx:target}
...@@ -187,9 +186,6 @@ mode = 640 ...@@ -187,9 +186,6 @@ mode = 640
[template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
<=download-template <=download-template
[template-log-access]
<=download-template
[template-empty] [template-empty]
<=download-template <=download-template
......
# Main caddy configuration file # Main caddy configuration file
import {{frontend_configuration.get('log-access-configuration')}}
import {{ slave_configuration_directory }}/*.conf import {{ slave_configuration_directory }}/*.conf
:{{ https_port }} { :{{ https_port }} {
......
...@@ -113,6 +113,33 @@ context = ...@@ -113,6 +113,33 @@ context =
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{%- do slave_instance.__setitem__('authenticate-to-backend', ('' ~ slave_instance.get('authenticate-to-backend', '')).lower() in TRUE_VALUES) %} {%- do slave_instance.__setitem__('authenticate-to-backend', ('' ~ slave_instance.get('authenticate-to-backend', '')).lower() in TRUE_VALUES) %}
{#- Setup active check #}
{%- do slave_instance.__setitem__('backend-active-check', ('' ~ slave_instance.get('backend-active-check', '')).lower() in TRUE_VALUES) %}
{%- if slave_instance['backend-active-check'] %}
{%- if 'backend-active-check-http-method' not in slave_instance %}
{%- do slave_instance.__setitem__('backend-active-check-http-method', 'GET') %}
{%- endif %}
{%- if 'backend-active-check-http-version' not in slave_instance %}
{%- do slave_instance.__setitem__('backend-active-check-http-version', 'HTTP/1.1') %}
{%- endif %}
{%- if 'backend-active-check-interval' not in slave_instance %}
{%- do slave_instance.__setitem__('backend-active-check-interval', '5') %}
{%- endif %}
{%- if 'backend-active-check-rise' not in slave_instance %}
{%- do slave_instance.__setitem__('backend-active-check-rise', '1') %}
{%- endif %}
{%- if 'backend-active-check-fall' not in slave_instance %}
{%- do slave_instance.__setitem__('backend-active-check-fall', '2') %}
{%- endif %}
{%- if 'backend-active-check-timeout' not in slave_instance %}
{%- do slave_instance.__setitem__('backend-active-check-timeout', '2') %}
{%- endif %}
{%- do slave_instance.__setitem__('backend-active-check-http-path', slave_instance.get('backend-active-check-http-path') or '/') %}
{%- else %}
{%- do slave_instance.__setitem__('backend-active-check-http-method', '') %}
{%- do slave_instance.__setitem__('backend-active-check-http-version', '') %}
{%- do slave_instance.__setitem__('backend-active-check-http-path', '') %}
{%- endif %} {# if backend_active_check #}
{#- Set Up log files #} {#- Set Up log files #}
{%- do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %} {%- do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}
{%- do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %} {%- do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %}
...@@ -307,7 +334,6 @@ recipe = slapos.cookbook:publish ...@@ -307,7 +334,6 @@ recipe = slapos.cookbook:publish
{%- endif %} {%- endif %}
{%- endfor %} {# Slave iteration ends for slave_instance in slave_instance_list #} {%- endfor %} {# Slave iteration ends for slave_instance in slave_instance_list #}
{%- do part_list.append('caddy-log-access') %}
{%- do part_list.append('slave-introspection') %} {%- do part_list.append('slave-introspection') %}
{#- ############################################## #} {#- ############################################## #}
{#- ## Prepare virtualhost for slaves using cache #} {#- ## Prepare virtualhost for slaves using cache #}
...@@ -330,29 +356,6 @@ ipv6-port = {{ configuration['plain_http_port'] }} ...@@ -330,29 +356,6 @@ ipv6-port = {{ configuration['plain_http_port'] }}
ipv4-port = {{ configuration['port'] }} ipv4-port = {{ configuration['port'] }}
ipv6-port = {{ configuration['port'] }} ipv6-port = {{ configuration['port'] }}
{#- Define log access #}
[caddy-log-access-parameters]
caddy_log_directory = {{ dumps(caddy_log_directory) }}
caddy_configuration_directory = {{ dumps(caddy_configuration_directory) }}
local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
global_ipv6 = {{ dumps(global_ipv6) }}
https_port = {{ dumps(configuration['port']) }}
http_port = {{ dumps(configuration['plain_http_port']) }}
ip_access_certificate = {{ frontend_configuration.get('ip-access-certificate') }}
access_log = {{ dumps(caddy_configuration['access-log']) }}
error_log = {{ dumps(caddy_configuration['error-log']) }}
not_found_file = {{ dumps(caddy_configuration['not-found-file']) }}
[caddy-log-access]
< = jinja2-template-base
template = {{ software_parameter_dict['template_log_access'] }}
rendered = {{frontend_configuration.get('log-access-configuration')}}
extra-context =
section slave_log_directory slave-log-directory-dict
section slave_password slave-password
section parameter_dict caddy-log-access-parameters
[slave-introspection-parameters] [slave-introspection-parameters]
local-ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }} local-ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
global-ipv6 = {{ dumps(global_ipv6) }} global-ipv6 = {{ dumps(global_ipv6) }}
...@@ -434,13 +437,6 @@ template = inline: ...@@ -434,13 +437,6 @@ template = inline:
rendered = ${:file} rendered = ${:file}
[caddy-log-access-empty]
# Caddy refuse to start if an `import`ed file is empty, so we prepend a header
# so that the file is never empty.
< = jinja2-template-base
template = inline: # This file contain directives to serve directories with log files for shared instances, but no shared instances are defined yet.
rendered = {{frontend_configuration.get('log-access-configuration')}}
##<Backend haproxy> ##<Backend haproxy>
[backend-haproxy-configuration] [backend-haproxy-configuration]
< = jinja2-template-base < = jinja2-template-base
...@@ -494,9 +490,6 @@ parts += ...@@ -494,9 +490,6 @@ parts +=
{%- for part in part_list %} {%- for part in part_list %}
{{ ' %s' % part }} {{ ' %s' % part }}
{%- endfor %} {%- endfor %}
{%- if 'caddy-log-access' not in part_list %}
caddy-log-access-empty
{%- endif %}
publish-caddy-information publish-caddy-information
tunnel-6to4-base-http_port tunnel-6to4-base-http_port
tunnel-6to4-base-https_port tunnel-6to4-base-https_port
...@@ -524,8 +517,8 @@ command = ...@@ -524,8 +517,8 @@ command =
[certificate-csr_id] [certificate-csr_id]
recipe = plone.recipe.command recipe = plone.recipe.command
certificate = {{ directory['caddy-csr_id'] }}/certificate.pem certificate = {{ directory['certificate-csr_id'] }}/certificate.pem
key = {{ directory['caddy-csr_id'] }}/key.pem key = {{ directory['certificate-csr_id'] }}/key.pem
{#- Can be stopped on error, as does not rely on self provided service #} {#- Can be stopped on error, as does not rely on self provided service #}
stop-on-error = True stop-on-error = True
...@@ -542,18 +535,44 @@ ip = ${slap-network-information:global-ipv6} ...@@ -542,18 +535,44 @@ ip = ${slap-network-information:global-ipv6}
port = 17001 port = 17001
key = ${certificate-csr_id:key} key = ${certificate-csr_id:key}
certificate = ${certificate-csr_id:certificate} certificate = ${certificate-csr_id:certificate}
error-log = {{ directory['caddy-csr_id-log'] }}/expose-csr_id.log error-log = {{ directory['log'] }}/expose-csr_id.log
[expose-csr_id-template] [expose-csr_id-template]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
var = {{ directory['expose-csr_id-var'] }}
pid = {{ directory['var'] }}/nginx-expose-csr_id.pid
rendered = {{ directory['etc'] }}/nginx-expose-csr_id.conf
template = inline: template = inline:
https://:${expose-csr_id-configuration:port}/ { daemon off;
bind ${expose-csr_id-configuration:ip} pid ${:pid};
tls ${expose-csr_id-configuration:certificate} ${expose-csr_id-configuration:key} error_log ${expose-csr_id-configuration:error-log};
log ${expose-csr_id-configuration:error-log} events {
}
http {
include {{ software_parameter_dict['nginx_mime'] }};
server {
server_name_in_redirect off;
port_in_redirect off;
error_log ${expose-csr_id-configuration:error-log};
access_log /dev/null;
listen [${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port} ssl;
ssl_certificate ${expose-csr_id-configuration:certificate};
ssl_certificate_key ${expose-csr_id-configuration:key};
default_type application/octet-stream;
client_body_temp_path ${:var} 1 2;
proxy_temp_path ${:var} 1 2;
fastcgi_temp_path ${:var} 1 2;
uwsgi_temp_path ${:var} 1 2;
scgi_temp_path ${:var} 1 2;
location / {
alias {{ directory['csr_id'] }}/;
autoindex off;
sendfile on;
sendfile_max_chunk 1m;
}
}
} }
rendered = {{ directory['caddy-csr_id'] }}/Caddyfile
[promise-expose-csr_id-ip-port] [promise-expose-csr_id-ip-port]
<= monitor-promise-base <= monitor-promise-base
...@@ -567,13 +586,8 @@ depends = ...@@ -567,13 +586,8 @@ depends =
${store-csr_id:command} ${store-csr_id:command}
${store-backend-haproxy-csr_id:command} ${store-backend-haproxy-csr_id:command}
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ software_parameter_dict['caddy'] }} command-line = {{ software_parameter_dict['nginx'] }}
-conf ${expose-csr_id-template:rendered} -c ${expose-csr_id-template:rendered}
-log ${expose-csr_id-configuration:error-log}
-http2=true
-disable-http-challenge
-disable-tls-alpn-challenge
-root {{ directory['csr_id'] }}
wrapper-path = {{ directory['service'] }}/expose-csr_id wrapper-path = {{ directory['service'] }}/expose-csr_id
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
......
...@@ -49,6 +49,8 @@ frontend statistic ...@@ -49,6 +49,8 @@ frontend statistic
stats show-desc {{ configuration['statistic-identification'] }} stats show-desc {{ configuration['statistic-identification'] }}
stats auth {{ configuration['statistic-username'] }}:{{ configuration['statistic-password'] }} stats auth {{ configuration['statistic-username'] }}:{{ configuration['statistic-password'] }}
stats realm {{ configuration['statistic-identification'] }} stats realm {{ configuration['statistic-identification'] }}
stats scope http-backend
stats scope https-backend
frontend http-backend frontend http-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }} bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
...@@ -100,7 +102,22 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }} ...@@ -100,7 +102,22 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
timeout server {{ slave_instance['request-timeout'] }}s timeout server {{ slave_instance['request-timeout'] }}s
timeout connect {{ slave_instance['backend-connect-timeout'] }}s timeout connect {{ slave_instance['backend-connect-timeout'] }}s
retries {{ slave_instance['backend-connect-retries'] }} retries {{ slave_instance['backend-connect-retries'] }}
server {{ slave_instance['slave_reference'] }}-backend {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }} {%- set active_check_list = [] %}
{%- set active_check_option_list = [] %}
{%- if slave_instance['backend-active-check'] %}
{%- do active_check_list.append('check') %}
{%- do active_check_list.append('inter %ss' % (slave_instance['backend-active-check-interval'])) %}
{%- do active_check_list.append('rise %s' % (slave_instance['backend-active-check-rise'])) %}
{%- do active_check_list.append('fall %s' % (slave_instance['backend-active-check-fall'])) %}
{%- if slave_instance['backend-active-check-http-method'] != 'CONNECT' %}
{%- do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['backend-active-check-http-method'], slave_instance['backend-active-check-http-path'] | urlencode, slave_instance['backend-active-check-http-version'])) %}
{%- endif %}
{%- do active_check_option_list.append('timeout check %ss' % (slave_instance['backend-active-check-timeout'])) %}
{%- endif %}
server {{ slave_instance['slave_reference'] }}-backend {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }} {{ ' ' + ' '.join(active_check_list)}}
{%- for active_check_option in active_check_option_list %}
{{ active_check_option }}
{%- endfor %}
{%- if path %} {%- if path %}
http-request set-path {{ path }}%[path] http-request set-path {{ path }}%[path]
{%- endif %} {%- endif %}
......
...@@ -27,22 +27,22 @@ ...@@ -27,22 +27,22 @@
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
{% for slave_reference, rejected_info_list in rejected_slave_information.iteritems() %} {% for slave_reference, rejected_info_list in rejected_slave_information['rejected-slave-dict'].iteritems() %}
{% if slave_reference not in slave_information_dict %} {% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %} {% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %} {% endif %}
{% do slave_information_dict[slave_reference].__setitem__('request-error-list', rejected_info_list) %} {% do slave_information_dict[slave_reference].__setitem__('request-error-list', json_module.dumps(rejected_info_list)) %}
{% endfor %} {% endfor %}
{% for slave_reference, warning_info_list in warning_slave_information.iteritems() %} {% for slave_reference, warning_info_list in warning_slave_information['warning-slave-dict'].iteritems() %}
{% if slave_reference not in slave_information_dict %} {% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %} {% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %} {% endif %}
{% do slave_information_dict[slave_reference].__setitem__('warning-list', warning_info_list) %} {% do slave_information_dict[slave_reference].__setitem__('warning-list', json_module.dumps(warning_info_list)) %}
{% endfor %} {% endfor %}
{% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).iteritems() %} {% for slave_reference, kedifa_dict in json_module.loads(slave_kedifa_information).iteritems() %}
{% if slave_reference not in rejected_slave_information %} {% if slave_reference not in rejected_slave_information['rejected-slave-dict'] %}
{% if slave_reference not in slave_information_dict %} {% if slave_reference not in slave_information_dict %}
{% do slave_information_dict.__setitem__(slave_reference, {}) %} {% do slave_information_dict.__setitem__(slave_reference, {}) %}
{% endif %} {% endif %}
......
# Access log configuration
{% for slave, directory in slave_log_directory.iteritems() %}
https://[{{ parameter_dict['global_ipv6'] }}]:{{ parameter_dict['https_port'] }}/{{ slave }}, https://{{ parameter_dict['local_ipv4'] }}:{{ parameter_dict['https_port'] }}/{{ slave }} {
bind {{ parameter_dict['local_ipv4'] }}
root {{ directory }}/
browse
tls {{ parameter_dict['ip_access_certificate'] }} {{ parameter_dict['ip_access_certificate'] }}
basicauth "{{ slave }}" {{ slave_password[slave] | trim }} {
"Log Access {{ slave }}"
/
}
log / {{ parameter_dict['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 0
}
errors {{ parameter_dict['error_log'] }} {
rotate_size 0
* {{ parameter_dict['not_found_file'] }}
}
}
{% endfor %}
...@@ -48,6 +48,7 @@ from slapos.recipe.librecipe import generateHashFromFiles ...@@ -48,6 +48,7 @@ from slapos.recipe.librecipe import generateHashFromFiles
import xml.etree.ElementTree as ET import xml.etree.ElementTree as ET
import urlparse import urlparse
import socket import socket
import sys
try: try:
...@@ -430,6 +431,9 @@ def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT, ...@@ -430,6 +431,9 @@ def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT,
class TestHandler(BaseHTTPRequestHandler): class TestHandler(BaseHTTPRequestHandler):
identification = None identification = None
def do_POST(self):
return self.do_GET()
def do_GET(self): def do_GET(self):
timeout = int(self.headers.dict.get('timeout', '0')) timeout = int(self.headers.dict.get('timeout', '0'))
compress = int(self.headers.dict.get('compress', '0')) compress = int(self.headers.dict.get('compress', '0'))
...@@ -487,12 +491,6 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase): ...@@ -487,12 +491,6 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
# minimise partition path # minimise partition path
__partition_reference__ = 'T-' __partition_reference__ = 'T-'
@classmethod
def getInstanceSoftwareType(cls):
# Because of unknown problem yet, the root instance software type changes
# from RootSoftwareInstance to '', so always request it with given type
return "RootSoftwareInstance"
@classmethod @classmethod
def prepareCertificate(cls): def prepareCertificate(cls):
cls.another_server_ca = CertificateAuthority("Another Server Root CA") cls.another_server_ca = CertificateAuthority("Another Server Root CA")
...@@ -920,18 +918,32 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -920,18 +918,32 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
return default_instance return default_instance
@classmethod @classmethod
def requestSlaves(cls): def requestSlaveInstance(cls, partition_reference, partition_parameter_kw):
software_url = cls.getSoftwareURL() software_url = cls.getSoftwareURL()
software_type = cls.getInstanceSoftwareType()
cls.logger.debug(
'requesting slave "%s" type: %r software:%s parameters:%s',
partition_reference, software_type, software_url, partition_parameter_kw)
return cls.slap.request(
software_release=software_url,
software_type=software_type,
partition_reference=partition_reference,
partition_parameter_kw=partition_parameter_kw,
shared=True
)
@classmethod
def requestSlaves(cls):
for slave_reference, partition_parameter_kw in cls\ for slave_reference, partition_parameter_kw in cls\
.getSlaveParameterDictDict().items(): .getSlaveParameterDictDict().items():
software_url = cls.getSoftwareURL()
software_type = cls.getInstanceSoftwareType()
cls.logger.debug( cls.logger.debug(
'requesting slave "%s" software:%s parameters:%s', 'requesting slave "%s" type: %r software:%s parameters:%s',
slave_reference, software_url, partition_parameter_kw) slave_reference, software_type, software_url, partition_parameter_kw)
cls.slap.request( cls.requestSlaveInstance(
software_release=software_url,
partition_reference=slave_reference, partition_reference=slave_reference,
partition_parameter_kw=partition_parameter_kw, partition_parameter_kw=partition_parameter_kw,
shared=True
) )
@classmethod @classmethod
...@@ -971,11 +983,9 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -971,11 +983,9 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
for slave_reference, partition_parameter_kw in cls\ for slave_reference, partition_parameter_kw in cls\
.getSlaveParameterDictDict().items(): .getSlaveParameterDictDict().items():
parameter_dict_list.append(cls.slap.request( parameter_dict_list.append(cls.requestSlaveInstance(
software_release=cls.getSoftwareURL(),
partition_reference=slave_reference, partition_reference=slave_reference,
partition_parameter_kw=partition_parameter_kw, partition_parameter_kw=partition_parameter_kw,
shared=True
).getConnectionParameterDict()) ).getConnectionParameterDict())
return parameter_dict_list return parameter_dict_list
...@@ -1009,14 +1019,11 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -1009,14 +1019,11 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
def updateSlaveConnectionParameterDictDict(cls): def updateSlaveConnectionParameterDictDict(cls):
cls.slave_connection_parameter_dict_dict = {} cls.slave_connection_parameter_dict_dict = {}
# run partition for slaves to be setup # run partition for slaves to be setup
request = cls.slap.request
for slave_reference, partition_parameter_kw in cls\ for slave_reference, partition_parameter_kw in cls\
.getSlaveParameterDictDict().items(): .getSlaveParameterDictDict().items():
slave_instance = request( slave_instance = cls.requestSlaveInstance(
software_release=cls.getSoftwareURL(),
partition_reference=slave_reference, partition_reference=slave_reference,
partition_parameter_kw=partition_parameter_kw, partition_parameter_kw=partition_parameter_kw,
shared=True
) )
cls.slave_connection_parameter_dict_dict[slave_reference] = \ cls.slave_connection_parameter_dict_dict[slave_reference] = \
slave_instance.getConnectionParameterDict() slave_instance.getConnectionParameterDict()
...@@ -1717,7 +1724,26 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1717,7 +1724,26 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertNotIn('Sending telemetry', fh.read(), 'Telemetry enabled') self.assertNotIn('Sending telemetry', fh.read(), 'Telemetry enabled')
def test_url(self): def test_url(self):
parameter_dict = self.assertSlaveBase('Url') reference = 'Url'
parameter_dict = self.parseSlaveParameterDict(reference)
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, '')
hostname = reference.translate(None, '_-').lower()
self.assertEqual(
{
'domain': '%s.example.com' % (hostname,),
'replication_number': '1',
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
"slave url ' %s ' has been converted to '%s'" % (
self.backend_url, self.backend_url)],
},
parameter_dict
)
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'], parameter_dict['public-ipv4'],
...@@ -2022,7 +2048,27 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2022,7 +2048,27 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
) )
def test_compressed_result(self): def test_compressed_result(self):
parameter_dict = self.assertSlaveBase('Url') reference = 'Url'
parameter_dict = self.parseSlaveParameterDict(reference)
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, '')
hostname = reference.translate(None, '_-').lower()
self.assertEqual(
{
'domain': '%s.example.com' % (hostname,),
'replication_number': '1',
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
"slave url ' %s ' has been converted to '%s'" % (
self.backend_url, self.backend_url)],
},
parameter_dict
)
result_compressed = fakeHTTPSResult( result_compressed = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
...@@ -2055,7 +2101,26 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2055,7 +2101,26 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertFalse('Content-Encoding' in result_not_compressed.headers) self.assertFalse('Content-Encoding' in result_not_compressed.headers)
def test_no_content_type_alter(self): def test_no_content_type_alter(self):
parameter_dict = self.assertSlaveBase('Url') reference = 'Url'
parameter_dict = self.parseSlaveParameterDict(reference)
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, '')
hostname = reference.translate(None, '_-').lower()
self.assertEqual(
{
'domain': '%s.example.com' % (hostname,),
'replication_number': '1',
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [
"slave url ' %s ' has been converted to '%s'" % (
self.backend_url, self.backend_url)],
},
parameter_dict
)
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper', 'test-path/deep/.././deeper',
...@@ -5279,46 +5344,46 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5279,46 +5344,46 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
], ],
'warning-slave-dict': { 'warning-slave-dict': {
u'_custom_domain_ssl_crt_ssl_key': [ u'_custom_domain_ssl_crt_ssl_key': [
u'ssl_key is obsolete, please use key-upload-url', u'ssl_crt is obsolete, please use key-upload-url',
u'ssl_crt is obsolete, please use key-upload-url' u'ssl_key is obsolete, please use key-upload-url'
], ],
u'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt': [ u'_custom_domain_ssl_crt_ssl_key_ssl_ca_crt': [
u'ssl_key is obsolete, please use key-upload-url', u'ssl_ca_crt is obsolete, please use key-upload-url',
u'ssl_crt is obsolete, please use key-upload-url', u'ssl_crt is obsolete, please use key-upload-url',
u'ssl_ca_crt is obsolete, please use key-upload-url' u'ssl_key is obsolete, please use key-upload-url'
], ],
u'_ssl_ca_crt_does_not_match': [ u'_ssl_ca_crt_does_not_match': [
u'ssl_key is obsolete, please use key-upload-url',
u'ssl_crt is obsolete, please use key-upload-url',
u'ssl_ca_crt is obsolete, please use key-upload-url', u'ssl_ca_crt is obsolete, please use key-upload-url',
u'ssl_crt is obsolete, please use key-upload-url',
u'ssl_key is obsolete, please use key-upload-url',
], ],
u'_ssl_ca_crt_garbage': [ u'_ssl_ca_crt_garbage': [
u'ssl_key is obsolete, please use key-upload-url',
u'ssl_crt is obsolete, please use key-upload-url',
u'ssl_ca_crt is obsolete, please use key-upload-url', u'ssl_ca_crt is obsolete, please use key-upload-url',
u'ssl_crt is obsolete, please use key-upload-url',
u'ssl_key is obsolete, please use key-upload-url',
], ],
# u'_ssl_ca_crt_only': [ # u'_ssl_ca_crt_only': [
# u'ssl_ca_crt is obsolete, please use key-upload-url', # u'ssl_ca_crt is obsolete, please use key-upload-url',
# ], # ],
u'_ssl_from_slave': [ u'_ssl_from_slave': [
u'ssl_key is obsolete, please use key-upload-url',
u'ssl_crt is obsolete, please use key-upload-url', u'ssl_crt is obsolete, please use key-upload-url',
u'ssl_key is obsolete, please use key-upload-url',
], ],
u'_ssl_from_slave_kedifa_overrides': [ u'_ssl_from_slave_kedifa_overrides': [
u'ssl_key is obsolete, please use key-upload-url',
u'ssl_crt is obsolete, please use key-upload-url', u'ssl_crt is obsolete, please use key-upload-url',
u'ssl_key is obsolete, please use key-upload-url',
], ],
# u'_ssl_key-ssl_crt-unsafe': [ # u'_ssl_key-ssl_crt-unsafe': [
# u'ssl_key is obsolete, please use key-upload-url', # u'ssl_key is obsolete, please use key-upload-url',
# u'ssl_crt is obsolete, please use key-upload-url', # u'ssl_crt is obsolete, please use key-upload-url',
# ], # ],
u'_type-notebook-ssl_from_slave': [ u'_type-notebook-ssl_from_slave': [
u'ssl_key is obsolete, please use key-upload-url',
u'ssl_crt is obsolete, please use key-upload-url', u'ssl_crt is obsolete, please use key-upload-url',
u'ssl_key is obsolete, please use key-upload-url',
], ],
u'_type-notebook-ssl_from_slave_kedifa_overrides': [ u'_type-notebook-ssl_from_slave_kedifa_overrides': [
u'ssl_key is obsolete, please use key-upload-url',
u'ssl_crt is obsolete, please use key-upload-url', u'ssl_crt is obsolete, please use key-upload-url',
u'ssl_key is obsolete, please use key-upload-url',
], ],
} }
} }
...@@ -5427,8 +5492,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5427,8 +5492,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'public-ipv4': self._ipv4_address, 'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_key is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
] ]
}, },
parameter_dict parameter_dict
...@@ -5460,8 +5525,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5460,8 +5525,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'public-ipv4': self._ipv4_address, 'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_key is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
] ]
}, },
parameter_dict parameter_dict
...@@ -5607,8 +5672,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5607,8 +5672,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'public-ipv4': self._ipv4_address, 'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_key is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
] ]
}, },
parameter_dict parameter_dict
...@@ -5640,8 +5705,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5640,8 +5705,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'public-ipv4': self._ipv4_address, 'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_key is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
'ssl_key is obsolete, please use key-upload-url',
] ]
}, },
parameter_dict parameter_dict
...@@ -5734,9 +5799,9 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5734,9 +5799,9 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'public-ipv4': self._ipv4_address, 'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_key is obsolete, please use key-upload-url', 'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
'ssl_ca_crt is obsolete, please use key-upload-url' 'ssl_key is obsolete, please use key-upload-url'
] ]
}, },
parameter_dict parameter_dict
...@@ -5779,11 +5844,9 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5779,11 +5844,9 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
ssl_ca_crt=ca.certificate_pem, ssl_ca_crt=ca.certificate_pem,
) )
self.slap.request( self.requestSlaveInstance(
software_release=self.getSoftwareURL(),
partition_reference='custom_domain_ssl_crt_ssl_key_ssl_ca_crt', partition_reference='custom_domain_ssl_crt_ssl_key_ssl_ca_crt',
partition_parameter_kw=slave_parameter_dict, partition_parameter_kw=slave_parameter_dict,
shared=True
) )
self.slap.waitForInstance() self.slap.waitForInstance()
...@@ -5825,9 +5888,9 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5825,9 +5888,9 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'public-ipv4': self._ipv4_address, 'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_key is obsolete, please use key-upload-url', 'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
'ssl_ca_crt is obsolete, please use key-upload-url'] 'ssl_key is obsolete, please use key-upload-url']
}, },
parameter_dict parameter_dict
) )
...@@ -5857,9 +5920,9 @@ class TestSlaveSlapOSMasterCertificateCompatibility( ...@@ -5857,9 +5920,9 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
'public-ipv4': self._ipv4_address, 'public-ipv4': self._ipv4_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'warning-list': [ 'warning-list': [
'ssl_key is obsolete, please use key-upload-url', 'ssl_ca_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
'ssl_ca_crt is obsolete, please use key-upload-url' 'ssl_key is obsolete, please use key-upload-url'
] ]
}, },
parameter_dict parameter_dict
...@@ -6152,85 +6215,125 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6152,85 +6215,125 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
@classmethod @classmethod
def fillSlaveParameterDictDict(cls): def fillSlaveParameterDictDict(cls):
cls.slave_parameter_dict_dict = { cls.slave_parameter_dict_dict = {
'url': { 'URL': {
'url': "https://[fd46::c2ae]:!py!u'123123'", 'url': "https://[fd46::c2ae]:!py!u'123123'",
}, },
'https-url': { 'HTTPS-URL': {
'https-url': "https://[fd46::c2ae]:!py!u'123123'", 'https-url': "https://[fd46::c2ae]:!py!u'123123'",
}, },
'ssl-proxy-verify_ssl_proxy_ca_crt_damaged': { 'SSL-PROXY-VERIFY_SSL_PROXY_CA_CRT_DAMAGED': {
'url': cls.backend_https_url, 'url': cls.backend_https_url,
'ssl-proxy-verify': True, 'ssl-proxy-verify': True,
'ssl_proxy_ca_crt': 'damaged', 'ssl_proxy_ca_crt': 'damaged',
}, },
'ssl-proxy-verify_ssl_proxy_ca_crt_empty': { 'SSL-PROXY-VERIFY_SSL_PROXY_CA_CRT_EMPTY': {
'url': cls.backend_https_url, 'url': cls.backend_https_url,
'ssl-proxy-verify': True, 'ssl-proxy-verify': True,
'ssl_proxy_ca_crt': '', 'ssl_proxy_ca_crt': '',
}, },
'bad-backend': { 'BAD-BACKEND': {
'url': 'http://1:2:3:4', 'url': 'http://1:2:3:4',
'https-url': 'http://host.domain:badport', 'https-url': 'http://host.domain:badport',
}, },
'empty-backend': { 'EMPTY-BACKEND': {
'url': '', 'url': '',
'https-url': '', 'https-url': '',
}, },
'custom_domain-unsafe': { 'CUSTOM_DOMAIN-UNSAFE': {
'custom_domain': '${section:option} afterspace\nafternewline', 'custom_domain': '${section:option} afterspace\nafternewline',
}, },
'server-alias-unsafe': { 'SERVER-ALIAS-UNSAFE': {
'server-alias': '${section:option} afterspace', 'server-alias': '${section:option} afterspace',
}, },
'server-alias-same': { 'SERVER-ALIAS-SAME': {
'url': cls.backend_url, 'url': cls.backend_url,
'server-alias': 'serveraliassame.example.com', 'server-alias': 'serveraliassame.example.com',
}, },
'virtualhostroot-http-port-unsafe': { 'VIRTUALHOSTROOT-HTTP-PORT-UNSAFE': {
'type': 'zope', 'type': 'zope',
'url': cls.backend_url, 'url': cls.backend_url,
'virtualhostroot-http-port': '${section:option}', 'virtualhostroot-http-port': '${section:option}',
}, },
'virtualhostroot-https-port-unsafe': { 'VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE': {
'type': 'zope', 'type': 'zope',
'url': cls.backend_url, 'url': cls.backend_url,
'virtualhostroot-https-port': '${section:option}', 'virtualhostroot-https-port': '${section:option}',
}, },
'default-path-unsafe': { 'DEFAULT-PATH-UNSAFE': {
'type': 'zope', 'type': 'zope',
'url': cls.backend_url, 'url': cls.backend_url,
'default-path': '${section:option}\nn"\newline\n}\n}proxy\n/slashed', 'default-path': '${section:option}\nn"\newline\n}\n}proxy\n/slashed',
}, },
'monitor-ipv4-test-unsafe': { 'MONITOR-IPV4-TEST-UNSAFE': {
'monitor-ipv4-test': '${section:option}\nafternewline ipv4', 'monitor-ipv4-test': '${section:option}\nafternewline ipv4',
}, },
'monitor-ipv6-test-unsafe': { 'MONITOR-IPV6-TEST-UNSAFE': {
'monitor-ipv6-test': '${section:option}\nafternewline ipv6', 'monitor-ipv6-test': '${section:option}\nafternewline ipv6',
}, },
'bad-ciphers': { 'BAD-CIPHERS': {
'ciphers': 'bad ECDHE-ECDSA-AES256-GCM-SHA384 again', 'ciphers': 'bad ECDHE-ECDSA-AES256-GCM-SHA384 again',
}, },
'site_1': { 'SITE_1': {
'custom_domain': 'duplicate.example.com', 'custom_domain': 'duplicate.example.com',
}, },
'site_2': { 'SITE_2': {
'custom_domain': 'duplicate.example.com', 'custom_domain': 'duplicate.example.com',
}, },
'site_3': { 'SITE_3': {
'server-alias': 'duplicate.example.com', 'server-alias': 'duplicate.example.com',
}, },
'site_4': { 'SITE_4': {
'custom_domain': 'duplicate.example.com', 'custom_domain': 'duplicate.example.com',
'server-alias': 'duplicate.example.com', 'server-alias': 'duplicate.example.com',
}, },
'ssl_ca_crt_only': { 'SSL_CA_CRT_ONLY': {
'url': cls.backend_url, 'url': cls.backend_url,
'ssl_ca_crt': cls.ca.certificate_pem, 'ssl_ca_crt': cls.ca.certificate_pem,
}, },
'ssl_key-ssl_crt-unsafe': { 'SSL_KEY-SSL_CRT-UNSAFE': {
'ssl_key': '${section:option}ssl_keyunsafe\nunsafe', 'ssl_key': '${section:option}ssl_keyunsafe\nunsafe',
'ssl_crt': '${section:option}ssl_crtunsafe\nunsafe', 'ssl_crt': '${section:option}ssl_crtunsafe\nunsafe',
}, },
'backend-active-check-http-method': {
'backend-active-check': True,
'backend-active-check-http-method': 'WRONG',
},
'backend-active-check-http-version': {
'backend-active-check': True,
'backend-active-check-http-version': 'WRONG/1.1',
},
'backend-active-check-timeout': {
'backend-active-check': True,
'backend-active-check-timeout': 'WRONG',
},
'backend-active-check-timeout-negative': {
'backend-active-check': True,
'backend-active-check-timeout': '-2',
},
'backend-active-check-interval': {
'backend-active-check': True,
'backend-active-check-interval': 'WRONG',
},
'backend-active-check-interval-negative': {
'backend-active-check': True,
'backend-active-check-interval': '-2',
},
'backend-active-check-rise': {
'backend-active-check': True,
'backend-active-check-rise': 'WRONG',
},
'backend-active-check-rise-negative': {
'backend-active-check': True,
'backend-active-check-rise': '-2',
},
'backend-active-check-fall': {
'backend-active-check': True,
'backend-active-check-fall': 'WRONG',
},
'backend-active-check-fall-negative': {
'backend-active-check': True,
'backend-active-check-fall': '-2',
}
} }
def test_master_partition_state(self): def test_master_partition_state(self):
...@@ -6245,49 +6348,69 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6245,49 +6348,69 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '7', 'accepted-slave-amount': '7',
'rejected-slave-amount': '14', 'rejected-slave-amount': '24',
'slave-amount': '21', 'slave-amount': '31',
'rejected-slave-dict': { 'rejected-slave-dict': {
'_https-url': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"' '_HTTPS-URL': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
' invalid'], ' invalid'],
'_url': [u'slave url "https://[fd46::c2ae]:!py!u\'123123\'" invalid'], '_URL': [u'slave url "https://[fd46::c2ae]:!py!u\'123123\'" invalid'],
'_ssl-proxy-verify_ssl_proxy_ca_crt_damaged': [ '_SSL-PROXY-VERIFY_SSL_PROXY_CA_CRT_DAMAGED': [
'ssl_proxy_ca_crt is invalid' 'ssl_proxy_ca_crt is invalid'
], ],
'_ssl-proxy-verify_ssl_proxy_ca_crt_empty': [ '_SSL-PROXY-VERIFY_SSL_PROXY_CA_CRT_EMPTY': [
'ssl_proxy_ca_crt is invalid' 'ssl_proxy_ca_crt is invalid'
], ],
'_bad-ciphers': [ '_BAD-CIPHERS': [
"Cipher 'bad' is not supported.", "Cipher 'again' is not supported.",
"Cipher 'again' is not supported." "Cipher 'bad' is not supported."
], ],
'_custom_domain-unsafe': [ '_CUSTOM_DOMAIN-UNSAFE': [
"custom_domain '${section:option} afterspace\\nafternewline' invalid" "custom_domain '${section:option} afterspace\\nafternewline' invalid"
], ],
'_server-alias-unsafe': [ '_SERVER-ALIAS-UNSAFE': [
"server-alias '${section:option}' not valid", "server-alias '${section:option}' not valid",
"server-alias 'afterspace' not valid" "server-alias 'afterspace' not valid"
], ],
'_site_2': ["custom_domain 'duplicate.example.com' clashes"], '_SITE_2': ["custom_domain 'duplicate.example.com' clashes"],
'_site_3': ["server-alias 'duplicate.example.com' clashes"], '_SITE_3': ["server-alias 'duplicate.example.com' clashes"],
'_site_4': ["custom_domain 'duplicate.example.com' clashes"], '_SITE_4': ["custom_domain 'duplicate.example.com' clashes"],
'_ssl_ca_crt_only': [ '_SSL_CA_CRT_ONLY': [
"ssl_ca_crt is present, so ssl_crt and ssl_key are required"], "ssl_ca_crt is present, so ssl_crt and ssl_key are required"],
'_ssl_key-ssl_crt-unsafe': [ '_SSL_KEY-SSL_CRT-UNSAFE': [
"slave ssl_key and ssl_crt does not match"], "slave ssl_key and ssl_crt does not match"],
'_bad-backend': [ '_BAD-BACKEND': [
"slave url 'http://1:2:3:4' invalid", "slave https-url 'http://host.domain:badport' invalid",
"slave https-url 'http://host.domain:badport' invalid"], "slave url 'http://1:2:3:4' invalid"],
'_empty-backend': [ '_EMPTY-BACKEND': [
"slave url '' invalid", "slave https-url '' invalid",
"slave https-url '' invalid"], "slave url '' invalid"],
'_backend-active-check-fall': [
'Wrong backend-active-check-fall WRONG'],
'_backend-active-check-fall-negative': [
'Wrong backend-active-check-fall -2'],
'_backend-active-check-http-method': [
'Wrong backend-active-check-http-method WRONG'],
'_backend-active-check-http-version': [
'Wrong backend-active-check-http-version WRONG/1.1'],
'_backend-active-check-interval': [
'Wrong backend-active-check-interval WRONG'],
'_backend-active-check-interval-negative': [
'Wrong backend-active-check-interval -2'],
'_backend-active-check-rise': [
'Wrong backend-active-check-rise WRONG'],
'_backend-active-check-rise-negative': [
'Wrong backend-active-check-rise -2'],
'_backend-active-check-timeout': [
'Wrong backend-active-check-timeout WRONG'],
'_backend-active-check-timeout-negative': [
'Wrong backend-active-check-timeout -2'],
}, },
'warning-slave-dict': { 'warning-slave-dict': {
'_ssl_ca_crt_only': [ '_SSL_CA_CRT_ONLY': [
'ssl_ca_crt is obsolete, please use key-upload-url'], 'ssl_ca_crt is obsolete, please use key-upload-url'],
'_ssl_key-ssl_crt-unsafe': [ '_SSL_KEY-SSL_CRT-UNSAFE': [
'ssl_key is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url']} 'ssl_key is obsolete, please use key-upload-url']}
} }
self.assertEqual( self.assertEqual(
...@@ -6296,7 +6419,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6296,7 +6419,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_url(self): def test_url(self):
parameter_dict = self.parseSlaveParameterDict('url') parameter_dict = self.parseSlaveParameterDict('URL')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': [ 'request-error-list': [
...@@ -6306,7 +6429,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6306,7 +6429,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_https_url(self): def test_https_url(self):
parameter_dict = self.parseSlaveParameterDict('https-url') parameter_dict = self.parseSlaveParameterDict('HTTPS-URL')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': [ 'request-error-list': [
...@@ -6317,7 +6440,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6317,7 +6440,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
def test_ssl_proxy_verify_ssl_proxy_ca_crt_damaged(self): def test_ssl_proxy_verify_ssl_proxy_ca_crt_damaged(self):
parameter_dict = self.parseSlaveParameterDict( parameter_dict = self.parseSlaveParameterDict(
'ssl-proxy-verify_ssl_proxy_ca_crt_damaged') 'SSL-PROXY-VERIFY_SSL_PROXY_CA_CRT_DAMAGED')
self.assertEqual( self.assertEqual(
{'request-error-list': ["ssl_proxy_ca_crt is invalid"]}, {'request-error-list': ["ssl_proxy_ca_crt is invalid"]},
parameter_dict parameter_dict
...@@ -6325,14 +6448,14 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6325,14 +6448,14 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
def test_ssl_proxy_verify_ssl_proxy_ca_crt_empty(self): def test_ssl_proxy_verify_ssl_proxy_ca_crt_empty(self):
parameter_dict = self.parseSlaveParameterDict( parameter_dict = self.parseSlaveParameterDict(
'ssl-proxy-verify_ssl_proxy_ca_crt_empty') 'SSL-PROXY-VERIFY_SSL_PROXY_CA_CRT_EMPTY')
self.assertEqual( self.assertEqual(
{'request-error-list': ["ssl_proxy_ca_crt is invalid"]}, {'request-error-list': ["ssl_proxy_ca_crt is invalid"]},
parameter_dict parameter_dict
) )
def test_server_alias_same(self): def test_server_alias_same(self):
parameter_dict = self.parseSlaveParameterDict('server-alias-same') parameter_dict = self.parseSlaveParameterDict('SERVER-ALIAS-SAME')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict) self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual( self.assertEqual(
...@@ -6358,7 +6481,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6358,7 +6481,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
def test_custom_domain_unsafe(self): def test_custom_domain_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('custom_domain-unsafe') parameter_dict = self.parseSlaveParameterDict('CUSTOM_DOMAIN-UNSAFE')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': [ 'request-error-list': [
...@@ -6369,7 +6492,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6369,7 +6492,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_server_alias_unsafe(self): def test_server_alias_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('server-alias-unsafe') parameter_dict = self.parseSlaveParameterDict('SERVER-ALIAS-UNSAFE')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': [ 'request-error-list': [
...@@ -6380,12 +6503,12 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6380,12 +6503,12 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_bad_ciphers(self): def test_bad_ciphers(self):
parameter_dict = self.parseSlaveParameterDict('bad-ciphers') parameter_dict = self.parseSlaveParameterDict('BAD-CIPHERS')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': [ 'request-error-list': [
"Cipher 'bad' is not supported.", "Cipher 'again' is not supported.",
"Cipher 'again' is not supported." "Cipher 'bad' is not supported."
] ]
}, },
parameter_dict parameter_dict
...@@ -6393,7 +6516,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6393,7 +6516,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
def test_virtualhostroot_http_port_unsafe(self): def test_virtualhostroot_http_port_unsafe(self):
parameter_dict = self.parseSlaveParameterDict( parameter_dict = self.parseSlaveParameterDict(
'virtualhostroot-http-port-unsafe') 'VIRTUALHOSTROOT-HTTP-PORT-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict) self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual( self.assertEqual(
...@@ -6417,7 +6540,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6417,7 +6540,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
def test_virtualhostroot_https_port_unsafe(self): def test_virtualhostroot_https_port_unsafe(self):
parameter_dict = self.parseSlaveParameterDict( parameter_dict = self.parseSlaveParameterDict(
'virtualhostroot-https-port-unsafe') 'VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict) self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual( self.assertEqual(
...@@ -6449,7 +6572,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6449,7 +6572,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def default_path_unsafe(self): def default_path_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('default-path-unsafe') parameter_dict = self.parseSlaveParameterDict('DEFAULT-PATH-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict, 'master-') self.assertKedifaKeysWithPop(parameter_dict, 'master-')
self.assertEqual( self.assertEqual(
...@@ -6484,7 +6607,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6484,7 +6607,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_monitor_ipv4_test_unsafe(self): def test_monitor_ipv4_test_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('monitor-ipv4-test-unsafe') parameter_dict = self.parseSlaveParameterDict('MONITOR-IPV4-TEST-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict) self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual( self.assertEqual(
...@@ -6516,7 +6639,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6516,7 +6639,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
monitor_file = glob.glob( monitor_file = glob.glob(
os.path.join( os.path.join(
self.instance_path, '*', 'etc', 'plugin', self.instance_path, '*', 'etc', 'plugin',
'check-_monitor-ipv4-test-unsafe-ipv4-packet-list-test.py'))[0] 'check-_MONITOR-IPV4-TEST-UNSAFE-ipv4-packet-list-test.py'))[0]
# get promise module and check that parameters are ok # get promise module and check that parameters are ok
self.assertEqual( self.assertEqual(
...@@ -6529,7 +6652,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6529,7 +6652,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_monitor_ipv6_test_unsafe(self): def test_monitor_ipv6_test_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('monitor-ipv6-test-unsafe') parameter_dict = self.parseSlaveParameterDict('MONITOR-IPV6-TEST-UNSAFE')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict) self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual( self.assertEqual(
...@@ -6561,7 +6684,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6561,7 +6684,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
monitor_file = glob.glob( monitor_file = glob.glob(
os.path.join( os.path.join(
self.instance_path, '*', 'etc', 'plugin', self.instance_path, '*', 'etc', 'plugin',
'check-_monitor-ipv6-test-unsafe-ipv6-packet-list-test.py'))[0] 'check-_MONITOR-IPV6-TEST-UNSAFE-ipv6-packet-list-test.py'))[0]
# get promise module and check that parameters are ok # get promise module and check that parameters are ok
self.assertEqual( self.assertEqual(
getPromisePluginParameterDict(monitor_file), getPromisePluginParameterDict(monitor_file),
...@@ -6572,7 +6695,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6572,7 +6695,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_site_1(self): def test_site_1(self):
parameter_dict = self.parseSlaveParameterDict('site_1') parameter_dict = self.parseSlaveParameterDict('SITE_1')
self.assertLogAccessUrlWithPop(parameter_dict) self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict) self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual( self.assertEqual(
...@@ -6589,7 +6712,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6589,7 +6712,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_site_2(self): def test_site_2(self):
parameter_dict = self.parseSlaveParameterDict('site_2') parameter_dict = self.parseSlaveParameterDict('SITE_2')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': ["custom_domain 'duplicate.example.com' clashes"] 'request-error-list': ["custom_domain 'duplicate.example.com' clashes"]
...@@ -6598,7 +6721,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6598,7 +6721,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_site_3(self): def test_site_3(self):
parameter_dict = self.parseSlaveParameterDict('site_3') parameter_dict = self.parseSlaveParameterDict('SITE_3')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': ["server-alias 'duplicate.example.com' clashes"] 'request-error-list': ["server-alias 'duplicate.example.com' clashes"]
...@@ -6607,7 +6730,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6607,7 +6730,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_site_4(self): def test_site_4(self):
parameter_dict = self.parseSlaveParameterDict('site_4') parameter_dict = self.parseSlaveParameterDict('SITE_4')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': ["custom_domain 'duplicate.example.com' clashes"] 'request-error-list': ["custom_domain 'duplicate.example.com' clashes"]
...@@ -6616,7 +6739,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6616,7 +6739,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_ssl_ca_crt_only(self): def test_ssl_ca_crt_only(self):
parameter_dict = self.parseSlaveParameterDict('ssl_ca_crt_only') parameter_dict = self.parseSlaveParameterDict('SSL_CA_CRT_ONLY')
self.assertEqual( self.assertEqual(
parameter_dict, parameter_dict,
...@@ -6630,35 +6753,35 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6630,35 +6753,35 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
) )
def test_ssl_key_ssl_crt_unsafe(self): def test_ssl_key_ssl_crt_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('ssl_key-ssl_crt-unsafe') parameter_dict = self.parseSlaveParameterDict('SSL_KEY-SSL_CRT-UNSAFE')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': ["slave ssl_key and ssl_crt does not match"], 'request-error-list': ["slave ssl_key and ssl_crt does not match"],
'warning-list': [ 'warning-list': [
'ssl_key is obsolete, please use key-upload-url', 'ssl_crt is obsolete, please use key-upload-url',
'ssl_crt is obsolete, please use key-upload-url'] 'ssl_key is obsolete, please use key-upload-url']
}, },
parameter_dict parameter_dict
) )
def test_bad_backend(self): def test_bad_backend(self):
parameter_dict = self.parseSlaveParameterDict('bad-backend') parameter_dict = self.parseSlaveParameterDict('BAD-BACKEND')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': [ 'request-error-list': [
"slave url 'http://1:2:3:4' invalid", "slave https-url 'http://host.domain:badport' invalid",
"slave https-url 'http://host.domain:badport' invalid"], "slave url 'http://1:2:3:4' invalid"],
}, },
parameter_dict parameter_dict
) )
def test_empty_backend(self): def test_empty_backend(self):
parameter_dict = self.parseSlaveParameterDict('empty-backend') parameter_dict = self.parseSlaveParameterDict('EMPTY-BACKEND')
self.assertEqual( self.assertEqual(
{ {
'request-error-list': [ 'request-error-list': [
"slave url '' invalid", "slave https-url '' invalid",
"slave https-url '' invalid"], "slave url '' invalid"]
}, },
parameter_dict parameter_dict
) )
...@@ -7021,3 +7144,139 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -7021,3 +7144,139 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
expected_partition_parameter_dict_dict, expected_partition_parameter_dict_dict,
partition_parameter_dict_dict partition_parameter_dict_dict
) )
class TestSlaveBackendActiveCheck(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'mpm-graceful-shutdown-timeout': 2,
'request-timeout': '12',
}
@classmethod
def getSlaveParameterDictDict(cls):
cls.setUpAssertionDict()
return {
'backend-active-check-disabled': {
'url': cls.backend_url,
},
'backend-active-check-default': {
'url': cls.backend_url,
'backend-active-check': True,
},
'backend-active-check-connect': {
'url': cls.backend_url,
'backend-active-check': True,
'backend-active-check-http-method': 'CONNECT',
},
'backend-active-check-custom': {
'url': cls.backend_url,
'backend-active-check': True,
'backend-active-check-http-method': 'POST',
'backend-active-check-http-path': '/POST-path to be encoded',
'backend-active-check-http-version': 'HTTP/1.0',
'backend-active-check-timeout': '7',
'backend-active-check-interval': '15',
'backend-active-check-rise': '3',
'backend-active-check-fall': '7',
},
}
@classmethod
def setUpAssertionDict(cls):
backend = urlparse.urlparse(cls.backend_url).netloc
cls.assertion_dict = {
'backend-active-check-disabled': """\
backend _backend-active-check-disabled-http
timeout server 12s
timeout connect 5s
retries 3
server _backend-active-check-disabled-backend %s""" % (backend,),
'backend-active-check-connect': """\
backend _backend-active-check-connect-http
timeout server 12s
timeout connect 5s
retries 3
server _backend-active-check-connect-backend %s check inter 5s"""
""" rise 1 fall 2
timeout check 2s""" % (backend,),
'backend-active-check-custom': """\
backend _backend-active-check-custom-http
timeout server 12s
timeout connect 5s
retries 3
server _backend-active-check-custom-backend %s check inter 15s"""
""" rise 3 fall 7
option httpchk POST /POST-path%%20to%%20be%%20encoded HTTP/1.0
timeout check 7s""" % (backend,),
'backend-active-check-default': """\
backend _backend-active-check-default-http
timeout server 12s
timeout connect 5s
retries 3
server _backend-active-check-default-backend %s check inter 5s"""
""" rise 1 fall 2
option httpchk GET / HTTP/1.1
timeout check 2s""" % (backend, )
}
def _get_backend_haproxy_configuration(self):
backend_configuration_file = glob.glob(os.path.join(
self.instance_path, '*', 'etc', 'backend-haproxy.cfg'))[0]
with open(backend_configuration_file) as fh:
return fh.read()
def _test(self, key):
parameter_dict = self.assertSlaveBase(key)
self.assertIn(
self.assertion_dict[key],
self._get_backend_haproxy_configuration()
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
'Accept-Encoding': 'gzip',
}
)
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
def test_backend_active_check_disabled(self):
self._test('backend-active-check-disabled')
def test_backend_active_check_default(self):
self._test('backend-active-check-default')
def test_backend_active_check_connect(self):
self._test('backend-active-check-connect')
def test_backend_active_check_custom(self):
self._test('backend-active-check-custom')
if __name__ == '__main__':
class HTTP6Server(HTTPServer):
address_family = socket.AF_INET6
ip, port = sys.argv[1], int(sys.argv[2])
if ':' in ip:
klass = HTTP6Server
url_template = 'http://[%s]:%s/'
else:
klass = HTTPServer
url_template = 'http://%s:%s/'
server = klass((ip, port), TestHandler)
print url_template % server.server_address[:2]
server.serve_forever()
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log T-2/var/log/httpd/_dummy-cached_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_default_access_log T-2/var/log/httpd/_default_access_log
T-2/var/log/httpd/_default_error_log T-2/var/log/httpd/_default_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_backend_log T-2/var/log/httpd/_Url_backend_log
T-2/var/log/httpd/_Url_error_log T-2/var/log/httpd/_Url_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_backend-active-check-connect_access_log
T-2/var/log/httpd/_backend-active-check-connect_backend_log
T-2/var/log/httpd/_backend-active-check-connect_error_log
T-2/var/log/httpd/_backend-active-check-custom_access_log
T-2/var/log/httpd/_backend-active-check-custom_backend_log
T-2/var/log/httpd/_backend-active-check-custom_error_log
T-2/var/log/httpd/_backend-active-check-default_access_log
T-2/var/log/httpd/_backend-active-check-default_backend_log
T-2/var/log/httpd/_backend-active-check-default_error_log
T-2/var/log/httpd/_backend-active-check-disabled_access_log
T-2/var/log/httpd/_backend-active-check-disabled_backend_log
T-2/var/log/httpd/_backend-active-check-disabled_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/slave-introspection.pid
T-2/var/run/slave_introspection_configuration_last_state
T-2/var/run/slave_introspection_graceful_configuration_state_signature
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_default_ciphers_access_log T-2/var/log/httpd/_default_ciphers_access_log
T-2/var/log/httpd/_default_ciphers_backend_log T-2/var/log/httpd/_default_ciphers_backend_log
T-2/var/log/httpd/_default_ciphers_error_log T-2/var/log/httpd/_default_ciphers_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_backend_log T-2/var/log/httpd/_Url_backend_log
T-2/var/log/httpd/_Url_error_log T-2/var/log/httpd/_Url_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_wildcard_access_log T-2/var/log/httpd/_wildcard_access_log
T-2/var/log/httpd/_wildcard_backend_log T-2/var/log/httpd/_wildcard_backend_log
T-2/var/log/httpd/_wildcard_error_log T-2/var/log/httpd/_wildcard_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_backend_log T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_backend_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log ...@@ -6,9 +6,9 @@ T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr_id.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_ssl_from_master_access_log T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_backend_log T-2/var/log/httpd/_ssl_from_master_backend_log
T-2/var/log/httpd/_ssl_from_master_error_log T-2/var/log/httpd/_ssl_from_master_error_log
......
...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py ...@@ -3,6 +3,7 @@ T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-user-caucase-updater.py T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-caddy-frontend-1.py
T-0/etc/plugin/check-free-disk-space.py T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py T-0/etc/plugin/monitor-http-frontend.py
......
...@@ -5,15 +5,13 @@ import logging ...@@ -5,15 +5,13 @@ import logging
import os import os
import re import re
import shutil import shutil
import socket
import subprocess import subprocess
import tempfile import tempfile
import time import time
import urlparse import urlparse
from BaseHTTPServer import BaseHTTPRequestHandler from BaseHTTPServer import BaseHTTPRequestHandler
from typing import Any, Dict, Optional from typing import Dict
import idna
import mock import mock
import OpenSSL.SSL import OpenSSL.SSL
import pexpect import pexpect
...@@ -106,20 +104,6 @@ class CaucaseService(ManagedResource): ...@@ -106,20 +104,6 @@ class CaucaseService(ManagedResource):
self._caucased_process.wait() self._caucased_process.wait()
shutil.rmtree(self.directory) shutil.rmtree(self.directory)
@property
def ca_crt_path(self):
# type: () -> str
"""Path of the CA certificate from this caucase.
"""
ca_crt_path = os.path.join(self.directory, 'ca.crt.pem')
if not os.path.exists(ca_crt_path):
with open(ca_crt_path, 'w') as f:
f.write(
requests.get(urlparse.urljoin(
self.url,
'/cas/crt/ca.crt.pem',
)).text)
return ca_crt_path
class BalancerTestCase(ERP5InstanceTestCase): class BalancerTestCase(ERP5InstanceTestCase):
...@@ -387,85 +371,6 @@ class TestHTTP(BalancerTestCase): ...@@ -387,85 +371,6 @@ class TestHTTP(BalancerTestCase):
]) ])
class TestTLS(BalancerTestCase):
"""Check TLS
"""
__partition_reference__ = 's'
def _getServerCertificate(self, hostname, port):
# type: (Optional[str], Optional[int]) -> Any
hostname_idna = idna.encode(hostname)
sock = socket.socket()
sock.connect((hostname, port))
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.check_hostname = False
ctx.verify_mode = OpenSSL.SSL.VERIFY_NONE
sock_ssl = OpenSSL.SSL.Connection(ctx, sock)
sock_ssl.set_connect_state()
sock_ssl.set_tlsext_host_name(hostname_idna)
sock_ssl.do_handshake()
cert = sock_ssl.get_peer_certificate()
crypto_cert = cert.to_cryptography()
sock_ssl.close()
sock.close()
return crypto_cert
def test_certificate_validates_with_caucase_ca(self):
# type: () -> None
caucase = self.getManagedResource("caucase", CaucaseService)
requests.get(self.default_balancer_url, verify=caucase.ca_crt_path)
def test_certificate_renewal(self):
# type: () -> None
caucase = self.getManagedResource("caucase", CaucaseService)
balancer_parsed_url = urlparse.urlparse(self.default_balancer_url)
certificate_before_renewal = self._getServerCertificate(
balancer_parsed_url.hostname,
balancer_parsed_url.port)
# run caucase updater 90 days in the future, so that certificate is
# renewed.
caucase_updater = os.path.join(
self.computer_partition_root_path,
'etc',
'service',
'caucase-updater',
)
process = pexpect.spawnu(
"faketime +90days %s" % caucase_updater,
env=dict(os.environ, PYTHONPATH=''),
)
logger = self.logger
class DebugLogFile:
def write(self, msg):
logger.info("output from caucase_updater: %s", msg)
def flush(self):
pass
process.logfile = DebugLogFile()
process.expect(u"Renewing .*\nNext wake-up.*")
process.terminate()
process.wait()
# wait for server to use new certificate
for _ in range(30):
certificate_after_renewal = self._getServerCertificate(
balancer_parsed_url.hostname,
balancer_parsed_url.port)
if certificate_after_renewal.not_valid_before > certificate_before_renewal.not_valid_before:
break
time.sleep(.5)
self.assertGreater(
certificate_after_renewal.not_valid_before,
certificate_before_renewal.not_valid_before,
)
# requests are served properly after cert renewal
requests.get(self.default_balancer_url, verify=caucase.ca_crt_path).raise_for_status()
class ContentTypeHTTPServer(ManagedHTTPServer): class ContentTypeHTTPServer(ManagedHTTPServer):
"""An HTTP Server which reply with content type from path. """An HTTP Server which reply with content type from path.
......
...@@ -31,7 +31,6 @@ import glob ...@@ -31,7 +31,6 @@ import glob
import urlparse import urlparse
import socket import socket
import time import time
import tempfile
import psutil import psutil
import requests import requests
...@@ -44,7 +43,7 @@ setUpModule # pyflakes ...@@ -44,7 +43,7 @@ setUpModule # pyflakes
class TestPublishedURLIsReachableMixin(object): class TestPublishedURLIsReachableMixin(object):
"""Mixin that checks that default page of ERP5 is reachable. """Mixin that checks that default page of ERP5 is reachable.
""" """
def _checkERP5IsReachable(self, url, verify): def _checkERP5IsReachable(self, url):
# What happens is that instanciation just create the services, but does not # What happens is that instanciation just create the services, but does not
# wait for ERP5 to be initialized. When this test run ERP5 instance is # wait for ERP5 to be initialized. When this test run ERP5 instance is
# instanciated, but zope is still busy creating the site and haproxy replies # instanciated, but zope is still busy creating the site and haproxy replies
...@@ -52,7 +51,7 @@ class TestPublishedURLIsReachableMixin(object): ...@@ -52,7 +51,7 @@ class TestPublishedURLIsReachableMixin(object):
# erp5 site is not created, with 500 when mysql is not yet reachable, so we # erp5 site is not created, with 500 when mysql is not yet reachable, so we
# retry in a loop until we get a succesful response. # retry in a loop until we get a succesful response.
for i in range(1, 60): for i in range(1, 60):
r = requests.get(url, verify=verify) r = requests.get(url, verify=False) # XXX can we get CA from caucase already ?
if r.status_code != requests.codes.ok: if r.status_code != requests.codes.ok:
delay = i * 2 delay = i * 2
self.logger.warn("ERP5 was not available, sleeping for %ds and retrying", delay) self.logger.warn("ERP5 was not available, sleeping for %ds and retrying", delay)
...@@ -63,36 +62,19 @@ class TestPublishedURLIsReachableMixin(object): ...@@ -63,36 +62,19 @@ class TestPublishedURLIsReachableMixin(object):
self.assertIn("ERP5", r.text) self.assertIn("ERP5", r.text)
def _getCaucaseServiceCACertificate(self):
ca_cert = tempfile.NamedTemporaryFile(
prefix="ca.crt.pem",
mode="w",
delete=False,
)
ca_cert.write(
requests.get(
urlparse.urljoin(
self.getRootPartitionConnectionParameterDict()['caucase-http-url'],
'/cas/crt/ca.crt.pem',
)).text)
self.addCleanup(os.unlink, ca_cert.name)
return ca_cert.name
def test_published_family_default_v6_is_reachable(self): def test_published_family_default_v6_is_reachable(self):
"""Tests the IPv6 URL published by the root partition is reachable. """Tests the IPv6 URL published by the root partition is reachable.
""" """
param_dict = self.getRootPartitionConnectionParameterDict() param_dict = self.getRootPartitionConnectionParameterDict()
self._checkERP5IsReachable( self._checkERP5IsReachable(
urlparse.urljoin(param_dict['family-default-v6'], param_dict['site-id']), urlparse.urljoin(param_dict['family-default-v6'], param_dict['site-id']))
self._getCaucaseServiceCACertificate())
def test_published_family_default_v4_is_reachable(self): def test_published_family_default_v4_is_reachable(self):
"""Tests the IPv4 URL published by the root partition is reachable. """Tests the IPv4 URL published by the root partition is reachable.
""" """
param_dict = self.getRootPartitionConnectionParameterDict() param_dict = self.getRootPartitionConnectionParameterDict()
self._checkERP5IsReachable( self._checkERP5IsReachable(
urlparse.urljoin(param_dict['family-default'], param_dict['site-id']), urlparse.urljoin(param_dict['family-default'], param_dict['site-id']))
self._getCaucaseServiceCACertificate())
class TestDefaultParameters(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin): class TestDefaultParameters(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
......
...@@ -78,6 +78,8 @@ packages += ...@@ -78,6 +78,8 @@ packages +=
ca-certificates file g++ libc6-dev make patch python ca-certificates file g++ libc6-dev make patch python
# speed up build by using the following components from the OS # speed up build by using the following components from the OS
git liblzma-dev libssl-dev pkg-config python-dev git liblzma-dev libssl-dev pkg-config python-dev
# for pygolang
python-greenlet-dev
# extra requirements for NEO # extra requirements for NEO
libnetfilter-queue-dev nftables libnetfilter-queue-dev nftables
# extra requirements for this SR # extra requirements for this SR
......
...@@ -15,6 +15,9 @@ parts = ...@@ -15,6 +15,9 @@ parts =
slapos-cookbook slapos-cookbook
instance instance
[python]
part = python3
[instance] [instance]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/${:filename} url = ${:_profile_base_location_}/${:filename}
......
...@@ -6,14 +6,15 @@ extends = ...@@ -6,14 +6,15 @@ extends =
part = python3 part = python3
[eggs] [eggs]
eggs -= eggs +=
# plantuml is not Py3-compatible # plantuml 0.3.0 is only available for Python 3
${slapos.test.plantuml-setup:egg} ${slapos.test.plantuml-setup:egg}
[template] [template]
extra = extra =
${slapos.test.helloworld-setup:setup} ${slapos.test.helloworld-setup:setup}
${slapos.test.monitor-setup:setup} ${slapos.test.monitor-setup:setup}
${slapos.test.plantuml-setup:setup}
${slapos.test.powerdns-setup:setup} ${slapos.test.powerdns-setup:setup}
${slapos.test.proftpd-setup:setup} ${slapos.test.proftpd-setup:setup}
${slapos.test.repman-setup:setup} ${slapos.test.repman-setup:setup}
...@@ -189,7 +189,6 @@ eggs = ...@@ -189,7 +189,6 @@ eggs =
${slapos.test.jstestnode-setup:egg} ${slapos.test.jstestnode-setup:egg}
${slapos.test.kvm-setup:egg} ${slapos.test.kvm-setup:egg}
${slapos.test.monitor-setup:egg} ${slapos.test.monitor-setup:egg}
${slapos.test.plantuml-setup:egg}
${slapos.test.powerdns-setup:egg} ${slapos.test.powerdns-setup:egg}
${slapos.test.proftpd-setup:egg} ${slapos.test.proftpd-setup:egg}
${slapos.test.re6stnet-setup:egg} ${slapos.test.re6stnet-setup:egg}
...@@ -256,7 +255,6 @@ extra = ...@@ -256,7 +255,6 @@ extra =
${slapos.test.erp5-setup:setup} ${slapos.test.erp5-setup:setup}
${slapos.test.htmlvalidatorserver-setup:setup} ${slapos.test.htmlvalidatorserver-setup:setup}
${slapos.test.slapos-master-setup:setup} ${slapos.test.slapos-master-setup:setup}
${slapos.test.plantuml-setup:setup}
${slapos.test.re6stnet-setup:setup} ${slapos.test.re6stnet-setup:setup}
${slapos.test.seleniumserver-setup:setup} ${slapos.test.seleniumserver-setup:setup}
${slapos.test.jstestnode-setup:setup} ${slapos.test.jstestnode-setup:setup}
...@@ -280,7 +278,7 @@ forcediphttpsadapter = 1.0.1 ...@@ -280,7 +278,7 @@ forcediphttpsadapter = 1.0.1
httplib2 = 0.11.3 httplib2 = 0.11.3
image = 1.5.25 image = 1.5.25
paramiko = 2.4.2 paramiko = 2.4.2
plantuml = 0.1.1 plantuml = 0.3.0
pysftp = 0.2.9 pysftp = 0.2.9
requests-toolbelt = 0.8.0 requests-toolbelt = 0.8.0
selenium = 3.141.0 selenium = 3.141.0
......
...@@ -99,7 +99,7 @@ setup = ${slapos.rebootstrap-repository:location} ...@@ -99,7 +99,7 @@ setup = ${slapos.rebootstrap-repository:location}
[rubygemsrecipe-setup] [rubygemsrecipe-setup]
<= setup-develop-egg <= setup-develop-egg
egg = rubygemsrecipe egg = rubygemsrecipe[test]
setup = ${rubygemsrecipe-repository:location} setup = ${rubygemsrecipe-repository:location}
[eggs] [eggs]
...@@ -224,6 +224,7 @@ pycurl = 7.43.0.2 ...@@ -224,6 +224,7 @@ pycurl = 7.43.0.2
pyflakes = 2.0.0 pyflakes = 2.0.0
zope.testing = 4.6.2 zope.testing = 4.6.2
urllib3 = 1.24.1 urllib3 = 1.24.1
pathlib = 1.0.1
# Required by: # Required by:
# caucase # caucase
PyJWT = 1.6.4 PyJWT = 1.6.4
...@@ -26,7 +26,7 @@ md5sum = f2e2493bc5da90a53f86e5bcf64d2d57 ...@@ -26,7 +26,7 @@ md5sum = f2e2493bc5da90a53f86e5bcf64d2d57
[instance-runner-import] [instance-runner-import]
filename = instance-runner-import.cfg.in filename = instance-runner-import.cfg.in
md5sum = f5abd8aeb19707dfa12d979a8bc30076 md5sum = ea7667f9af952bc4bdf43aad4520759f
[instance-runner-export] [instance-runner-export]
filename = instance-runner-export.cfg.in filename = instance-runner-export.cfg.in
......
...@@ -27,6 +27,7 @@ parts += ...@@ -27,6 +27,7 @@ parts +=
supervisord-wrapper supervisord-wrapper
importer-consistency-promise importer-consistency-promise
software-release-deployment-promise software-release-deployment-promise
template-slapuser-script
resilient-software-release-information resilient-software-release-information
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
[instance] [instance]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 397fcb3279029af3055b23525d147445 md5sum = 2ceb9389281c00261abd864fc8ed566f
[yarn.lock] [yarn.lock]
filename = yarn.lock filename = yarn.lock
......
...@@ -98,8 +98,12 @@ stop-on-error = true ...@@ -98,8 +98,12 @@ stop-on-error = true
[frontend-instance-logo] [frontend-instance-logo]
recipe = plone.recipe.command recipe = plone.recipe.command
filename = logo.png filename = logo.png
full-path = $${directory:frontend-static}/$${:filename}
command = command =
ln -s ${logo.png:output} $${directory:frontend-static}/$${:filename} if [ ! -e $${:full-path} ]
then
ln -s ${logo.png:output} $${:full-path}
fi
stop-on-error = true stop-on-error = true
[frontend-instance-slapos.css] [frontend-instance-slapos.css]
......
...@@ -675,7 +675,7 @@ scikit-image = 0.14.0 ...@@ -675,7 +675,7 @@ scikit-image = 0.14.0
PyWavelets = 0.5.2 PyWavelets = 0.5.2
networkx = 2.1 networkx = 2.1
pytesseract = 0.2.2 pytesseract = 0.2.2
zbarlight = 2.0 zbarlight = 2.3
cloudpickle = 0.5.3 cloudpickle = 0.5.3
dask = 0.18.1 dask = 0.18.1
toolz = 0.9.0 toolz = 0.9.0
......
...@@ -90,7 +90,7 @@ md5sum = 2f3ddd328ac1c375e483ecb2ef5ffb57 ...@@ -90,7 +90,7 @@ md5sum = 2f3ddd328ac1c375e483ecb2ef5ffb57
[template-balancer] [template-balancer]
filename = instance-balancer.cfg.in filename = instance-balancer.cfg.in
md5sum = ecf119142e6b5cd85a2ba397552d2142 md5sum = 4ba93d28d93bd066d5d19f4f74fc13d7
[template-haproxy-cfg] [template-haproxy-cfg]
filename = haproxy.cfg.in filename = haproxy.cfg.in
......
...@@ -18,56 +18,25 @@ per partition. No more (undefined result), no less (IndexError). ...@@ -18,56 +18,25 @@ per partition. No more (undefined result), no less (IndexError).
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
mode = 644 mode = 644
[balancer-csr-request-config]
< = jinja2-template-base
template = inline:
[req]
prompt = no
req_extensions = req_ext
distinguished_name = dn
[ dn ]
CN = example.com
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
IP.1 = {{ ipv4 }}
{% if ipv6_set -%}
IP.2 = {{ ipv6 }}
{% endif %}
rendered = ${buildout:parts-directory}/${:_buildout_section_name_}/${:_buildout_section_name_}.txt
[balancer-csr-request]
recipe = plone.recipe.command
command = {{ parameter_dict["openssl"] }}/bin/openssl req \
-newkey rsa:2048 \
-batch \
-new \
-nodes \
-keyout '${apache-conf-ssl:key}' \
-config '${balancer-csr-request-config:rendered}' \
-out '${:csr}'
stop-on-error = true
csr = ${directory:etc}/${:_buildout_section_name_}.csr.pem
{{ caucase.updater( {{ caucase.updater(
prefix='caucase-updater', prefix='caucase-updater',
buildout_bin_directory=parameter_dict['bin-directory'], buildout_bin_directory=parameter_dict['bin-directory'],
updater_path='${directory:services-on-watch}/caucase-updater', updater_path='${directory:services-on-watch}/caucase-updater',
url=ssl_parameter_dict['caucase-url'], url=ssl_parameter_dict['caucase-url'],
data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
crt_path='${apache-conf-ssl:cert}', crt_path='${apache-conf-ssl:caucase-cert}',
ca_path='${directory:srv}/caucase-updater/ca.crt', ca_path='${directory:srv}/caucase-updater/ca.crt',
crl_path='${directory:srv}/caucase-updater/crl.pem', crl_path='${directory:srv}/caucase-updater/crl.pem',
key_path='${apache-conf-ssl:key}', key_path='${apache-conf-ssl:caucase-key}',
on_renew='${apache-graceful:output}', on_renew='${apache-graceful:output}',
max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0), max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
template_csr_pem=ssl_parameter_dict.get('csr'), template_csr_pem=ssl_parameter_dict.get('csr'),
template_csr=None if ssl_parameter_dict.get('csr') else '${balancer-csr-request:csr}',
openssl=parameter_dict['openssl'] ~ '/bin/openssl', openssl=parameter_dict['openssl'] ~ '/bin/openssl',
)}} )}}
{# XXX we don't use caucase yet.
{% do section('caucase-updater') -%} {% do section('caucase-updater') -%}
{% do section('caucase-updater-promise') -%} {% do section('caucase-updater-promise') -%}
#}
{% set frontend_caucase_url_hash_list = [] -%} {% set frontend_caucase_url_hash_list = [] -%}
{% for frontend_caucase_url in frontend_caucase_url_list -%} {% for frontend_caucase_url in frontend_caucase_url_list -%}
...@@ -209,6 +178,10 @@ hash-files = ${haproxy-cfg:rendered} ...@@ -209,6 +178,10 @@ hash-files = ${haproxy-cfg:rendered}
[apache-conf-ssl] [apache-conf-ssl]
cert = ${directory:apache-conf}/apache.crt cert = ${directory:apache-conf}/apache.crt
key = ${directory:apache-conf}/apache.pem key = ${directory:apache-conf}/apache.pem
# XXX caucase is/was buggy and this certificate does not match key for instances
# that were updated, so don't use it yet.
caucase-cert = ${directory:apache-conf}/apache-caucase.crt
caucase-key = ${directory:apache-conf}/apache-caucase.pem
{% if frontend_caucase_url_list -%} {% if frontend_caucase_url_list -%}
depends = ${caucase-updater-housekeeper-run:recipe} depends = ${caucase-updater-housekeeper-run:recipe}
ca-cert-dir = ${directory:apache-ca-cert-dir} ca-cert-dir = ${directory:apache-ca-cert-dir}
...@@ -231,6 +204,19 @@ context = key content {{content_section_name}}:content ...@@ -231,6 +204,19 @@ context = key content {{content_section_name}}:content
mode = {{ mode }} mode = {{ mode }}
{%- endmacro %} {%- endmacro %}
[apache-ssl]
{% if ssl_parameter_dict.get('key') -%}
key = ${apache-ssl-key:rendered}
cert = ${apache-ssl-cert:rendered}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{% else %}
recipe = plone.recipe.command
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
key = ${apache-conf-ssl:key}
cert = ${apache-conf-ssl:cert}
{%- endif %}
[apache-conf-parameter-dict] [apache-conf-parameter-dict]
backend-list = {{ dumps(apache_dict.values()) }} backend-list = {{ dumps(apache_dict.values()) }}
zope-virtualhost-monster-backend-dict = {{ dumps(zope_virtualhost_monster_backend_dict) }} zope-virtualhost-monster-backend-dict = {{ dumps(zope_virtualhost_monster_backend_dict) }}
...@@ -242,8 +228,8 @@ access-log = ${directory:log}/apache-access.log ...@@ -242,8 +228,8 @@ access-log = ${directory:log}/apache-access.log
# Apache 2.4's default value (60 seconds) can be a bit too short # Apache 2.4's default value (60 seconds) can be a bit too short
timeout = 300 timeout = 300
# Basic SSL server configuration # Basic SSL server configuration
cert = ${apache-conf-ssl:cert} cert = ${apache-ssl:cert}
key = ${apache-conf-ssl:key} key = ${apache-ssl:key}
cipher = cipher =
ssl-session-cache = ${directory:log}/apache-ssl-session-cache ssl-session-cache = ${directory:log}/apache-ssl-session-cache
{% if frontend_caucase_url_list -%} {% if frontend_caucase_url_list -%}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment