Update Release Candidate

ef19bed5 · Jérome Perrin · 021ae883 · 6b2b895c · ef19bed5 · ef19bed5
Commit ef19bed5 authored Dec 02, 2021 by Jérome Perrin
38 changed files
--- a/component/apache/buildout.cfg
+++ b/component/apache/buildout.cfg
@@ -39,9 +39,9 @@ configure-options =
 [apache]
 recipe = slapos.recipe.cmmi
 shared = true
-version = 2.4.49
+version = 2.4.51
 url = https://archive.apache.org/dist/httpd/httpd-${:version}.tar.bz2
-md5sum = f294efbeabcf6027fccc7983a6daa55f
+md5sum = d2793fc1c8cb8ba355cee877d1f2d46d
 configure-options = --disable-static
                    --enable-authn-alias
                    --enable-bucketeer

--- a/component/groonga/buildout.cfg
+++ b/component/groonga/buildout.cfg
@@ -15,8 +15,8 @@ extends =
 [groonga]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://packages.groonga.org/source/groonga/groonga-11.0.2.tar.gz
-md5sum = 753ba6fad77598baf93615c4b9c535b1
+url = https://packages.groonga.org/source/groonga/groonga-11.0.9.tar.gz
+md5sum = 9c66445d92c8b7536f1b28119ac1855b
 groonga-plugin-dir =  @@LOCATION@@/lib/groonga/plugins/
 # temporary patch to respect more tokens in natural language mode.
 patches =
@@ -48,9 +48,8 @@ environment =
 [groonga-normalizer-mysql]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://packages.groonga.org/source/groonga-normalizer-mysql/groonga-normalizer-mysql-1.1.4.tar.gz
-md5sum = effa67fb271d49810850a3b275d040f6
-
+url = https://packages.groonga.org/source/groonga-normalizer-mysql/groonga-normalizer-mysql-1.1.5.tar.gz
+md5sum = 842d02becc6dcc25a02fa7e789c2cba7
 groonga-plugin-dir =  @@LOCATION@@/lib/groonga/plugins/
 pre-configure = mkdir -p ${:groonga-plugin-dir}
 make-targets = GROONGA_PLUGINS_DIR=${:groonga-plugin-dir} install

--- a/component/headless-chromium/buildout.cfg
+++ b/component/headless-chromium/buildout.cfg
@@ -53,7 +53,8 @@ version = 92.0.4515.107
 [headless-chromium]
 recipe = slapos.recipe.cmmi
 path = ${chromium-source:location}
-location = ${:path}/out/headless
+# XXX
+fake-location = ${:path}/out/headless

 # Configuration file for GN, the tool to build the actual compilation
 # configuration file.
@@ -91,17 +92,17 @@ configure-command =
    > ${chromium-source:gclient-location}/.gclient
  gclient sync --no-history
 # Generate build configuration files.
-  mkdir -p ${:location}
-  echo '${:build-config-options}' > ${:location}/args.gn
-  gn gen ${:location}
+  mkdir -p ${:fake-location}
+  echo '${:build-config-options}' > ${:fake-location}/args.gn
+  gn gen ${:fake-location}

 # You can run the headless Chromium shell using
 # ${:binary} --remote-debugging-port=1234
 make-binary =
-  autoninja -C ${:location} headless_shell
+  autoninja -C ${:fake-location} headless_shell
 # By building our own version of Chromedriver, we can ensure version
 # compatibility. The build is quite cheap compared to Chromium, anyway.
-  autoninja -C ${:location} chromedriver
+  autoninja -C ${:fake-location} chromedriver
 environment =
  PATH=${depot_tools:location}:${gperf:location}/bin:${pkgconfig:location}/bin:${coreutils:location}/bin:${git:location}/bin:${curl:location}/bin:%(PATH)s
  LDFLAGS="-Wl,-rpath=${nss:location}/lib,-rpath=${nspr:location}/lib"
@@ -111,10 +112,10 @@ environment =
  NM="${:llvm-toolchain}/llvm-nm"

 # Expose devtools frontend location.
-devtools-frontend = ${:location}/gen/third_party/devtools-frontend/src/front_end
+devtools-frontend = ${:fake-location}/gen/third_party/devtools-frontend/src/front_end

-binary = ${:location}/headless_shell
-chromedriver = ${:location}/chromedriver
+binary = ${:fake-location}/headless_shell
+chromedriver = ${:fake-location}/chromedriver
 promises =
  ${:binary}
  ${:chromedriver}

--- a/component/luajit/buildout.cfg
+++ b/component/luajit/buildout.cfg
+# LuaJIT is a Just-In-Time Compiler (JIT) for the Lua programming language.
+# https://luajit.org/luajit.html
+
+[buildout]
+parts = luajit
+
+[luajit]
+recipe = slapos.recipe.cmmi
+shared = true
+url = https://luajit.org/download/LuaJIT-2.0.5.tar.gz
+md5sum = 48353202cbcacab84ee41a5a70ea0a2c
+configure-command = true
+# pass dummy LDCONFIG to skip needless calling of ldconfig by non-root user
+make-options =
+  DPREFIX=@@LOCATION@@
+  LDCONFIG=/bin/echo
--- a/component/mariadb/buildout.cfg
+++ b/component/mariadb/buildout.cfg
@@ -30,16 +30,15 @@ parts =
 recipe = slapos.recipe.cmmi
 shared = true
 url = https://archive.mariadb.org//mariadb-${:version}/source/mariadb-${:version}.tar.gz
-version = 10.4.19
-md5sum = bf60c7a3feac5854745cd1ad5133f09a
-location = @@LOCATION@@
+version = 10.4.22
+md5sum = 0d5e1b9e3694322e18819811a2bf81fa
 pre-configure =
  set '\bSET(PLUGIN_AUTH_PAM YES CACHE BOOL "")' cmake/build_configurations/mysql_release.cmake
  grep -q "$@"
  sed -i "/$1/d" "$2"
 configure-command = ${cmake:location}/bin/cmake
 configure-options =
-  -DCMAKE_INSTALL_PREFIX=${:location}
+  -DCMAKE_INSTALL_PREFIX=@@LOCATION@@
  -DBUILD_CONFIG=mysql_release
  -DDEFAULT_CHARSET=utf8
  -DDEFAULT_COLLATION=utf8_unicode_ci
@@ -68,6 +67,10 @@ configure-options =
  -DCMAKE_INSTALL_RPATH=${:CMAKE_LIBRARY_PATH}
  -DCMAKE_INCLUDE_PATH=${unixodbc:location}/include
  -DCMAKE_LIBRARY_PATH=${unixodbc:location}/lib
+# for RocksDB - see
+#  https://lore.kernel.org/linux-btrfs/ed3642c2-682e-08a1-f18d-2d63409b7631@nexedi.com/T/
+  -DWITH_FALLOCATE=NO
+##
 CMAKE_CFLAGS = -I${bzip2:location}/include -I${jemalloc:location}/include -I${libaio:location}/include -I${libxml2:location}/include -I${ncurses:location}/include -I${openssl:location}/include -I${pcre:location}/include -I${readline5:location}/include -I${xz-utils:location}/include -I${zlib:location}/include -I${unixodbc:location}/include -I${lz4:location}/include -I${snappy:location}/include -I${zstd:location}/include
 CMAKE_LIBRARY_PATH = ${bzip2:location}/lib:${jemalloc:location}/lib:${libaio:location}/lib:${libxml2:location}/lib:${ncurses:location}/lib:${openssl:location}/lib:${pcre:location}/lib:${readline5:location}/lib:${xz-utils:location}/lib:${zlib:location}/lib:${unixodbc:location}/lib:${lz4:location}/lib:${snappy:location}/lib:${zstd:location}/lib
 environment =
@@ -80,13 +83,13 @@ patch-options = -p1
 patches =
  https://sources.debian.org/data/main/m/mariadb-10.3/1:10.3.22-0+deb10u1/debian/patches/0024-Revert-to-using-system-pcre-library.patch#1c6a0f2634f5a56122299674b77b1131
 post-install = 
-  ldd=`ldd ${:location}/lib/plugin/ha_rocksdb.so`
+  ldd=`ldd %(location)s/lib/plugin/ha_rocksdb.so`
  for x in ${lz4:location} ${snappy:location} ${zstd:location}
  do echo "$ldd" |grep -qF " $x/lib/"
  done
  set -- wsrep-lib/wsrep-API/*/wsrep_api.h
-  install -DpT $1 ${:location}/$1
-  cp -a wsrep-lib/include ${:location}/wsrep-lib
+  install -DpT $1 %(location)s/$1
+  cp -a wsrep-lib/include %(location)s/wsrep-lib

 [mroonga-mariadb]
 # mroonga - a storage engine for MySQL. It provides fast fulltext search feature to all MySQL users.
@@ -96,8 +99,8 @@ post-install =
 # as plugin-dir ( https://mariadb.com/kb/en/server-system-variables/#plugin_dir )
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://packages.groonga.org/source/mroonga/mroonga-11.02.tar.gz
-md5sum = 0729c74efc92bfc404b88597488d07e9
+url = https://packages.groonga.org/source/mroonga/mroonga-11.09.tar.gz
+md5sum = 8b1786332edc61c41a769f225e6063b2
 pre-configure = 
  rm -rf fake_mariadb_source
  mkdir -p fake_mariadb_source
@@ -131,15 +134,15 @@ environment =
 ### (we just override here for easier revert)
 [mariadb-10.3]
 <= mariadb-10.4
-version = 10.3.29
-md5sum = a5adad1c4fb1717d7fe6d608fd4d40de
+version = 10.3.32
+md5sum = 12341dc150c810c0072a40e55825ca57
 post-install =
-  ldd=`ldd ${:location}/lib/plugin/ha_rocksdb.so`
+  ldd=`ldd %(location)s/lib/plugin/ha_rocksdb.so`
  for x in ${lz4:location} ${snappy:location} ${zstd:location}
  do echo "$ldd" |grep -qF " $x/lib/"
  done
-  mkdir -p ${:location}/include/wsrep &&
-  cp -p wsrep/wsrep_api.h ${:location}/include/wsrep
+  mkdir -p %(location)s/include/wsrep &&
+  cp -p wsrep/wsrep_api.h %(location)s/include/wsrep

 [mariadb]
 location = ${mariadb-10.3:location}

--- a/component/tcl/buildout.cfg
+++ b/component/tcl/buildout.cfg
 [buildout]
+extends =
+  ../zlib/buildout.cfg
 parts = tcl

 [tcl]
@@ -6,6 +8,9 @@ recipe = slapos.recipe.cmmi
 url = http://prdownloads.sourceforge.net/tcl/tcl8.6.11-src.tar.gz
 md5sum = 8a4c004f48984a03a7747e9ba06e4da4
 shared = true
+environment =
+  CPPFLAGS=-I${zlib:location}/include
+  LDFLAGS=-L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
 configure-command = ./unix/configure
 configure-options =
  --prefix=@@LOCATION@@

--- a/component/trafficserver/buildout.cfg
+++ b/component/trafficserver/buildout.cfg
@@ -3,6 +3,7 @@ extends =
  ../defaults.cfg
  ../libtool/buildout.cfg
  ../libxml2/buildout.cfg
+  ../luajit/buildout.cfg
  ../make/buildout.cfg
  ../ncurses/buildout.cfg
  ../openssl/buildout.cfg
@@ -32,6 +33,7 @@ configure-options =
  --with-pcre=${pcre:location}
  --with-ncurses=${ncurses:location}
  --with-tcl=${tcl:location}/lib/
+  --with-luajit=${luajit:location}
  --with-lzma=${xz-utils:location}
  --with-zlib=${zlib:location}
  --disable-curl
@@ -40,7 +42,7 @@ configure-options =
  --disable-posix-cap
 environment =
  PATH=${libtool:location}/bin:${make:location}/bin:${patch:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:%(PATH)s
-  LDFLAGS =-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${tcl:location}/lib -Wl,-rpath=${tcl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
+  LDFLAGS =-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${tcl:location}/lib -Wl,-rpath=${tcl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${luajit:location}/lib  -lm

 make-target =
  check

--- a/component/couchdb/buildout.cfg
+++ b/component/couchdb/buildout.cfg
--- a/component/erlang/buildout.cfg
+++ b/component/erlang/buildout.cfg
--- a/component/membase/buildout.cfg
+++ b/component/membase/buildout.cfg
--- a/component/spidermonkey/buildout.cfg
+++ b/component/spidermonkey/buildout.cfg
--- a/setup.py
+++ b/setup.py
@@ -28,7 +28,7 @@ from setuptools import setup, find_packages
 import glob
 import os

-version = '1.0.214'
+version = '1.0.217'
 name = 'slapos.cookbook'
 long_description = open("README.rst").read()


--- a/slapos/recipe/random.py
+++ b/slapos/recipe/random.py
@@ -107,7 +107,9 @@ class Mac(object):
    pass

 def generatePassword(length):
-  return ''.join(random.SystemRandom().sample(string.ascii_lowercase, length))
+  system_random = random.SystemRandom()
+  alphabet = string.ascii_letters + string.digits
+  return ''.join(system_random.choice(alphabet) for i in range(length))


 class Password(object):
@@ -119,7 +121,7 @@ class Password(object):
    recipes like slapos.recipe.template:jinja2 to safely process the password.

    Options:
-    - bytes: password length (default: 8 characters)
+    - bytes: password length (default: 16 characters)
    - storage-path: plain-text persistent storage for password,
                    that can only be accessed by the user
      (default: ${buildout:parts-directory}/${:_buildout_section_name_})
@@ -149,7 +151,7 @@ class Password(object):
          if e.errno != errno.ENOENT:
            raise
      if not passwd:
-        passwd = self.generatePassword(int(options.get('bytes', '8')))
+        passwd = self.generatePassword(int(options.get('bytes', '16')))
        self.update = self.install
      options['passwd'] = passwd
    # Password must not go into .installed file, for 2 reasons:

--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = 1dfbd20c77fb3c1f01005a8a920d2ed9
+md5sum = fb3a20e7f555a9ce7fe1ec547d0fcdfc

 [profile-common]
 filename = instance-common.cfg.in
@@ -26,11 +26,11 @@ md5sum = 0950e09ad1f03f0789308f5f7a7eb1b8

 [profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 7c2e52b76c42bed95702763c344e41dd
+md5sum = c5d1e235959a877b4f3157369c6f5e10

 [profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = 313671d343ceccfca5af1baa642132c5
+md5sum = c67e172c0c6eca955b18962404056a33

 [profile-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
@@ -50,7 +50,7 @@ md5sum = 37475d79f28c5f126bc1947fdb938fdb

 [template-backend-haproxy-configuration]
 _update_hash_filename_ = templates/backend-haproxy.cfg.in
-md5sum = d2851c7ebd2c9baa2edecb3ca3485511
+md5sum = ae4c9ce775ea003aa51eda5ecbbeec73

 [template-empty]
 _update_hash_filename_ = templates/empty.in
@@ -98,7 +98,7 @@ md5sum = 8e1c6c06c09beb921965b3ce98c67c9e

 [caddyprofiledeps-dummy]
 filename = caddyprofiledummy.py
-md5sum = 38792c2dceae38ab411592ec36fff6a8
+md5sum = 59cb33f11272ee09eccea74981d2304a

 [profile-kedifa]
 filename = instance-kedifa.cfg.in

--- a/software/caddy-frontend/caddyprofiledummy.py
+++ b/software/caddy-frontend/caddyprofiledummy.py
+import urlparse
+
 class Recipe(object):
  def __init__(self, *args, **kwargs):
    pass
@@ -7,3 +9,13 @@ class Recipe(object):

  def update(self):
    return self.install()
+
+def validate_netloc(netloc):
+  # a bit crazy way to validate that the passed parameter is haproxy
+  # compatible server netloc
+  parsed = urlparse.urlparse('scheme://'+netloc)
+  if ':' in parsed.hostname:
+    hostname = '[%s]' % parsed.hostname
+  else:
+    hostname = parsed.hostname
+  return netloc == '%s:%s' % (hostname, parsed.port)
--- a/software/caddy-frontend/instance-apache-replicate.cfg.in
+++ b/software/caddy-frontend/instance-apache-replicate.cfg.in
@@ -207,6 +207,15 @@ context =
 {%       endif %}
 {%     endif %}
 {%   endfor %}
+{%   for url_key in ['url-netloc-list', 'https-url-netloc-list', 'health-check-failover-url-netloc-list'] %}
+{%     if url_key in slave %}
+{%       for netloc in slave[url_key].split() %}
+{%         if not caddyprofiledummy.validate_netloc(netloc) %}
+{%           do slave_error_list.append('slave %s %r invalid' % (url_key, netloc)) %}
+{%         endif %}
+{%       endfor %}
+{%     endif %}
+{%   endfor %}
 {%   for k in ['ssl_proxy_ca_crt', 'health-check-failover-ssl-proxy-ca-crt'] %}
 {%     if k in slave %}
 {%       set crt = slave.get(k, '') %}
@@ -909,4 +918,4 @@ parts =
  caucased-backend-client-promise
 {% for part in part_list %}
 {{ '  %s' % part }}
-{% endfor %}
\ No newline at end of file
+{% endfor %}
--- a/software/caddy-frontend/instance-slave-caddy-input-schema.json
+++ b/software/caddy-frontend/instance-slave-caddy-input-schema.json
@@ -348,6 +348,26 @@
      ],
      "type": "string",
      "default": "false"
+    },
+    "url-netloc-list": {
+      "type": "string",
+      "title": "[EXPERT] List of netlocs for \"Backend URL\"",
+      "description": "Space separated list of netlocs (ip and port) of backend to connect to. They will share the scheme and path of the original URL and additional backend parameters (like \"SSL Backend Authority's Certificate\"). Each of them will be used, and at least one is enough for the connectivity to work, and the best results are with \"Health Check\" feature enabled. Port is mandatory, so hostnames shall be provided as hostname:port (eg. example.com:80), IPv4 - as ipv4:port (eg. 127.0.0.1:80), IPv6 - as ipv6:port (eg. ::1:80). Simply this parameters only overrides netloc (network location) of the original URL."
+    },
+    "https-url-netloc-list": {
+      "type": "string",
+      "title": "[EXPERT] List of netlocs for \"HTTPS Backend URL\"",
+      "description": "See \"[EXPERT] List of netlocs for \"Backend URL\"\" description."
+    },
+    "health-check-failover-url-netloc-list": {
+      "type": "string",
+      "title": "[EXPERT] List of netlocs for \"Failover backend URL\"",
+      "description": "See \"[EXPERT] List of netlocs for \"Backend URL\"\" description."
+    },
+    "health-check-failover-https-url-netloc-list": {
+      "type": "string",
+      "title": "[EXPERT] List of netlocs for \"Failover HTTPS Backend URL\"",
+      "description": "See \"[EXPERT] List of netlocs for \"Backend URL\"\" description."
    }
  },
  "title": "Input Parameters",

--- a/software/caddy-frontend/instance.cfg.in
+++ b/software/caddy-frontend/instance.cfg.in
@@ -55,6 +55,7 @@ extra-context =
    import subprocess_module subprocess
    import functools_module functools
    import validators validators
+    import caddyprofiledummy caddyprofiledummy
 # Must match the key id in [switch-softwaretype] which uses this section.
    raw software_type RootSoftwareInstance-default-custom-personal-replicate


--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -53,7 +53,7 @@ context =
 {#-     * stabilise values for backend #}
 {%-   for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
 {%-     set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
-{%-     set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query} %}
+{%-     set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %}
 {%-     do slave_instance.__setitem__(prefix, info_dict) %}
 {%-   endfor %}
 {%-   do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
@@ -66,6 +66,7 @@ context =
 {%-     do info_dict.__setitem__('health-check-failover-path', parsed.path) %}
 {%-     do info_dict.__setitem__('health-check-failover-query', parsed.query) %}
 {%-     do info_dict.__setitem__('health-check-failover-fragment', parsed.fragment) %}
+{%-     do info_dict.__setitem__('health-check-netloc-list', slave_instance.get('health-check-failover-url-netloc-list', '').split()) %}
 {%-     do slave_instance.__setitem__(prefix, info_dict) %}
 {%-   endfor %}
 {%-   do slave_instance.__setitem__('health-check-failover-ssl-proxy-verify', ('' ~ slave_instance.get('health-check-failover-ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
@@ -658,4 +659,4 @@ commands =
 promise = check_command_execute
 name = ${:_buildout_section_name_}.py
 config-command =
-  ${logrotate:wrapper-path} -d
\ No newline at end of file
+  ${logrotate:wrapper-path} -d
--- a/software/caddy-frontend/templates/backend-haproxy.cfg.in
+++ b/software/caddy-frontend/templates/backend-haproxy.cfg.in
@@ -106,7 +106,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
 {%-         do path_list.append(query) %}
 {%-       endif %}
 {%-       set path = '?'.join(path_list) %}
-{%-       if hostname and port %}
+{%-       if hostname and port or len(info_dict['netloc-list']) > 0 %}
  timeout server {{ slave_instance['request-timeout'] }}s
  timeout connect {{ slave_instance['backend-connect-timeout'] }}s
  retries {{ slave_instance['backend-connect-retries'] }}
@@ -122,7 +122,15 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
 {%-           endif %}
 {%-           do active_check_option_list.append('timeout check %ss' % (slave_instance['health-check-timeout'])) %}
 {%-         endif %}
+{%-         if len(info_dict['netloc-list']) > 0 %}
+{%-           set counter = {'count': 1} %}
+{%-           for netloc in info_dict['netloc-list'] %}
+  server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }}-{{ counter['count'] }} {{ netloc }} {{ ' '.join(ssl_list) }} {{ ' ' + ' '.join(active_check_list)}}
+{%-             do counter.__setitem__('count', counter['count'] + 1) %}
+{%-           endfor %}
+{%-         else %}
  server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }} {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }} {{ ' ' + ' '.join(active_check_list)}}
+{%-         endif %}
 {%-         for active_check_option in active_check_option_list %}
  {{ active_check_option }}
 {%-         endfor %}
@@ -161,10 +169,18 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover
 {%-       endif %}
 {%-       set path = '?'.join(path_list) %}
 {%-       if hostname and port %}
-  timeout server {{ slave_instance['request-timeout'] }}s
+{%-         if len(info_dict['health-check-netloc-list']) > 0 %}
+{%-           set counter = {'count': 1} %}
+{%-           for netloc in info_dict['health-check-netloc-list'] %}
+  server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }}-{{ counter['count'] }} {{ netloc }} {{ ' '.join(ssl_list) }}
+{%-             do counter.__setitem__('count', counter['count'] + 1) %}
+{%-           endfor %}
+{%-         else %}
+  server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }} {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }}
+{%-         endif %}
  timeout connect {{ slave_instance['backend-connect-timeout'] }}s
+  timeout server {{ slave_instance['request-timeout'] }}s
  retries {{ slave_instance['backend-connect-retries'] }}
-  server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }} {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }}
 {%-         if path %}
  http-request set-path {{ path }}%[path]
 {%-         endif %}

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
--- a/software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_log-CADDY.txt
@@ -21,6 +21,9 @@ T-2/var/log/httpd/_auth-to-backend-not-configured_error_log
 T-2/var/log/httpd/_auth-to-backend_access_log
 T-2/var/log/httpd/_auth-to-backend_backend_log
 T-2/var/log/httpd/_auth-to-backend_error_log
+T-2/var/log/httpd/_bad-backend_access_log
+T-2/var/log/httpd/_bad-backend_backend_log
+T-2/var/log/httpd/_bad-backend_error_log
 T-2/var/log/httpd/_ciphers_access_log
 T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
@@ -70,6 +73,9 @@ T-2/var/log/httpd/_enable_cache_server_alias_error_log
 T-2/var/log/httpd/_https-only_access_log
 T-2/var/log/httpd/_https-only_backend_log
 T-2/var/log/httpd/_https-only_error_log
+T-2/var/log/httpd/_https-url-netloc-list_access_log
+T-2/var/log/httpd/_https-url-netloc-list_backend_log
+T-2/var/log/httpd/_https-url-netloc-list_error_log
 T-2/var/log/httpd/_monitor-ipv4-test_access_log
 T-2/var/log/httpd/_monitor-ipv4-test_error_log
 T-2/var/log/httpd/_monitor-ipv6-test_access_log
@@ -153,6 +159,9 @@ T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_error_log
 T-2/var/log/httpd/_type-zope_access_log
 T-2/var/log/httpd/_type-zope_backend_log
 T-2/var/log/httpd/_type-zope_error_log
+T-2/var/log/httpd/_url-netloc-list_access_log
+T-2/var/log/httpd/_url-netloc-list_backend_log
+T-2/var/log/httpd/_url-netloc-list_error_log
 T-2/var/log/httpd/_url_https-url_access_log
 T-2/var/log/httpd/_url_https-url_backend_log
 T-2/var/log/httpd/_url_https-url_error_log

--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
@@ -21,6 +21,9 @@ T-2/var/log/httpd/_auth-to-backend-not-configured_error_log
 T-2/var/log/httpd/_auth-to-backend_access_log
 T-2/var/log/httpd/_auth-to-backend_backend_log
 T-2/var/log/httpd/_auth-to-backend_error_log
+T-2/var/log/httpd/_bad-backend_access_log
+T-2/var/log/httpd/_bad-backend_backend_log
+T-2/var/log/httpd/_bad-backend_error_log
 T-2/var/log/httpd/_ciphers_access_log
 T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
@@ -70,6 +73,9 @@ T-2/var/log/httpd/_enable_cache_server_alias_error_log
 T-2/var/log/httpd/_https-only_access_log
 T-2/var/log/httpd/_https-only_backend_log
 T-2/var/log/httpd/_https-only_error_log
+T-2/var/log/httpd/_https-url-netloc-list_access_log
+T-2/var/log/httpd/_https-url-netloc-list_backend_log
+T-2/var/log/httpd/_https-url-netloc-list_error_log
 T-2/var/log/httpd/_monitor-ipv4-test_access_log
 T-2/var/log/httpd/_monitor-ipv4-test_error_log
 T-2/var/log/httpd/_monitor-ipv6-test_access_log
@@ -153,6 +159,9 @@ T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_error_log
 T-2/var/log/httpd/_type-zope_access_log
 T-2/var/log/httpd/_type-zope_backend_log
 T-2/var/log/httpd/_type-zope_error_log
+T-2/var/log/httpd/_url-netloc-list_access_log
+T-2/var/log/httpd/_url-netloc-list_backend_log
+T-2/var/log/httpd/_url-netloc-list_error_log
 T-2/var/log/httpd/_url_https-url_access_log
 T-2/var/log/httpd/_url_https-url_backend_log
 T-2/var/log/httpd/_url_https-url_error_log

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_file_list_log-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_file_list_log-CADDY.txt
@@ -24,6 +24,9 @@ T-2/var/log/httpd/_health-check-disabled_error_log
 T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_access_log
 T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_backend_log
 T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_error_log
+T-2/var/log/httpd/_health-check-failover-url-netloc-list_access_log
+T-2/var/log/httpd/_health-check-failover-url-netloc-list_backend_log
+T-2/var/log/httpd/_health-check-failover-url-netloc-list_error_log
 T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_access_log
 T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_backend_log
 T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_error_log

--- a/software/erp5/instance-erp5-input-schema.json
+++ b/software/erp5/instance-erp5-input-schema.json
@@ -622,6 +622,11 @@
              }
            }
          ]
+        },
+        "random-activity-priority": {
+          "type": "string",
+          "title": "Random Activity Priority",
+          "description": "Control `random_activity_priority` argument of test runner. Can be set to an empty string to automatically generate a seed for each test."
        }
      },
      "type": "object"

--- a/software/kvm/test/test.py
+++ b/software/kvm/test/test.py
@@ -1407,7 +1407,8 @@ class TestDiskDevicePathWipeDiskOndestroy(InstanceTestCase, KvmMixin):
    with open(slapos_wipe_device_disk) as fh:
      self.assertEqual(
        fh.read().strip(),
-        r"""dd if=/dev/zero of=/dev/virt0 bs=4096 count=500k
+        r"""#!/bin/sh
+dd if=/dev/zero of=/dev/virt0 bs=4096 count=500k
 dd if=/dev/zero of=/dev/virt1 bs=4096 count=500k"""
      )
    self.assertTrue(os.access(slapos_wipe_device_disk, os.X_OK))

--- a/software/powerdns/software.cfg
+++ b/software/powerdns/software.cfg
@@ -13,6 +13,10 @@ parts =
 [python]
 part = python3

+[gcc]
+# powerdns needs a compiler with C++17 features
+min_version = 8
+
 [eggs]
 recipe = zc.recipe.egg
 eggs =

--- a/software/slapos-master/buildout.hash.cfg
+++ b/software/slapos-master/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template-erp5]
 filename = instance-erp5.cfg.in
-md5sum = 84f099cc9852c4f53a075dccbb3880f0
+md5sum = ce9c231ec47eb8f528345add21cb7822

 [template-balancer]
 filename = instance-balancer.cfg.in

--- a/software/slapos-master/instance-erp5.cfg.in
+++ b/software/slapos-master/instance-erp5.cfg.in
@@ -21,6 +21,7 @@
 {%   set test_runner_total_database_count = mariadb_test_database_amount %}
 {%   set test_runner_enabled = mariadb_test_database_amount > 0 %}
 {% endif -%}
+{% set test_runner_random_activity_priority = slapparameter_dict.get('test-runner', {}).get('random-activity-priority') -%}
 {% set monitor_base_url_dict = {} -%}
 {% set monitor_dict = slapparameter_dict.get('monitor', {}) %}
 {% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
@@ -256,6 +257,7 @@ config-wendelin-core-zblk-fmt = {{ dumps(slapparameter_dict.get('wendelin-core-z
 config-wsgi = {{ dumps(slapparameter_dict.get('wsgi', True)) }}
 config-test-runner-enabled = {{ dumps(test_runner_enabled) }}
 config-test-runner-node-count = {{ dumps(test_runner_node_count) }}
+config-test-runner-random-activity-priority = {{ dumps(test_runner_random_activity_priority) }}
 config-wcfs_enable = {{ dumps(wcfs_enable) }}
 config-test-runner-configuration = {{ dumps(slapparameter_dict.get('test-runner', {})) }}
 software-type = zope

--- a/software/slapos-sr-testing/software.cfg
+++ b/software/slapos-sr-testing/software.cfg
@@ -298,6 +298,7 @@ eggs = ${python-interpreter:eggs}
 scripts =
  slapos
  supervisord
+  caucase

 [git-clone-repository]
 recipe = slapos.recipe.build:gitclone

--- a/software/theia/buildout.hash.cfg
+++ b/software/theia/buildout.hash.cfg
@@ -15,7 +15,7 @@

 [instance-theia]
 _update_hash_filename_ = instance-theia.cfg.jinja.in
-md5sum = f396d9a0780f4fb17016dbd32b56d7b8
+md5sum = 8e4f43e603a5dd57752758c987465d41

 [instance]
 _update_hash_filename_ = instance.cfg.in
@@ -47,7 +47,7 @@ md5sum = 9e8c17a4b2d802695caf0c2c052f0d11

 [yarn.lock]
 _update_hash_filename_ = yarn.lock
-md5sum = 6faa52754c46e505912a478bc8ba3300
+md5sum = 067d2db611b21f77885f3adfd7f81453

 [python-language-server-requirements.txt]
 _update_hash_filename_ = python-language-server-requirements.txt
@@ -59,7 +59,7 @@ md5sum = 8157c22134200bd862a07c6521ebf799

 [slapos.css.in]
 _update_hash_filename_ = slapos.css.in
-md5sum = 841141fc699b8d8918ed0669e6e61995
+md5sum = d2930ec3ef973b7908f0fa896033fd64

 [logo.png]
 _update_hash_filename_ = logo.png

--- a/software/theia/instance-theia.cfg.jinja.in
+++ b/software/theia/instance-theia.cfg.jinja.in
@@ -71,7 +71,7 @@ recipe =
 instance-promises =
  $${theia-listen-promise:name}
  $${frontend-listen-promise:name}
-  $${frontend-authentification-promise:name}
+  $${frontend-authentication-promise:name}
  $${remote-frontend-url-available-promise:name}
  {% if additional_frontend %}
  $${remote-additional-frontend-url-available-promise:name}
@@ -94,15 +94,15 @@ name = $${:_buildout_section_name_}.py
 config-host = $${frontend-instance:ip}
 config-port = $${frontend-instance:port}

-[frontend-authentification-promise]
+[frontend-authentication-promise]
 <= monitor-promise-base
 promise = check_url_available
 name = $${:_buildout_section_name_}.py
-username = $${frontend-instance-password:username}
-password = $${frontend-instance-password:passwd}
 ip = $${frontend-instance:ip}
 port = $${frontend-instance:port}
-config-url = https://$${:username}:$${:password}@[$${:ip}]:$${:port}
+config-url = https://[$${:ip}]:$${:port}
+config-username = $${frontend-instance-password:username}
+config-password = $${frontend-instance-password:passwd}

 [remote-frontend-url-available-promise]
 <= monitor-promise-base
@@ -184,6 +184,7 @@ sla-instance_guid = {{ parameter_dict['additional-frontend-guid'] }}
 recipe = slapos.cookbook:generate.password
 username = admin
 bytes = 12
+storage-path = $${buildout:parts-directory}/.$${:_buildout_section_name_}

 [frontend-instance-port]
 recipe = slapos.cookbook:free_port

--- a/software/theia/slapos.css.in
+++ b/software/theia/slapos.css.in
-/* backported fixes */
-/* https://github.com/eclipse-theia/theia/commit/616c34e1c446a706f4cb02182b2d9195ef3ea854 */
-.monaco-editor .monaco-list .monaco-list-row.focused,
-.monaco-editor .monaco-list .monaco-list-row.focused,
-.monaco-editor .monaco-list .monaco-list-row.focused .suggest-icon {
-  color: var(--theia-list-activeSelectionForeground) !important;
-  background-color: var(--theia-list-activeSelectionBackground) !important;
-}
-
 /* logo */
 .theia-icon {
    background-image: url('/{{ logo_image }}');

--- a/software/theia/yarn.lock
+++ b/software/theia/yarn.lock
--- a/stack/erp5/buildout.hash.cfg
+++ b/stack/erp5/buildout.hash.cfg
@@ -74,7 +74,7 @@ md5sum = bbef65b4edeb342f08309604ca3717d5

 [template-erp5]
 filename = instance-erp5.cfg.in
-md5sum = fcc8470824c448a56e2282c43b870cb5
+md5sum = c10634353841bb09a847168b4add8d2f

 [template-zeo]
 filename = instance-zeo.cfg.in
@@ -86,7 +86,7 @@ md5sum = bc821f9f9696953b10a03ad7b59a1936

 [template-zope]
 filename = instance-zope.cfg.in
-md5sum = 769e81946c346530cebfce6ad7553165
+md5sum = f3121380ab4d31ba5f4984aec74d0a2f

 [template-balancer]
 filename = instance-balancer.cfg.in

--- a/stack/erp5/instance-erp5.cfg.in
+++ b/stack/erp5/instance-erp5.cfg.in
@@ -21,6 +21,7 @@
 {%   set test_runner_total_database_count = mariadb_test_database_amount %}
 {%   set test_runner_enabled = mariadb_test_database_amount > 0 %}
 {% endif -%}
+{% set test_runner_random_activity_priority = slapparameter_dict.get('test-runner', {}).get('random-activity-priority') -%}
 {% set monitor_base_url_dict = {} -%}
 {% set monitor_dict = slapparameter_dict.get('monitor', {}) %}
 {% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
@@ -259,6 +260,7 @@ config-wendelin-core-zblk-fmt = {{ dumps(slapparameter_dict.get('wendelin-core-z
 config-wsgi = {{ dumps(slapparameter_dict.get('wsgi', True)) }}
 config-test-runner-enabled = {{ dumps(test_runner_enabled) }}
 config-test-runner-node-count = {{ dumps(test_runner_node_count) }}
+config-test-runner-random-activity-priority = {{ dumps(test_runner_random_activity_priority) }}
 config-wcfs_enable = {{ dumps(wcfs_enable) }}
 config-test-runner-configuration = {{ dumps(slapparameter_dict.get('test-runner', {})) }}
 software-type = zope

--- a/stack/erp5/instance-zope.cfg.in
+++ b/stack/erp5/instance-zope.cfg.in
@@ -13,6 +13,7 @@
 {% set test_runner_address_list = [] -%}
 {% set test_runner_enabled = slapparameter_dict['test-runner-enabled'] -%}
 {% set test_runner_node_count = slapparameter_dict['test-runner-node-count'] -%}
+{% set test_runner_random_activity_priority = slapparameter_dict['test-runner-random-activity-priority'] -%}
 {% set longrequest_logger_base_path = buildout_directory ~ '/var/log/longrequest_logger_' -%}
 {% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
 {% set bin_directory = parameter_dict['buildout-bin-directory'] -%}
@@ -503,6 +504,9 @@ command-line-extra =
  --extra_sql_connection_string_list '{{ ','.join(connection_string_list[1:]) }}'
  --zserver {{ test_runner_address_list[0][0] ~ ':' ~ test_runner_address_list[0][1] }}
  --zserver_frontend_url {{ slapparameter_dict['test-runner-apache-url-list'][0] }}
+  {% if test_runner_random_activity_priority is not none %}
+    --random_activity_priority={{ test_runner_random_activity_priority }}
+  {%- endif %}

 [{{ section('runTestSuite') }}]
 < = run-test-common

--- a/stack/slapos.cfg
+++ b/stack/slapos.cfg
@@ -196,8 +196,8 @@ slapos.extension.strip = 0.4
 slapos.extension.shared = 1.0
 slapos.libnetworkcache = 0.20
 slapos.rebootstrap = 4.5
-slapos.recipe.build = 0.49
-slapos.recipe.cmmi = 0.17
+slapos.recipe.build = 0.50
+slapos.recipe.cmmi = 0.18
 slapos.recipe.template = 4.6
 slapos.toolbox = 0.126
 stevedore = 1.21.0:whl