Commit e36bc39c authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

Update Release Candidate

parents 75f350ea f93bb882
...@@ -35,6 +35,11 @@ recipe = slapos.recipe.build ...@@ -35,6 +35,11 @@ recipe = slapos.recipe.build
shared = true shared = true
pyyaml = ${pyyaml-download:target} pyyaml = ${pyyaml-download:target}
pyaml = ${pyaml-download:target} pyaml = ${pyaml-download:target}
init =
# add the python executable in the options dict so that
# buildout signature changes if python executable changes
import sys
options['python-executable'] = sys.executable
install = install =
import os, sys import os, sys
......
...@@ -48,11 +48,20 @@ md5sum = dbf727a4b0e365bf88d97cbfde590016 ...@@ -48,11 +48,20 @@ md5sum = dbf727a4b0e365bf88d97cbfde590016
environment-extra = environment-extra =
# build Go without testing it # build Go without testing it
# NOTE go1.4 does not have build cache # NOTE go1.4 does not have build cache
make-targets= cd src && unset GOBIN && ./make.bash && cp -alf .. ${:location} setarch =
make-targets= cd src && unset GOBIN && ${:setarch} ./make.bash && cp -alf .. ${:location}
# go1.4 is used for bootstrap and does not support CGO
environment-extra =
CGO_ENABLED=0
# skip-chown-tests.patch does not apply to go1.4, but we don't run go1.4 tests. # skip-chown-tests.patch does not apply to go1.4, but we don't run go1.4 tests.
patches = patches =
# go1.4 does not have support for arm64 - build it in arm32 mode
[golang14:platform.machine() == 'aarch64']
setarch = setarch arm
[golang1.12] [golang1.12]
<= golang-common <= golang-common
......
...@@ -13,8 +13,8 @@ parts = haproxy ...@@ -13,8 +13,8 @@ parts = haproxy
[haproxy] [haproxy]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://www.haproxy.org/download/2.0/src/haproxy-2.0.29.tar.gz url = http://www.haproxy.org/download/2.6/src/haproxy-2.6.7.tar.gz
md5sum = a4c4983c7ed51946bdde1d0eceedd527 md5sum = cfa36413f2bc5187ab34ffcdf71914d4
configure-command = true configure-command = true
# for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET, # for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET,
# otherwise use "generic". # otherwise use "generic".
...@@ -22,22 +22,43 @@ configure-command = true ...@@ -22,22 +22,43 @@ configure-command = true
# CPU is generic, and not native, as in SlapOS software released are # CPU is generic, and not native, as in SlapOS software released are
# distributed in binary form, which may lead to incompatibility of such # distributed in binary form, which may lead to incompatibility of such
# compilation optimisation across various CPUs # compilation optimisation across various CPUs
TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
CPU=generic
ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
# By default haproxy is build w/o QUIC support
SSL_INC=${openssl:location}/include
SSL_LIB=${openssl:location}/lib
SSL_ADDLIB=-Wl,-rpath=${openssl:location}/lib
QUIC=
make-options = make-options =
TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)" TARGET=${:TARGET}
CPU=generic CPU=${:CPU}
ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')" ARCH=${:ARCH}
PREFIX=@@LOCATION@@ PREFIX=@@LOCATION@@
USE_DL=1 USE_DL=1
USE_LUA=1 USE_LUA=1
LUA_INC=${lua:location}/include LUA_INC=${lua:location}/include
LUA_LIB=${lua:location}/lib LUA_LIB=${lua:location}/lib
USE_OPENSSL=1 USE_OPENSSL=1
SSL_INC=${openssl:location}/include SSL_INC=${:SSL_INC}
SSL_LIB=${openssl:location}/lib SSL_LIB=${:SSL_LIB}
${:QUIC}
USE_PCRE=1 USE_PCRE=1
USE_ZLIB=1 USE_ZLIB=1
ZLIB_INC=${zlib:location}/include ZLIB_INC=${zlib:location}/include
ZLIB_LIB=${zlib:location}/lib ZLIB_LIB=${zlib:location}/lib
ADDLIB="-Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib" ADDLIB="${:SSL_ADDLIB} -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
environment = environment =
PATH=${pcre:location}/bin:%(PATH)s PATH=${pcre:location}/bin:%(PATH)s
[haproxy-quic]
<= haproxy
SSL_INC=${openssl-quictls:location}/include
SSL_LIB=${openssl-quictls:location}/lib
SSL_ADDLIB=-Wl,-rpath=${openssl-quictls:location}/lib
QUIC=USE_QUIC=1
[buildout] [buildout]
extends = extends =
buildout.hash.cfg buildout.hash.cfg
../../stack/slapos.cfg ../../stack/slapos.cfg
../openssl/buildout.cfg ../openssl/buildout.cfg
...@@ -62,48 +62,26 @@ context = ...@@ -62,48 +62,26 @@ context =
[versions] [versions]
Pygments = 2.2.0 Pygments = 2.2.0
astor = 0.5
backports-abc = 0.5
backports.shutil-get-terminal-size = 1.0.0
ipykernel = 4.5.2 ipykernel = 4.5.2
ipython = 5.3.0 ipython = 5.3.0
ipython-genutils = 0.1.0
ipywidgets = 6.0.0
jupyter-client = 5.0.0 jupyter-client = 5.0.0
jupyter-core = 4.3.0 jupyter-core = 4.3.0
jupyterlab = 0.26.3
jupyterlab-launcher = 0.3.1
matplotlib = 2.1.2
mistune = 0.7.3 mistune = 0.7.3
nbformat = 4.3.0 nbformat = 4.3.0
notebook = 4.4.1 notebook = 4.4.1
prompt-toolkit = 1.0.13 prompt-toolkit = 1.0.13
ptyprocess = 0.5.1
pyzmq = 16.0.2 pyzmq = 16.0.2
scikit-learn = 0.18.1 scikit-learn = 0.18.1
seaborn = 0.7.1
simplegeneric = 0.8.1
statsmodels = 0.8.0 statsmodels = 0.8.0
terminado = 0.6 terminado = 0.6
tornado = 4.4.2 tornado = 4.4.2
widgetsnbextension = 2.0.0 traitlets = 4.3.3
# nbconvert 4.2.0 depends on entrypoints egg that is not available as tar/zip source. # nbconvert 4.2.0 depends on entrypoints egg that is not available as tar/zip source.
nbconvert = 4.1.0 nbconvert = 4.1.0
pathlib2 = 2.2.1 pathlib2 = 2.2.1
patsy = 0.4.1 patsy = 0.4.1
pexpect = 4.2.1 pexpect = 4.2.1
pickleshare = 0.7.4
scandir = 1.5 scandir = 1.5
singledispatch = 3.4.0.3
wcwidth = 0.1.7 wcwidth = 0.1.7
jupyter = 1.0.0
jupyter-console = 5.1.0 jupyter-console = 5.1.0
qtconsole = 4.3.0
et-xmlfile = 1.0.1
h5py = 2.7.1
mpmath = 1.0.0
openpyxl = 2.5.2
sympy = 1.1.1
xlrd = 1.1.0
jdcal = 1.4
...@@ -63,24 +63,24 @@ setup-eggs = ...@@ -63,24 +63,24 @@ setup-eggs =
${numpy:egg} ${numpy:egg}
${python-pyzmq:egg} ${python-pyzmq:egg}
${ipython:egg} ${ipython:egg}
scripts = scripts =
jupyter-kernelspec jupyter-kernelspec
pythonjupyter pythonjupyter
jupyter jupyter
jupyter-trust jupyter-trust
jupyter-nbconvert
jupyter-console jupyter-console
jupyter-migrate jupyter-migrate
jupyter-troubleshoot jupyter-troubleshoot
jupyter-run jupyter-run
[jupyter-notebook-initialized-scripts] [jupyter-notebook-initialized-scripts]
recipe = zc.recipe.egg:scripts recipe = zc.recipe.egg:scripts
eggs = ${jupyter:eggs} eggs = ${jupyter:eggs}
environment = jupyter-env environment = jupyter-env
scripts = scripts =
jupyter-nbconvert
jupyter-nbextension jupyter-nbextension
jupyter-notebook jupyter-notebook
jupyter-serverextension jupyter-serverextension
......
[buildout] [buildout]
extends =
../patch/buildout.cfg
parts = parts =
libiconv libiconv
[libiconv] [libiconv]
patch-binary = ${patch:location}/bin/patch
patch-options = -p1
patches =
${:_profile_base_location_}/libiconv.gets.patch#8a20d8afe0617fce56f77537d2b84621
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz url = http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.17.tar.gz
md5sum = e34509b1623cec449dfeb73d7ce9c6c6 md5sum = d718cd5a59438be666d1575855be72c3
--- libiconv-1.14.orig/srclib/stdio.in.h 2011-08-07 13:42:06.000000000 +0000
+++ libiconv-1.14/srclib/stdio.in.h 2013-01-09 19:56:21.115819812 +0000
@@ -680,22 +680,7 @@
#endif
#if @GNULIB_GETS@
-# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
-# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
-# undef gets
-# define gets rpl_gets
-# endif
-_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1)));
-_GL_CXXALIAS_RPL (gets, char *, (char *s));
-# else
-_GL_CXXALIAS_SYS (gets, char *, (char *s));
-# undef gets
-# endif
-_GL_CXXALIASWARN (gets);
-/* It is very rare that the developer ever has full control of stdin,
- so any use of gets warrants an unconditional warning. Assume it is
- always declared, since it is required by C89. */
-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#undef gets
#endif
...@@ -46,6 +46,11 @@ make-targets = ...@@ -46,6 +46,11 @@ make-targets =
environment = environment =
PERL=${perl:location}/bin/perl PERL=${perl:location}/bin/perl
[openssl-quictls]
<= openssl
url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1s+quic1.tar.gz
md5sum = 8ee8e1828879e2b527eca5dcc7923769
[openssl-output] [openssl-output]
# Shared binary location to ease migration # Shared binary location to ease migration
recipe = plone.recipe.command recipe = plone.recipe.command
......
...@@ -18,7 +18,7 @@ parts = ...@@ -18,7 +18,7 @@ parts =
python3 python3
[python3] [python3]
<= python3.8 <= python3.9
[python3-common] [python3-common]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
......
[buildout]
parts =
selenium
[selenium]
recipe = zc.recipe.egg
egg = selenium
# patch to support python3.9
selenium-patches = https://github.com/SeleniumHQ/selenium/commit/ddd163b681776292a72c39352581cf5c9d4f88f4.patch#c801fade1cd2019c063a0f0ef7cca3fe
selenium-patch-options = -p2
[versions]
selenium = 3.141.0+SlapOSPatched001
...@@ -38,6 +38,7 @@ environment = ...@@ -38,6 +38,7 @@ environment =
PATH=${nodejs:location}/bin:${pkgconfig:location}/bin:${python3:location}/bin:%(PATH)s PATH=${nodejs:location}/bin:${pkgconfig:location}/bin:${python3:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${libsecret:pkg-config-path} PKG_CONFIG_PATH=${libsecret:pkg-config-path}
LDFLAGS=-Wl,-rpath=${libsecret:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib LDFLAGS=-Wl,-rpath=${libsecret:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib
NODE_OPTIONS=--max_old_space_size=4096
pre-configure = pre-configure =
mkdir -p $TMPDIR mkdir -p $TMPDIR
echo '${package.json:content}' > %(location)s/package.json echo '${package.json:content}' > %(location)s/package.json
......
...@@ -97,8 +97,8 @@ environment = ...@@ -97,8 +97,8 @@ environment =
[xcbproto] [xcbproto]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = https://xcb.freedesktop.org/dist/xcb-proto-1.13.tar.bz2 url = https://xcb.freedesktop.org/dist/xcb-proto-1.15.1.tar.gz
md5sum = abe9aa4886138150bbc04ae4f29b90e3 md5sum = 3ee98337cda244996fab03df47e09df8
environment = environment =
PATH=${libxml2:location}/bin:%(PATH)s PATH=${libxml2:location}/bin:%(PATH)s
PYTHON=${buildout:executable} PYTHON=${buildout:executable}
......
...@@ -7,7 +7,7 @@ extends = ...@@ -7,7 +7,7 @@ extends =
../../stack/monitor/buildout.cfg ../../stack/monitor/buildout.cfg
../../stack/slapos.cfg ../../stack/slapos.cfg
parts = parts =
beremiz-source beremiz-source
slapos-cookbook slapos-cookbook
instance-profile instance-profile
...@@ -95,7 +95,6 @@ Automat = 0.3.0 ...@@ -95,7 +95,6 @@ Automat = 0.3.0
zope.interface = 4.4.2 zope.interface = 4.4.2
Nevow = 0.14.5 Nevow = 0.14.5
PyHamcrest = 2.0.2 PyHamcrest = 2.0.2
Pygments = 2.9.0
Pyro = 3.16 Pyro = 3.16
bitarray = 2.1.3 bitarray = 2.1.3
constantly = 15.1.0 constantly = 15.1.0
...@@ -103,7 +102,6 @@ future = 0.18.2 ...@@ -103,7 +102,6 @@ future = 0.18.2
hyperlink = 21.0.0 hyperlink = 21.0.0
incremental = 21.3.0 incremental = 21.3.0
pathlib = 1.0.1 pathlib = 1.0.1
prompt-toolkit = 3.0.19
zeroconf-py2compat = 0.19.10 zeroconf-py2compat = 0.19.10
# Required by: # Required by:
......
Changes
=======
Here are listed the most important changes, which might affect upgrades.
1.0.XXX (XXXX-XX-XX)
--------------------
* fix: exposed log file names are stabilised
* feature: in case of not found instance more information are provided
* feature: telemetry is fully disabled
* feature: Apache Traffic Server 8.0 is used
* feature: backend-haproxy statistic for haproxy's frontend is available
* fix: slave publication has been fixed in case of mixed case slave reference
* feature: running test/test.py resolves with starting backend used in tests
* fix: automatic caucase-updater usage has been fixed
* fix/workaround: reconnect to backend-haproxy from Caddy and Apache Traffic Server
* fix/feature: use explicitly Apache Traffic Server simulation of stale-if-error, as in reality Apache Traffic Server does not support it
* feature: dropped not used parameters
* feature: Strict-Transport-Security aka HSTS
* fix: use kedifa with with for file with multiple CAs
* feature: support query string (the characters after ? in the url) in url and https-url
* fix: by having unique acl names fix rare bug of directing traffic to https-url instead of url or otherwise
* feature: failover backend
1.0.164 (2020-09-24)
--------------------
* feature: serve a stale result up to 1 day if the origin server is down
* feature: request real frontend for slave introspection (aka log access)
* fix: Kedifa reloading, it was resulting with kedifa server disallowing access after some time
* feature: allow to set software release for each node, instead for the whole cluster
* fix: haproxy matches correct hostname in case of wildcards, instead of using wildcard host instead of the specific one
1.0.160 (2020-08-25)
--------------------
* haproxy updated from 2.0.15 to 2.0.17 in order to fix issue while accessing inaccessible backends
1.0.159 (2020-07-30)
--------------------
* logs are ensured to be available in slave's ``log-access-url``
* logs from backend Haproxy are also available to slaves
1.0.158 (2020-07-24)
--------------------
* manual customisation of profiles has been dropped, as not used, dropped keys are ``apache_custom_http``, ``apache_custom_https``, ``caddy_custom_http``, ``caddy_custom_https`` from slaves and ``-frontend-authorized-slave-string`` from master
* ``re6st-optimal-test`` has been dropped from slave
* QUIC is dropped, as was not used and has been superseded by HTTP/3, dropped key is ``enable-quic`` from master
* haproxy is used as a gateway to backends:
* ``automatic-internal-backend-client-caucase-csr`` switch for master is introduced to control it CSR signing
* ``proxy-try-duration`` and ``proxy-try-interval`` has been dropped, as Caddy is not used anymore to connect to the backend, and instead ``backend-connect-timeout`` and ``backend-connect-retries`` is used, as it comes from Haproxy
* ``backend-client-caucase-url`` is returned in master and slave, so that backends can use caucase to fetch CA from frontend cluster
* ``request-timeout`` is supported per slave, as now it became possible
* ``authenticate-to-backend`` is added for master and slave, defaulting to False, to have control over cluster default authentication, and make it possible to do it per slave
1.0.149 (2020-05-05)
--------------------
* no changes noted
import {{ slave_configuration_directory }}/*.conf
:{{ https_port }} {
tls {{ master_certificate }} {{ master_certificate }} {
# Allow http2
alpn h2 http/1.1
}
bind {{ local_ipv4 }}
status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 10000000
}
errors {{ error_log }} {
rotate_size 10000000
* {{ not_found_file }}
}
}
:{{ http_port }} {
bind {{ local_ipv4 }}
status 404 /
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 10000000
}
errors {{ error_log }} {
rotate_size 10000000
* {{ not_found_file }}
}
}
# Access to server-status Caddy-style
https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-certificate'] }} {
# Allow http2
alpn h2 http/1.1
}
bind {{ local_ipv4 }}
basicauth "{{ username }}" {{ password | trim }} {
"Server Status"
/
}
expvar
pprof
log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
rotate_size 10000000
}
errors {{ error_log }} {
rotate_size 10000000
* {{ not_found_file }}
}
}
############################################################################## ##############################################################################
# #
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved. # Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
# #
# WARNING: This program as such is intended to be used by professional # WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential # programmers who take the whole responsibility of assessing all potential
...@@ -25,8 +25,10 @@ ...@@ -25,8 +25,10 @@
# #
############################################################################## ##############################################################################
import itertools
import json import json
import os import os
import sys
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
...@@ -45,9 +47,138 @@ def setUpModule(): ...@@ -45,9 +47,138 @@ def setUpModule():
setup_module_executed = True setup_module_executed = True
class ERP5InstanceTestCase(SlapOSInstanceTestCase): # Metaclass to parameterize our tests.
# This is a rough adaption of the parameterized package:
# https://github.com/wolever/parameterized
# Consult following note for rationale why we don't use parameterized:
# https://lab.nexedi.com/nexedi/slapos/merge_requests/1306
class ERP5InstanceTestMeta(type):
"""Adjust ERP5InstanceTestCase instances to be run in several flavours (e.g. NEO/ZEO)
Adjustements can be declared via setting the '__test_matrix__' attribute
of a test case.
A test matrix is a dict which maps the flavoured class name suffix to
a tuple of parameters.
A parameter is a function which receives the instance_parameter_dict
and modifies it in place (therefore no return value is needed).
You can use the 'matrix' helper function to construct a test matrix.
If .__test_matrix__ is 'None' the test case is ignored.
If the test case should be run without any adaptions, you can set
.__test_matrix__ to 'matrix((default,))'.
"""
def __new__(cls, name, bases, attrs):
base_class = super().__new__(cls, name, bases, attrs)
if base_class._isParameterized():
cls._parameterize(base_class)
return base_class
# _isParameterized tells whether class is parameterized.
# All classes with 'metaclass=ERP5InstanceTestMeta' are parameterized
# except from a class which has been automatically instantiated from
# such user class. This exception prevents infinite recursion due to
# a parameterized class which tries to parameterize itself again.
def _isParameterized(self):
return not getattr(self, '.created_by_parametrize', False)
# Create multiple test classes from single definition.
@classmethod
def _parameterize(cls, base_class):
mod_dict = sys.modules[base_class.__module__].__dict__
for class_name_suffix, parameter_tuple in (base_class.__test_matrix__ or {}).items():
parameterized_cls_dict = dict(
base_class.__dict__,
**{
# Avoid infinite loop by a parameterized class which
# parameterize itself again and again and..
".created_by_parametrize": True,
# Switch
#
# .getInstanceParameterDict to ._test_getInstanceParameterDict
# ._base_getInstanceParameterDict to .getInstanceParameterDict
#
# so that we could inject base implementation to be called above
# user-defined getInstanceParameterDict.
"_test_getInstanceParameterDict": base_class.getInstanceParameterDict,
"getInstanceParameterDict": cls._getParameterizedInstanceParameterDict(parameter_tuple)
}
)
name = f"{base_class.__name__}_{class_name_suffix}"
mod_dict[name] = type(name, (base_class,), parameterized_cls_dict)
# _getParameterizedInstanceParameterDict returns a modified version of
# a test cases original 'getInstanceParameterDict'. The modified version
# applies parameters on the default instance parameters.
@staticmethod
def _getParameterizedInstanceParameterDict(parameter_tuple):
@classmethod
def getInstanceParameterDict(cls):
instance_parameter_dict = json.loads(
cls._test_getInstanceParameterDict().get("_", r"{}")
)
[p(instance_parameter_dict) for p in parameter_tuple]
return {"_": json.dumps(instance_parameter_dict)}
return getInstanceParameterDict
# Hide tests in unpatched base class: It doesn't make sense to run tests
# in original class, because parameters have not been assigned yet.
#
# We can't simply call 'delattr', because this wouldn't remove
# inherited tests. Overriding dir is sufficient, because this is
# the way how unittest discovers tests:
# https://github.com/python/cpython/blob/3.11/Lib/unittest/loader.py#L237
def __dir__(self):
if self._isParameterized():
return [attr for attr in super().__dir__() if not attr.startswith('test')]
return super().__dir__()
def matrix(*parameter_tuple):
"""matrix creates a mapping of test_name -> parameter_tuple.
Each provided parameter_tuple won't be combined within itself,
but with any other provided parameter_tuple, for instance
>>> parameter_tuple0 = (param0, param1)
>>> parameter_tuple1 = (param2, param3)
>>> matrix(parameter_tuple0, parameter_tuple1)
will return all options of (param0 | param1) & (param2 | param3):
- param0_param2
- param0_param3
- param1_param2
- param1_param3
"""
return {
"_".join([p.__name__ for p in params]): params
for params in itertools.product(*parameter_tuple)
}
# Define parameters (function which receives instance params + modifies them).
#
# default runs tests without any adaption
def default(instance_parameter_dict): ...
def zeo(instance_parameter_dict):
instance_parameter_dict['zodb'] = [{"type": "zeo", "server": {}}]
def neo(instance_parameter_dict):
# We don't provide encryption certificates in test runs for the sake
# of simplicity. By default SSL is turned on, we need to explicitly
# deactivate it:
# https://lab.nexedi.com/nexedi/slapos/blob/a8150a1ac/software/neoppod/instance-neo-input-schema.json#L61-65
instance_parameter_dict['zodb'] = [{"type": "neo", "server": {"ssl": False}}]
class ERP5InstanceTestCase(SlapOSInstanceTestCase, metaclass=ERP5InstanceTestMeta):
"""ERP5 base test case """ERP5 base test case
""" """
__test_matrix__ = matrix((zeo, neo)) # switch between NEO and ZEO mode
@classmethod @classmethod
def getRootPartitionConnectionParameterDict(cls): def getRootPartitionConnectionParameterDict(cls):
"""Return the output paramters from the root partition""" """Return the output paramters from the root partition"""
......
...@@ -25,7 +25,7 @@ from slapos.testing.testcase import ManagedResource ...@@ -25,7 +25,7 @@ from slapos.testing.testcase import ManagedResource
from slapos.testing.utils import (CrontabMixin, ManagedHTTPServer, from slapos.testing.utils import (CrontabMixin, ManagedHTTPServer,
findFreeTCPPort) findFreeTCPPort)
from . import ERP5InstanceTestCase, setUpModule from . import ERP5InstanceTestCase, setUpModule, matrix, default
setUpModule # pyflakes setUpModule # pyflakes
...@@ -132,6 +132,12 @@ class CaucaseService(ManagedResource): ...@@ -132,6 +132,12 @@ class CaucaseService(ManagedResource):
class BalancerTestCase(ERP5InstanceTestCase): class BalancerTestCase(ERP5InstanceTestCase):
# We explicitly specify 'balancer' as our software type here,
# therefore we don't request ZODB. We therefore don't
# need to run these tests with both NEO and ZEO mode,
# it wouldn't make any difference.
# https://lab.nexedi.com/nexedi/slapos/blob/273037c8/stack/erp5/instance.cfg.in#L216-230
__test_matrix__ = matrix((default,))
@classmethod @classmethod
def getInstanceSoftwareType(cls): def getInstanceSoftwareType(cls):
......
############################################################################## ##############################################################################
# #
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved. # Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
# #
# WARNING: This program as such is intended to be used by professional # WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential # programmers who take the whole responsibility of assessing all potential
...@@ -46,7 +46,7 @@ import xmlrpc.client ...@@ -46,7 +46,7 @@ import xmlrpc.client
import urllib3 import urllib3
from slapos.testing.utils import CrontabMixin from slapos.testing.utils import CrontabMixin
from . import ERP5InstanceTestCase, setUpModule from . import ERP5InstanceTestCase, setUpModule, matrix, default
setUpModule # pyflakes setUpModule # pyflakes
...@@ -119,6 +119,7 @@ class TestDefaultParameters(ERP5InstanceTestCase, TestPublishedURLIsReachableMix ...@@ -119,6 +119,7 @@ class TestDefaultParameters(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
"""Test ERP5 can be instantiated with no parameters """Test ERP5 can be instantiated with no parameters
""" """
__partition_reference__ = 'defp' __partition_reference__ = 'defp'
__test_matrix__ = matrix((default,))
class TestMedusa(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin): class TestMedusa(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
...@@ -310,6 +311,7 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac ...@@ -310,6 +311,7 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac
"""Test override zope node parameters """Test override zope node parameters
""" """
__partition_reference__ = 'override' __partition_reference__ = 'override'
__test_matrix__ = matrix((default,))
@classmethod @classmethod
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
......
...@@ -45,6 +45,9 @@ from slapos.testing.utils import getPromisePluginParameterDict ...@@ -45,6 +45,9 @@ from slapos.testing.utils import getPromisePluginParameterDict
from . import ERP5InstanceTestCase from . import ERP5InstanceTestCase
from . import setUpModule from . import setUpModule
from . import matrix
from . import default
setUpModule # pyflakes setUpModule # pyflakes
...@@ -52,6 +55,12 @@ class MariaDBTestCase(ERP5InstanceTestCase): ...@@ -52,6 +55,12 @@ class MariaDBTestCase(ERP5InstanceTestCase):
"""Base test case for mariadb tests. """Base test case for mariadb tests.
""" """
__partition_reference__ = 'm' __partition_reference__ = 'm'
# We explicitly specify 'mariadb' as our software type here,
# therefore we don't request ZODB. We therefore don't
# need to run these tests with both NEO and ZEO mode,
# it wouldn't make any difference.
# https://lab.nexedi.com/nexedi/slapos/blob/273037c8/stack/erp5/instance.cfg.in#L216-230
__test_matrix__ = matrix((default,))
@classmethod @classmethod
def getInstanceSoftwareType(cls): def getInstanceSoftwareType(cls):
......
# Copyright (C) 2021 Nexedi SA and Contributors. # Copyright (C) 2022 Nexedi SA and Contributors.
# #
# This program is free software: you can Use, Study, Modify and Redistribute # This program is free software: you can Use, Study, Modify and Redistribute
# it under the terms of the GNU General Public License version 3, or (at your # it under the terms of the GNU General Public License version 3, or (at your
...@@ -43,6 +43,18 @@ class TestWCFS(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin): ...@@ -43,6 +43,18 @@ class TestWCFS(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
""" """
__partition_reference__ = 'wcfs' __partition_reference__ = 'wcfs'
# Only run in ZEO mode; don't run with NEO.
# Current NEO/py and NEO/go versions have interoperability
# issues. Once these issues are fixed the following
# lines have to be removed so that test case runs agains NEO.
# Please see the following MR for more context:
# https://lab.nexedi.com/nexedi/slapos/merge_requests/1283#note_174854
@classmethod
def setUpClass(cls):
if json.loads(cls.getInstanceParameterDict()["_"])['zodb'][0]["type"] == "neo":
raise unittest.SkipTest("Not yet fixed WCFS+NEO interoperability issue.")
super().setUpClass()
@classmethod @classmethod
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return {'_': json.dumps({'wcfs': {'enable': True}})} return {'_': json.dumps({'wcfs': {'enable': True}})}
......
...@@ -46,7 +46,7 @@ from slapos.testing.testcase import ( ...@@ -46,7 +46,7 @@ from slapos.testing.testcase import (
makeModuleSetUpAndTestCaseClass, makeModuleSetUpAndTestCaseClass,
) )
old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.7/software/erp5/software.cfg' old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.8/software/erp5/software.cfg'
new_software_release_url = os.path.abspath( new_software_release_url = os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'software.cfg')) os.path.join(os.path.dirname(__file__), '..', 'software.cfg'))
......
...@@ -13,6 +13,7 @@ extends = ...@@ -13,6 +13,7 @@ extends =
../../component/nginx/buildout.cfg ../../component/nginx/buildout.cfg
../../component/openssl/buildout.cfg ../../component/openssl/buildout.cfg
../../component/curl/buildout.cfg ../../component/curl/buildout.cfg
../../component/selenium/buildout.cfg
./buildout.hash.cfg ./buildout.hash.cfg
parts = parts =
...@@ -36,7 +37,7 @@ parts = ...@@ -36,7 +37,7 @@ parts =
recipe = zc.recipe.egg recipe = zc.recipe.egg
eggs = eggs =
erp5.util erp5.util
selenium ${selenium:egg}
certifi certifi
${lxml-python:egg} ${lxml-python:egg}
interpreter = pythonwitheggs interpreter = pythonwitheggs
...@@ -126,6 +127,3 @@ output = ${buildout:directory}/template-nginx.cfg.in ...@@ -126,6 +127,3 @@ output = ${buildout:directory}/template-nginx.cfg.in
[template-runTestSuite] [template-runTestSuite]
<= macro-template <= macro-template
output = ${buildout:directory}/runTestSuite.in output = ${buildout:directory}/runTestSuite.in
[versions]
selenium = 3.141.0
...@@ -43,64 +43,3 @@ output = ${buildout:directory}/template.cfg ...@@ -43,64 +43,3 @@ output = ${buildout:directory}/template.cfg
[instance-jupyter] [instance-jupyter]
<= download-file-base <= download-file-base
[versions]
Pygments = 2.7.2
astor = 0.5
async-generator = 1.10
backports-abc = 0.5
backports.shutil-get-terminal-size = 1.0.0
bleach = 3.2.1
defusedxml = 0.6.0
entrypoints = 0.3
ipykernel = 5.3.4:whl
ipython = 5.3.0
ipython-genutils = 0.1.0
ipywidgets = 6.0.0
jupyter-client = 6.1.7
jupyter-core = 4.7.0
jupyterlab = 0.26.3
jupyterlab-launcher = 0.3.1
jupyterlab-pygments = 0.1.2
matplotlib = 2.1.2
mistune = 0.8.4
nest-asyncio = 1.4.3
nbclient = 0.5.1
nbformat = 5.0.8
notebook = 6.1.5
pandocfilters = 1.4.3
prompt-toolkit = 1.0.13
ptyprocess = 0.5.1
pyzmq = 20.0.0
scikit-learn = 0.20.4
seaborn = 0.7.1
simplegeneric = 0.8.1
statsmodels = 0.11.1
testpath = 0.4.4
terminado = 0.9.1
tornado = 6.1
traitlets = 5.0.5
webencodings = 0.5.1
widgetsnbextension = 2.0.0
Send2Trash = 1.5.0
argon2-cffi = 20.1.0
nbconvert = 6.0.7
pathlib2 = 2.2.1
patsy = 0.5.1
pexpect = 4.8.0
pickleshare = 0.7.4
prometheus-client = 0.9.0
scandir = 1.5
pytz = 2020.4
singledispatch = 3.4.0.3
wcwidth = 0.1.7
jupyter = 1.0.0
jupyter-console = 5.1.0
qtconsole = 4.3.0
et-xmlfile = 1.0.1
h5py = 2.7.1
mpmath = 1.0.0
openpyxl = 2.5.2
sympy = 1.1.1
xlrd = 1.1.0
jdcal = 1.4
...@@ -31,6 +31,7 @@ import json ...@@ -31,6 +31,7 @@ import json
import os import os
import requests import requests
import sqlite3 import sqlite3
import subprocess
from slapos.proxy.db_version import DB_VERSION from slapos.proxy.db_version import DB_VERSION
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
...@@ -268,3 +269,67 @@ class TestJupyterCustomAdditional(SelectMixin, InstanceTestCase): ...@@ -268,3 +269,67 @@ class TestJupyterCustomAdditional(SelectMixin, InstanceTestCase):
# clean up the fake master # clean up the fake master
r.destroyed() r.destroyed()
class TestIPython(InstanceTestCase):
converted_notebook = 'test.nbconvert.ipynb'
notebook_filename = 'test.ipynb'
test_sentence = 'test'
def setUp(self):
super().setUp()
notebook_source = {
"cells": [
{
"cell_type": "code",
"execution_count": None,
"metadata": {},
"outputs": [],
"source": [
"import sys\n",
"print('" + self.test_sentence + "')"
]
}
],
"metadata": {},
"nbformat": 4,
"nbformat_minor": 4
}
with open(self.notebook_filename, 'w') as notebook:
notebook.write(json.dumps(notebook_source))
def tearDown(self):
os.remove(self.notebook_filename)
if os.path.exists(self.converted_notebook):
os.remove(self.converted_notebook)
super().tearDown()
def test(self):
conversion_output = subprocess.check_output([
os.path.join(
self.computer_partition_root_path,
'software_release',
'bin',
'jupyter-nbconvert',
),
'--execute',
'--to',
'notebook',
self.notebook_filename,
], stderr=subprocess.STDOUT, text=True)
self.assertIn(
'[NbConvertApp] Converting notebook %s to notebook' % self.notebook_filename,
conversion_output,
)
self.assertRegex(
conversion_output,
r'\[NbConvertApp\] Writing \d+ bytes to %s' % self.converted_notebook
)
self.assertTrue(os.path.exists(self.converted_notebook))
with open(self.converted_notebook) as json_result:
self.assertEqual(
json.loads(json_result.read())['cells'][0]['outputs'][0]['text'][0],
self.test_sentence + '\n',
)
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = d408adbd12d4161c22fe9c29118fd83e md5sum = a7cd4f5e23208bd9bf37cec03ad92fcd
[profile-common] [profile-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,35 +22,35 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,35 +22,35 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend] [profile-frontend]
filename = instance-frontend.cfg.in filename = instance-frontend.cfg.in
md5sum = 7c966ea975cea4dcea09281466df8082 md5sum = daf89318c2c155132c34b91105c68806
[profile-master] [profile-master]
filename = instance-master.cfg.in filename = instance-master.cfg.in
md5sum = cfd5212f27696311f12c92dfce32cc59 md5sum = b026a6df40f3d1090ceaa3451a9293fe
[profile-slave-list] [profile-slave-list]
filename = instance-slave-list.cfg.in filename = instance-slave-list.cfg.in
md5sum = aba91817a1b58377597500f676603d23 md5sum = ca2e775e7bd2a96e46113a628461a46f
[profile-master-publish-slave-information] [profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in filename = instance-master-publish-slave-information.cfg.in
md5sum = cba4d995962f7fbeae3f61c9372c4181 md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-caddy-frontend-configuration] [template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/Caddyfile.in _update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = 9600df12af5787227825ddffd715b9cf md5sum = 4af0e29ac2399aac10de116b4fa3ac25
[template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in
md5sum = 13c294af9950939c76021eb19305f3ab
[template-not-found-html] [template-not-found-html]
_update_hash_filename_ = templates/notfound.html _update_hash_filename_ = templates/notfound.html
md5sum = 88af61e7abbf30dc99a1a2526161128d md5sum = d56e2cfab274cbbbe5b387f2f6e417df
[template-default-slave-virtualhost]
_update_hash_filename_ = templates/default-virtualhost.conf.in
md5sum = 57c86795293b11300a036f5f8cf2c868
[template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in _update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = 81c73a4995409acb548621e5fb11d481 md5sum = b4b55d931249f11e4e1256afeb74b503
[template-empty] [template-empty]
_update_hash_filename_ = templates/empty.in _update_hash_filename_ = templates/empty.in
...@@ -104,6 +104,10 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a ...@@ -104,6 +104,10 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
md5sum = d790e23ebf7b07bb245322629d402551 md5sum = d790e23ebf7b07bb245322629d402551
[template-frontend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
md5sum = 420f66264d4cd24070a5a7b325e09ccd
[template-backend-haproxy-rsyslogd-conf] [template-backend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
md5sum = ba91b7778c3d730353d42d7804ef8050 md5sum = ba91b7778c3d730353d42d7804ef8050
......
...@@ -34,12 +34,6 @@ ...@@ -34,12 +34,6 @@
"title": "Enable HTTP2 by Default", "title": "Enable HTTP2 by Default",
"type": "string" "type": "string"
}, },
"mpm-graceful-shutdown-timeout": {
"default": 5,
"description": "Value passed to -grace parameter of Caddy, see https://caddyserver.com/docs/cli .",
"title": "Duration of the graceful shutdown period. Warning: Changing the parameter will result in restarting Caddy process.",
"type": "integer"
},
"re6st-verification-url": { "re6st-verification-url": {
"description": "Url to verify if the internet and/or re6stnet is working.", "description": "Url to verify if the internet and/or re6stnet is working.",
"title": "Test Verification URL", "title": "Test Verification URL",
...@@ -78,9 +72,9 @@ ...@@ -78,9 +72,9 @@
"type": "string" "type": "string"
}, },
"ciphers": { "ciphers": {
"description": "List of ciphers. Empty defaults to Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
"title": "Ordered space separated list of ciphers", "title": "Ordered space separated list of ciphers",
"type": "string" "type": "string",
"default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
}, },
"request-timeout": { "request-timeout": {
"default": 600, "default": 600,
......
...@@ -5,7 +5,27 @@ ...@@ -5,7 +5,27 @@
{%- set NAME_BASE = 'caddy-frontend' %} {%- set NAME_BASE = 'caddy-frontend' %}
{#- DANGER! DANGER! #} {#- DANGER! DANGER! #}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %} {%- set GOOD_CIPHER_LIST = [
'ECDHE-ECDSA-AES256-GCM-SHA384',
'ECDHE-RSA-AES256-GCM-SHA384',
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES128-GCM-SHA256',
] %}
{%- set CIPHER_TRANSLATION_DICT = {
'ECDHE-ECDSA-WITH-CHACHA20-POLY1305': 'ECDHE-ECDSA-CHACHA20-POLY1305',
'ECDHE-RSA-WITH-CHACHA20-POLY1305': 'ECDHE-RSA-CHACHA20-POLY1305',
'ECDHE-RSA-AES256-CBC-SHA': 'ECDHE-RSA-AES256-SHA',
'ECDHE-RSA-AES128-CBC-SHA': 'ECDHE-RSA-AES128-SHA',
'ECDHE-ECDSA-AES256-CBC-SHA': 'ECDHE-ECDSA-AES256-SHA',
'ECDHE-ECDSA-AES128-CBC-SHA': 'ECDHE-ECDSA-AES128-SHA',
'RSA-AES256-CBC-SHA': 'AES256-SHA',
'RSA-AES128-CBC-SHA': 'AES128-SHA',
'ECDHE-RSA-3DES-EDE-CBC-SHA': 'ECDHE-RSA-DES-CBC3-SHA',
'RSA-3DES-EDE-CBC-SHA': 'DES-CBC3-SHA'
} %}
{%- for key, value in CIPHER_TRANSLATION_DICT.items() %}
{%- do GOOD_CIPHER_LIST.append(value) %}
{%- endfor %}
{#- Allow to pass only some parameters to frontend nodes #} {#- Allow to pass only some parameters to frontend nodes #}
{%- set FRONTEND_NODE_PASSED_KEY_LIST = [ {%- set FRONTEND_NODE_PASSED_KEY_LIST = [
'plain_http_port', 'plain_http_port',
...@@ -14,7 +34,6 @@ ...@@ -14,7 +34,6 @@
'apache-key', 'apache-key',
'domain', 'domain',
'enable-http2-by-default', 'enable-http2-by-default',
'mpm-graceful-shutdown-timeout',
're6st-verification-url', 're6st-verification-url',
'backend-connect-timeout', 'backend-connect-timeout',
'backend-connect-retries', 'backend-connect-retries',
...@@ -148,6 +167,10 @@ context = ...@@ -148,6 +167,10 @@ context =
{% do frontend_section_list.append(request_section_title) %} {% do frontend_section_list.append(request_section_title) %}
{% endif %} {% endif %}
{% do part_list.append(request_section_title) %} {% do part_list.append(request_section_title) %}
{% set frontend_haproxy_flavour_key = "-frontend-%s-experimental-haproxy-flavour" % i %}
{% do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
{% set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
{% do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
# Filling request dict for slave # Filling request dict for slave
{% set request_content_dict = { {% set request_content_dict = {
'config': config_dict, 'config': config_dict,
...@@ -215,8 +238,13 @@ context = ...@@ -215,8 +238,13 @@ context =
{% set slave_cipher_list = slave.get('ciphers', '').strip().split() %} {% set slave_cipher_list = slave.get('ciphers', '').strip().split() %}
{% if slave_cipher_list %} {% if slave_cipher_list %}
{% for cipher in slave_cipher_list %} {% for cipher in slave_cipher_list %}
{% if cipher not in GOOD_CIPHER_LIST %} {% if cipher not in GOOD_CIPHER_LIST %}
{% do slave_error_list.append('Cipher %r is not supported.' % (cipher,)) %} {% if cipher in CIPHER_TRANSLATION_DICT %}
{# Real translation happens in instance-slave-list.cfg.in #}
{% do slave_warning_list.append('Cipher %r translated to %r' % (cipher, CIPHER_TRANSLATION_DICT[cipher])) %}
{% else %}
{% do slave_error_list.append('Cipher %r is not supported.' % (cipher,)) %}
{% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
......
{ {
"$schema": "http://json-schema.org/draft-04/schema#", "$schema": "http://json-schema.org/draft-04/schema#",
"description": "Values returned by Caddy Frontend instanciation", "description": "Values returned by Rapid.CDN instanciation",
"properties": { "properties": {
"accepted-slave-amount": { "accepted-slave-amount": {
"description": "Amount of Slaves allocated to the Instance which are deployed", "description": "Amount of Slaves allocated to the Instance which are deployed",
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
}, },
"type": { "type": {
"default": "", "default": "",
"description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster.", "description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster. All frontends support websocket by default and under the hood, but switch to type:websocket allow to configure websocket-path-list and websocket-transparent options.",
"enum": [ "enum": [
"", "",
"zope", "zope",
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
}, },
"enable_cache": { "enable_cache": {
"default": "false", "default": "false",
"description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend Caddy and backend", "description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend and backend",
"enum": [ "enum": [
"false", "false",
"true" "true"
...@@ -120,7 +120,7 @@ ...@@ -120,7 +120,7 @@
}, },
"websocket-transparent": { "websocket-transparent": {
"default": "true", "default": "true",
"description": "If set to false, websocket slave will be without Caddy's transparent proxy mode. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.", "description": "If set to false, websocket slave will be without passing X-Real-Ip, X-Forwarded-Proto and X-Forwarded-Port. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.",
"enum": [ "enum": [
"false", "false",
"true" "true"
...@@ -210,9 +210,9 @@ ...@@ -210,9 +210,9 @@
"type": "integer" "type": "integer"
}, },
"ciphers": { "ciphers": {
"description": "List of ciphers. Empty defaults to cluster list of ciphers, which by default are Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
"title": "Ordered space separated list of ciphers", "title": "Ordered space separated list of ciphers",
"type": "string" "type": "string",
"default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
}, },
"authenticate-to-backend": { "authenticate-to-backend": {
"description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.", "description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
......
{ {
"$schema": "http://json-schema.org/draft-04/schema#", "$schema": "http://json-schema.org/draft-04/schema#",
"description": "Values returned by Caddy Frontend instanciation", "description": "Values returned by Rapid.CDN slave instanciation",
"properties": { "properties": {
"domain": { "domain": {
"description": "Base domain used by the instance", "description": "Base domain used by the instance",
......
...@@ -96,9 +96,8 @@ configuration.disk-cache-size = 8G ...@@ -96,9 +96,8 @@ configuration.disk-cache-size = 8G
configuration.ram-cache-size = 1G configuration.ram-cache-size = 1G
configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
configuration.enable-http2-by-default = true configuration.enable-http2-by-default = true
configuration.ciphers = configuration.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA
configuration.request-timeout = 600 configuration.request-timeout = 600
configuration.mpm-graceful-shutdown-timeout = 5
configuration.frontend-name = configuration.frontend-name =
configuration.backend-connect-timeout = 5 configuration.backend-connect-timeout = 5
configuration.backend-connect-retries = 3 configuration.backend-connect-retries = 3
......
...@@ -3,11 +3,9 @@ extends = ...@@ -3,11 +3,9 @@ extends =
buildout.hash.cfg buildout.hash.cfg
../../stack/slapos.cfg ../../stack/slapos.cfg
../../component/dash/buildout.cfg ../../component/dash/buildout.cfg
../../component/caddy/buildout.cfg
../../component/gzip/buildout.cfg ../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg ../../component/logrotate/buildout.cfg
../../component/trafficserver/buildout.cfg ../../component/trafficserver/buildout.cfg
../../component/6tunnel/buildout.cfg
../../component/xz-utils/buildout.cfg ../../component/xz-utils/buildout.cfg
../../component/rsyslogd/buildout.cfg ../../component/rsyslogd/buildout.cfg
../../component/haproxy/buildout.cfg ../../component/haproxy/buildout.cfg
...@@ -83,10 +81,11 @@ profile_slave_list = ${profile-slave-list:target} ...@@ -83,10 +81,11 @@ profile_slave_list = ${profile-slave-list:target}
# templates # templates
template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target} template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target} template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target}
template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target} template_frontend_haproxy_configuration = ${template-frontend-haproxy-configuration:target}
template_frontend_haproxy_crt_list = ${template-frontend-haproxy-crt-list:target}
template_frontend_haproxy_rsyslogd_conf = ${template-frontend-haproxy-rsyslogd-conf:target}
template_lazy_script_call = ${template-lazy-script-call:target} template_lazy_script_call = ${template-lazy-script-call:target}
template_configuration_state_script = ${template-configuration-state-script:target} template_configuration_state_script = ${template-configuration-state-script:target}
template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
template_empty = ${template-empty:target} template_empty = ${template-empty:target}
template_graceful_script = ${template-graceful-script:target} template_graceful_script = ${template-graceful-script:target}
template_not_found_html = ${template-not-found-html:target} template_not_found_html = ${template-not-found-html:target}
...@@ -103,11 +102,10 @@ template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target} ...@@ -103,11 +102,10 @@ template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
bin_directory = ${buildout:bin-directory} bin_directory = ${buildout:bin-directory}
# files # files
sixtunnel = ${6tunnel:location}
nginx = ${nginx-output:nginx} nginx = ${nginx-output:nginx}
nginx_mime = ${nginx-output:mime} nginx_mime = ${nginx-output:mime}
caddy = ${caddy:output}
haproxy_executable = ${haproxy:location}/sbin/haproxy haproxy_executable = ${haproxy:location}/sbin/haproxy
haproxy_quic_executable = ${haproxy-quic:location}/sbin/haproxy
rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
curl = ${curl:location} curl = ${curl:location}
dash = ${dash:location} dash = ${dash:location}
...@@ -156,13 +154,13 @@ url = ${:_profile_base_location_}/${:filename} ...@@ -156,13 +154,13 @@ url = ${:_profile_base_location_}/${:filename}
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/${:_update_hash_filename_} url = ${:_profile_base_location_}/${:_update_hash_filename_}
[template-caddy-frontend-configuration] [template-frontend-haproxy-configuration]
<=download-template <=download-template
[template-not-found-html] [template-frontend-haproxy-crt-list]
<=download-template <=download-template
[template-default-slave-virtualhost] [template-not-found-html]
<=download-template <=download-template
[template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
...@@ -209,6 +207,9 @@ output = ${buildout:directory}/template-wrapper.cfg ...@@ -209,6 +207,9 @@ output = ${buildout:directory}/template-wrapper.cfg
[template-expose-csr-nginx-conf] [template-expose-csr-nginx-conf]
<=download-template <=download-template
[template-frontend-haproxy-rsyslogd-conf]
<=download-template
[versions] [versions]
kedifa = 0.0.6 kedifa = 0.0.6
# Modern KeDiFa requires zc.lockfile # Modern KeDiFa requires zc.lockfile
......
{ {
"description": "Caddy Frontend", "description": "Rapid.CDN",
"name": "Caddy Frontend", "name": "Rapid.CDN",
"serialisation": "xml", "serialisation": "xml",
"software-type": { "software-type": {
"custom-personal": { "custom-personal": {
......
...@@ -60,6 +60,8 @@ frontend http-backend ...@@ -60,6 +60,8 @@ frontend http-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }} bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}" http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}" http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%} {%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }} {{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %} {%- endfor %}
...@@ -71,12 +73,14 @@ frontend https-backend ...@@ -71,12 +73,14 @@ frontend https-backend
bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}" http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}" http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%} {%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }} {{ frontend_entry(slave_instance, 'https', False) }}
{%- endfor %} {%- endfor %}
{%- for slave_instance in backend_slave_list -%} {%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }} {{ frontend_entry(slave_instance, 'https', True) }}
{%- endfor %} {% endfor %}
{%- for slave_instance in backend_slave_list %} {%- for slave_instance in backend_slave_list %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %} {%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
...@@ -122,7 +126,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }} ...@@ -122,7 +126,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- do active_check_list.append('rise %s' % (slave_instance['health-check-rise'])) %} {%- do active_check_list.append('rise %s' % (slave_instance['health-check-rise'])) %}
{%- do active_check_list.append('fall %s' % (slave_instance['health-check-fall'])) %} {%- do active_check_list.append('fall %s' % (slave_instance['health-check-fall'])) %}
{%- if slave_instance['health-check-http-method'] != 'CONNECT' %} {%- if slave_instance['health-check-http-method'] != 'CONNECT' %}
{%- do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode, slave_instance['health-check-http-version'])) %} {%- do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode | replace('%', '%%'), slave_instance['health-check-http-version'])) %}
{%- endif %} {%- endif %}
{%- do active_check_option_list.append('timeout check %ss' % (slave_instance['health-check-timeout'])) %} {%- do active_check_option_list.append('timeout check %ss' % (slave_instance['health-check-timeout'])) %}
{%- endif %} {%- endif %}
...@@ -191,4 +195,5 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover ...@@ -191,4 +195,5 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{%- endfor %} {% endfor %}
{# END OF FILE #}
...@@ -2,11 +2,6 @@ ...@@ -2,11 +2,6 @@
{%- if slave_parameter['prefer-gzip-encoding-to-backend'] %} {%- if slave_parameter['prefer-gzip-encoding-to-backend'] %}
{%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %} {%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #} {%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
{%- if slave_parameter['path'].strip().strip('/') %}
{%- set zope_path = slave_parameter['path'].strip().strip('/') ~ '/' %}
{%- else %}
{%- set zope_path = '' %}
{%- endif %}
{%- set http_host_list = [] %} {%- set http_host_list = [] %}
{%- set https_host_list = [] %} {%- set https_host_list = [] %}
{%- for host in slave_parameter['host_list'] %} {%- for host in slave_parameter['host_list'] %}
...@@ -16,32 +11,11 @@ ...@@ -16,32 +11,11 @@
{%- macro proxy_header() %} {%- macro proxy_header() %}
timeout {{ slave_parameter['request-timeout'] }}s timeout {{ slave_parameter['request-timeout'] }}s
# force reset of X-Forwarded-For
header_upstream X-Forwarded-For {remote}
# workaround for lost connection to haproxy by reconnecting # workaround for lost connection to haproxy by reconnecting
try_duration 3s try_duration 3s
try_interval 250ms try_interval 250ms
header_upstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
{%- if not slave_parameter['disable-via-header'] %}
header_downstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
{%- endif %}
{%- endmacro %} {# proxy_header #} {%- endmacro %} {# proxy_header #}
{%- macro hsts_header(tls) %}
{%- if tls %}
{%- if slave_parameter['strict-transport-security'] > 0 %}
{%- set strict_transport_security = ['max-age=%i' % (slave_parameter['strict-transport-security'],)] %}
{%- if slave_parameter['strict-transport-security-sub-domains'] %}
{%- do strict_transport_security.append('; includeSubDomains') %}
{%- endif %}
{%- if slave_parameter['strict-transport-security-preload'] %}
{%- do strict_transport_security.append('; preload') %}
{%- endif %}
header_downstream Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- endmacro %} {# hsts_header #}
{%- for tls in [True, False] %} {%- for tls in [True, False] %}
{%- if tls %} {%- if tls %}
{%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %} {%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %}
...@@ -55,16 +29,6 @@ ...@@ -55,16 +29,6 @@
bind {{ slave_parameter['local_ipv4'] }} bind {{ slave_parameter['local_ipv4'] }}
{%- if tls %} {%- if tls %}
tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} { tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
{%- if slave_parameter['ciphers'] %}
ciphers {{ slave_parameter['ciphers'] }}
{%- endif %}
{%- if slave_parameter['enable_h2'] %}
# Allow http2
alpn h2 http/1.1
{%- else %} {#- if slave_parameter['enable_h2'] #}
# Disallow HTTP2
alpn http/1.1
{%- endif %} {#- if slave_parameter['enable_h2'] #}
} {# tls #} } {# tls #}
{%- endif %} {#- if tls #} {%- endif %} {#- if tls #}
log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" { log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
...@@ -100,75 +64,10 @@ ...@@ -100,75 +64,10 @@
redir 302 { redir 302 {
/ https://{host}{rewrite_uri} / https://{host}{rewrite_uri}
} }
{%- elif slave_parameter['type'] == 'zope' and backend_url %}
# Zope configuration
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }}
proxy "/{{ proxy_name }}" {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
{%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip
header_upstream Accept-Encoding gzip
{%- endif %} {#- if proxy_name == 'prefer-gzip' #}
{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
{%- if slave_parameter['disable-via-header'] %}
header_downstream -Via
{%- endif %} {#- if slave_parameter['disable-via-header'] #}
{%- if slave_parameter['disable-no-cache-request'] %}
header_upstream -Cache-Control
header_upstream -Pragma
{%- endif %} {#- if slave_parameter['disable-no-cache-request'] #}
transparent
} {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- if slave_parameter['default-path'] %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter['default-path'] }}
} {# redir #}
{%- endif %} {#- if slave_parameter['default-path'] #}
{%- if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
rewrite {
regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
{%- if tls %}
to /prefer-gzip/VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- else %}
to /prefer-gzip/VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- endif %}
} }
rewrite { rewrite {
regexp (.*) regexp (.*)
if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
{%- if tls %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- else %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- endif %}
}
{%- else %}
rewrite {
regexp (.*)
{%- if tls %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- else %}
to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
{%- endif %}
} {# rewrite #}
{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
{%- elif slave_parameter['type'] == 'redirect' %}
{%- if backend_url %}
# Redirect configuration
redir 302 {
/ {{ backend_url }}{rewrite_uri}
}
{%- endif %}
{%- elif slave_parameter['type'] == 'notebook' %} {%- elif slave_parameter['type'] == 'notebook' %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
{{ proxy_header() }} {{ proxy_header() }}
...@@ -186,36 +85,6 @@ ...@@ -186,36 +85,6 @@
websocket websocket
without /proxy/ without /proxy/
} }
{%- elif slave_parameter['type'] == 'websocket' %}
{%- if slave_parameter['websocket-path-list'] %}
proxy / {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %}
header_upstream Host {host}
{%- endif %}
}
{%- for websocket_path in slave_parameter['websocket-path-list'] %}
proxy "/{{ websocket_path }}" {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
websocket
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %}
header_upstream Host {host}
{%- endif %}
}
{%- endfor %}
{%- else %}
proxy / {{ backend_url }} {
{{ proxy_header() }}
{{ hsts_header(tls) }}
websocket
{%- if slave_parameter['websocket-transparent'] %}
transparent
{%- else %} {%- else %}
header_upstream Host {host} header_upstream Host {host}
{%- endif %} {%- endif %}
...@@ -223,12 +92,6 @@ ...@@ -223,12 +92,6 @@
{%- endif %} {%- endif %}
{%- else %} {#- if slave_parameter['type'] == 'zope' and backend_url #} {%- else %} {#- if slave_parameter['type'] == 'zope' and backend_url #}
# Default configuration # Default configuration
{%- if slave_parameter['default-path'] %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter['default-path'] }}
} {# redir #}
{%- endif %} {#- if slave_parameter['default-path'] #}
{%- if backend_url %} {%- if backend_url %}
{%- for (proxy_name, proxy_comment) in proxy_append_list %} {%- for (proxy_name, proxy_comment) in proxy_append_list %}
......
{%- for slave in frontend_slave_list %}
{%- set entry_list = [] %}
{%- set sslbindconf = [] %}
{#- <crtfile> #}
{%- do entry_list.append(slave['certificate']) %}
{%- if slave['ciphers'] %}
{%- do sslbindconf.append('ciphers %s' % (slave['ciphers']),) %}
{%- endif %}
{%- if slave['enable_h2'] %}
{%- do sslbindconf.append('alpn h2,http/1.1,http/1.0') %}
{%- else %}
{%- do sslbindconf.append('alpn http/1.1,http/1.0') %}
{%- endif %}
{%- do entry_list.append('[' + ' '.join(sslbindconf) + ']') %}
{#- <snifilter> #}
{%- do entry_list.extend(slave['host_list']) %}
{{- ' '.join(entry_list) }}
{% endfor -%}
# Fallback to default certificate
{{ configuration['master-certificate'] }}
# END OF FILE
module(
load="imuxsock"
SysSock.Name="{{ configuration['log-socket'] }}")
# Just simply output the raw line without any additional information, as
# haproxy emits enough information by itself
# Also cut out first empty space in msg, which is related to rsyslogd
# internal and end up cutting on 8k, as it's default of $MaxMessageSize
template(name="rawoutput" type="string" string="%msg:2:8192%\n")
$ActionFileDefaultTemplate rawoutput
$FileCreateMode 0600
$DirCreateMode 0700
$Umask 0022
$WorkDirectory {{ configuration['spool-directory'] }}
# Setup logging per slave, by extracting the slave name from the log stream
{%- set regex = "^\\\\s*(\\\\S.*)-https{0,1} (.*)" %}
# Extract file name part from 1st match
template(name="extract_slave_name" type="string" string="%msg:R,ERE,1,FIELD:{{ regex }}--end%")
set $!slave_name = exec_template("extract_slave_name");
template(name="slave_output" type="string" string="{{ configuration['slave-log-directory'] }}/%$!slave_name%_access_log")
# Output only 2nd match, add the newline in the ned
template(name="haproxy_slave_line" type="string" string="%msg:R,ERE,2,FIELD:{{ regex }}--end%\n")
# React on match
if (re_match($msg, '{{ regex }}')) then {
action(type="omfile" dynaFile="slave_output" template="haproxy_slave_line")
stop
}
{#- emit all not catched messages to full log file #}
*.* {{ configuration['log-file'] }}
This diff is collapsed.
HTTP/1.0 404 Not Found
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html> <html>
<head> <head>
<title>Instance not found</title> <title>Instance not found</title>
......
...@@ -27,11 +27,11 @@ ...@@ -27,11 +27,11 @@
from setuptools import setup, find_packages from setuptools import setup, find_packages
version = '0.0.1.dev0' version = '0.0.1.dev0'
name = 'slapos.test.caddy-frontend' name = 'slapos.test.rapid-cdn'
setup(name=name, setup(name=name,
version=version, version=version,
description="Test for SlapOS' Caddy Frontend", description="Test for SlapOS' Rapid.CDN",
maintainer="Nexedi", maintainer="Nexedi",
maintainer_email="info@nexedi.com", maintainer_email="info@nexedi.com",
url="https://lab.nexedi.com/nexedi/slapos", url="https://lab.nexedi.com/nexedi/slapos",
......
...@@ -104,6 +104,8 @@ ...@@ -104,6 +104,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -106,6 +106,8 @@ ...@@ -106,6 +106,8 @@
"domain": "example.com", "domain": "example.com",
"enable-http2-by-default": "false", "enable-http2-by-default": "false",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_dummy-cached_access_log T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_backend_log T-2/var/log/httpd/_dummy-cached_backend_log
T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -62,6 +62,8 @@ ...@@ -62,6 +62,8 @@
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"extra_slave_instance_list": "[]", "extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -15,8 +15,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -15,8 +15,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -25,8 +23,9 @@ T-2:bootstrap-monitor EXITED ...@@ -25,8 +23,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -30,14 +30,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -30,14 +30,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -60,6 +60,8 @@ ...@@ -60,6 +60,8 @@
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"extra_slave_instance_list": "[]", "extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -62,6 +62,8 @@ ...@@ -62,6 +62,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[]", "extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py ...@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
......
...@@ -76,6 +76,8 @@ ...@@ -76,6 +76,8 @@
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"domain": "example.com", "domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
...@@ -7,10 +7,7 @@ T-1/var/log/monitor-httpd-access.log ...@@ -7,10 +7,7 @@ T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log T-2/var/log/expose-csr.log
T-2/var/log/frontend-access.log T-2/var/log/frontend-haproxy.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd/_default_access_log
T-2/var/log/httpd/_default_error_log
T-2/var/log/monitor-httpd-access.log T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log T-2/var/log/slave-introspection-access.log
......
...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid ...@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid T-2/var/run/monitor-httpd.pid
......
...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING ...@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED ...@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment