Commit c9f77671 authored by Jérome Perrin's avatar Jérome Perrin

Merge remote-tracking branch 'upstream/master' into zope4py2

parents 493f4672 5443b84b
...@@ -10,6 +10,8 @@ extends = ...@@ -10,6 +10,8 @@ extends =
../zstd/buildout.cfg ../zstd/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
../nghttp2/buildout.cfg ../nghttp2/buildout.cfg
../ngtcp2/buildout.cfg
../nghttp3/buildout.cfg
../ca-certificates/buildout.cfg ../ca-certificates/buildout.cfg
parts = parts =
curl curl
...@@ -17,8 +19,8 @@ parts = ...@@ -17,8 +19,8 @@ parts =
[curl] [curl]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = https://curl.se/download/curl-7.86.0.tar.xz url = https://curl.se/download/curl-7.87.0.tar.xz
md5sum = 19a2165f37941a6f412afc924e750568 md5sum = 0b0f5de173afd303229e5272689578d7
configure-options = configure-options =
--disable-static --disable-static
--disable-ech --disable-ech
...@@ -36,10 +38,10 @@ configure-options = ...@@ -36,10 +38,10 @@ configure-options =
--disable-manual --disable-manual
--enable-ipv6 --enable-ipv6
--disable-sspi --disable-sspi
--disable-alt-svc ${:ALT-SVC}
--with-zlib=${zlib:location} --with-zlib=${zlib:location}
--with-ssl=${openssl:location} --with-ssl=${:OPENSSL}
--with-ca-path=${openssl:location}/etc/ssl/certs --with-ca-path=${:OPENSSL}/etc/ssl/certs
--without-gnutls --without-gnutls
--without-polarssl --without-polarssl
--without-mbedtls --without-mbedtls
...@@ -60,8 +62,34 @@ configure-options = ...@@ -60,8 +62,34 @@ configure-options =
--without-brotli --without-brotli
--with-zstd=${zstd:location} --with-zstd=${zstd:location}
--without-gssapi --without-gssapi
${:WITH}
ALT-SVC = --disable-alt-svc
LDFLAGS =
OPENSSL = ${openssl:location}
PATH =
PKG_CONFIG_PATH =
WITH =
environment = environment =
PATH=${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s PATH=${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:${:PATH}:%(PATH)s
PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig:${nghttp2:location}/lib/pkgconfig PKG_CONFIG_PATH=${:OPENSSL}/lib/pkgconfig:${nghttp2:location}/lib/pkgconfig${:PKG_CONFIG_PATH}
LDFLAGS=-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${nghttp2:location}/lib -Wl,-rpath=${zstd:location}/lib LDFLAGS=-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${:OPENSSL}/lib -Wl,-rpath=${nghttp2:location}/lib -Wl,-rpath=${zstd:location}/lib ${:LDFLAGS}
[curl-http3]
<= curl
url = https://shacache.nxdcdn.com/73669dd9ed7aefbb30414c6ce2dd20c39bb2f106cf420dedf7d302eb2c4147876a05b0a1458661bcb66ab1d944e7254a42802caa31070a7e43e9dd24f98320b8
md5sum = d71d04dd7201480df1024d5c754a9613
pre-configure =
autoreconf -fisv -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal
automake
autoconf
ALT-SVC = --enable-alt-svc
LDFLAGS = -Wl,-rpath=${nghttp3:location}/lib -Wl,-rpath=${ngtcp2:location}/lib
OPENSSL = ${openssl-quictls:location}
PATH = ${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:${m4:location}/bin
PKG_CONFIG_PATH = :${nghttp3:location}/lib/pkgconfig:${ngtcp2:location}/lib/pkgconfig
WITH =
--with-nghttp3=${nghttp3:location}
--with-ngtcp2=${ngtcp2:location}
[buildout]
extends =
../automake/buildout.cfg
../libtool/buildout.cfg
../pkgconfig/buildout.cfg
[nghttp3]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/ngtcp2/nghttp3/archive/refs/tags/v0.8.0.tar.gz
md5sum = c6068762cdf221ae1fed2351af40b4d6
pre-configure =
autoreconf -fisv -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal
automake
autoconf
configure-options =
--enable-lib-only
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:${m4:location}/bin:%(PATH)s
[buildout]
extends =
../pkgconfig/buildout.cfg
../automake/buildout.cfg
../libtool/buildout.cfg
../pkgconfig/buildout.cfg
[ngtcp2]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/ngtcp2/ngtcp2/archive/refs/tags/v0.12.1.tar.gz
md5sum = c826c4630689d2afb9300b97cc5e52a3
pre-configure =
autoreconf -fisv -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal
automake
autoconf
configure-options =
--enable-lib-only
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:${m4:location}/bin:${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${openssl-quictls:location}/lib/pkgconfig:${nghttp3:location}/lib/pkgconfig
LDFLAGS=-Wl,-rpath=${openssl-quictls:location}/lib -Wl,-rpath=${nghttp3:location}/lib
...@@ -48,8 +48,8 @@ environment = ...@@ -48,8 +48,8 @@ environment =
[openssl-quictls] [openssl-quictls]
<= openssl <= openssl
url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1s+quic1.tar.gz url = https://github.com/quictls/openssl/archive/refs/tags/openssl-3.0.7+quic1.tar.gz
md5sum = 8ee8e1828879e2b527eca5dcc7923769 md5sum = 8e27cd201b554a33ed03a59f6c679c77
[openssl-output] [openssl-output]
# Shared binary location to ease migration # Shared binary location to ease migration
......
...@@ -333,19 +333,27 @@ Solution 1 (iptables) ...@@ -333,19 +333,27 @@ Solution 1 (iptables)
It is a good idea then to go on the node where the instance is It is a good idea then to go on the node where the instance is
and set some ``iptables`` rules like (if using default ports):: and set some ``iptables`` rules like (if using default ports)::
iptables -t nat -A PREROUTING -p tcp -d {public_ipv4} --dport 443 -j DNAT --to-destination {listening_ipv4}:4443 iptables -t nat -A PREROUTING -p tcp -d ${public_ipv4} --dport 443 -j DNAT --to-destination ${listening_ipv4}:4443
iptables -t nat -A PREROUTING -p tcp -d {public_ipv4} --dport 80 -j DNAT --to-destination {listening_ipv4}:8080 iptables -t nat -A PREROUTING -p udp -d ${public_ipv4} --dport 443 -j DNAT --to-destination ${listening_ipv4}:4443
ip6tables -t nat -A PREROUTING -p tcp -d {public_ipv6} --dport 443 -j DNAT --to-destination {listening_ipv6}:4443 iptables -t nat -A PREROUTING -p tcp -d ${public_ipv4} --dport 80 -j DNAT --to-destination ${listening_ipv4}:8080
ip6tables -t nat -A PREROUTING -p tcp -d {public_ipv6} --dport 80 -j DNAT --to-destination {listening_ipv6}:8080 ip6tables -t nat -A PREROUTING -p tcp -d ${public_ipv6} --dport 443 -j DNAT --to-destination ${listening_ipv6}:4443
ip6tables -t nat -A PREROUTING -p tcp -d ${public_ipv6} --dport 80 -j DNAT --to-destination ${listening_ipv6}:8080
Where ``{public_ipv[46]}`` is the public IP of your server, or at least the LAN IP to where your NAT will forward to, and ``{listening_ipv[46]}`` is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter. Where ``{public_ipv[46]}`` is the public IP of your server, or at least the LAN IP to where your NAT will forward to, and ``{listening_ipv[46]}`` is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter.
Additionally in order to access the server by itself such entries are needed in ``OUTPUT`` chain (as the internal packets won't appear in the ``PREROUTING`` chain):: Additionally in order to access the server by itself such entries are needed in ``OUTPUT`` chain (as the internal packets won't appear in the ``PREROUTING`` chain)::
iptables -t nat -A OUTPUT -p tcp -d {public_ipv4} --dport 443 -j DNAT --to {listening_ipv4}:4443 iptables -t nat -A OUTPUT -p tcp -d ${public_ipv4} --dport 443 -j DNAT --to ${listening_ipv4}:4443
iptables -t nat -A OUTPUT -p tcp -d {public_ipv4} --dport 80 -j DNAT --to {listening_ipv4}:8080 iptables -t nat -A OUTPUT -p udp -d ${public_ipv4} --dport 443 -j DNAT --to ${listening_ipv4}:4443
ip6tables -t nat -A OUTPUT -p tcp -d {public_ipv6} --dport 443 -j DNAT --to {listening_ipv6}:4443 iptables -t nat -A OUTPUT -p tcp -d ${public_ipv4} --dport 80 -j DNAT --to ${listening_ipv4}:8080
ip6tables -t nat -A OUTPUT -p tcp -d {public_ipv6} --dport 80 -j DNAT --to {listening_ipv6}:8080 ip6tables -t nat -A OUTPUT -p tcp -d ${public_ipv6} --dport 443 -j DNAT --to ${listening_ipv6}:4443
ip6tables -t nat -A OUTPUT -p tcp -d ${public_ipv6} --dport 80 -j DNAT --to ${listening_ipv6}:8080
**Note regarding ports**:
* the port seen by application in case of IPv4 TCP will be "correct" - the ``443`` or ``80``
* the port seen by application in case of IPv6 and IPv4 UDP will be "incorrect" - the ``4443`` or ``8080``
Solution 2 (network capability) Solution 2 (network capability)
------------------------------- -------------------------------
...@@ -359,6 +367,10 @@ Then specify in the master instance parameters: ...@@ -359,6 +367,10 @@ Then specify in the master instance parameters:
* set ``port`` to ``443`` * set ``port`` to ``443``
* set ``plain_http_port`` to ``80`` * set ``plain_http_port`` to ``80``
**Note regarding securitry**:
* such configuration results with all partitions being able to bind to low ports using this binary
Authentication to the backend Authentication to the backend
============================= =============================
...@@ -479,4 +491,6 @@ Experimental QUIC ...@@ -479,4 +491,6 @@ Experimental QUIC
QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too. QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too.
Please note that due to limitations of iptables method used to expose low ports, the ``-frontend-i-experimental-quic-port`` is by default ``443``, which is used when advertisting the QUIC/HTTP3 port to the client.
Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS. Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS.
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = a7cd4f5e23208bd9bf37cec03ad92fcd md5sum = f249b268bd3e74f6f2dcdd437b1c9f71
[profile-common] [profile-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend] [profile-frontend]
filename = instance-frontend.cfg.in filename = instance-frontend.cfg.in
md5sum = daf89318c2c155132c34b91105c68806 md5sum = 2f0b4af26c5e947f77cf85ab44e0fe5d
[profile-master] [profile-master]
filename = instance-master.cfg.in filename = instance-master.cfg.in
md5sum = b026a6df40f3d1090ceaa3451a9293fe md5sum = 2aaab85bad51136b38f6a16d662a7b3e
[profile-slave-list] [profile-slave-list]
filename = instance-slave-list.cfg.in filename = instance-slave-list.cfg.in
md5sum = ca2e775e7bd2a96e46113a628461a46f md5sum = b26f4536102ff2cdc1356f6626928975
[profile-master-publish-slave-information] [profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in filename = instance-master-publish-slave-information.cfg.in
...@@ -38,11 +38,11 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181 ...@@ -38,11 +38,11 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-frontend-haproxy-configuration] [template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in _update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = 4af0e29ac2399aac10de116b4fa3ac25 md5sum = 2e964dbe75f725c4e45e62720a77bba3
[template-frontend-haproxy-crt-list] [template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in _update_hash_filename_ = templates/frontend-haproxy-crt-list.in
md5sum = 13c294af9950939c76021eb19305f3ab md5sum = 238760d48d2875f087ad2d784e2a8fcd
[template-not-found-html] [template-not-found-html]
_update_hash_filename_ = templates/notfound.html _update_hash_filename_ = templates/notfound.html
......
{% import "caucase" as caucase with context %} {% import "caucase" as caucase with context %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set QUIC_PORT = instance_parameter_dict.get('configuration.frontend-quic-port', '443') %}
{%- if instance_parameter_dict.get('configuration.frontend-haproxy-flavour', 'basic') == 'quic' %} {%- if instance_parameter_dict.get('configuration.frontend-haproxy-flavour', 'basic') == 'quic' %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %} {%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
{%- if instance_parameter_dict.get('configuration.frontend-haproxy-quic', 'false').lower() in TRUE_VALUES %} {%- if instance_parameter_dict.get('configuration.frontend-haproxy-quic', 'false').lower() in TRUE_VALUES %}
...@@ -371,6 +372,7 @@ organizational-unit = {{ instance_parameter_dict['configuration.frontend-name'] ...@@ -371,6 +372,7 @@ organizational-unit = {{ instance_parameter_dict['configuration.frontend-name']
backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] }} backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] }}
partition_ipv6 = ${slap-configuration:ipv6-random} partition_ipv6 = ${slap-configuration:ipv6-random}
url-ready-file = ${directory:var}/url-ready.txt url-ready-file = ${directory:var}/url-ready.txt
quic = {{ FRONTEND_HAPROXY_QUIC }}
extra-context = extra-context =
key backend_client_caucase_url :backend-client-caucase-url key backend_client_caucase_url :backend-client-caucase-url
import furl_module furl import furl_module furl
...@@ -384,6 +386,7 @@ extra-context = ...@@ -384,6 +386,7 @@ extra-context =
key empty_template software-release-path:template-empty key empty_template software-release-path:template-empty
key template_expose_csr_nginx_conf software-release-path:template-expose-csr-nginx-conf key template_expose_csr_nginx_conf software-release-path:template-expose-csr-nginx-conf
key software_type :software_type key software_type :software_type
key quic :quic
key frontend_lazy_graceful_reload frontend-haproxy-lazy-graceful:output key frontend_lazy_graceful_reload frontend-haproxy-lazy-graceful:output
key monitor_base_url monitor-instance-parameter:monitor-base-url key monitor_base_url monitor-instance-parameter:monitor-base-url
key node_id frontend-node-id:value key node_id frontend-node-id:value
...@@ -485,6 +488,7 @@ local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }} ...@@ -485,6 +488,7 @@ local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
version-hash = ${version-hash:value} version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value} node-id = ${frontend-node-id:value}
quic = {{ FRONTEND_HAPROXY_QUIC }} quic = {{ FRONTEND_HAPROXY_QUIC }}
quic-port = {{ QUIC_PORT }}
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access] [get-self-signed-fallback-access]
......
...@@ -171,6 +171,8 @@ context = ...@@ -171,6 +171,8 @@ context =
{% do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %} {% do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
{% set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %} {% set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
{% do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %} {% do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
{% set frontend_quic_port_key = "-frontend-%s-experimental-quic-port" % i %}
{% do config_dict.__setitem__('frontend-quic-port', slapparameter_dict.get(frontend_quic_port_key) or '443') %}
# Filling request dict for slave # Filling request dict for slave
{% set request_content_dict = { {% set request_content_dict = {
'config': config_dict, 'config': config_dict,
......
...@@ -9,6 +9,12 @@ ...@@ -9,6 +9,12 @@
{%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %} {%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %}
{%- set backend_haproxy_https_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['https-port']) %} {%- set backend_haproxy_https_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['https-port']) %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set ALPN_HTTP11 = "alpn http/1.1,http/1.0" %}
{%- if quic.lower() in TRUE_VALUES %}
{%- set ALPN_HTTP2PLUS = "alpn h3,h2,http/1.1,http/1.0" %}
{%- else %}
{%- set ALPN_HTTP2PLUS = "alpn h2,http/1.1,http/1.0" %}
{%- endif %}
{%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': instance_parameter_dict['ipv4-random'], 'http_port': configuration['plain_http_port'], 'https_port': configuration['port']} %} {%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': instance_parameter_dict['ipv4-random'], 'http_port': configuration['plain_http_port'], 'https_port': configuration['port']} %}
{%- set slave_log_dict = {} %} {%- set slave_log_dict = {} %}
{%- set slave_instance_information_list = [] %} {%- set slave_instance_information_list = [] %}
...@@ -243,10 +249,12 @@ context = ...@@ -243,10 +249,12 @@ context =
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{%- do slave_instance.__setitem__('websocket-path-list', websocket_path_list) %} {%- do slave_instance.__setitem__('websocket-path-list', websocket_path_list) %}
{%- do slave_instance.__setitem__('enable_h2', slave_instance['enable-http2']) %} {#- Handle alpn negotiation -#}
{%- if slave_instance['type'] in ['notebook', 'websocket'] %} {%- if slave_instance['type'] in ['notebook', 'websocket'] or not slave_instance['enable-http2'] %}
{# websocket style needs http 1.1 max #} {# websocket style needs http 1.1 max, just like non-http2 frontends #}
{%- do slave_instance.__setitem__('enable_h2', False) %} {%- do slave_instance.__setitem__('alpn', ALPN_HTTP11) %}
{%- else %}
{%- do slave_instance.__setitem__('alpn', ALPN_HTTP2PLUS) %}
{%- endif %} {%- endif %}
[slave-log-directory-dict] [slave-log-directory-dict]
......
...@@ -91,7 +91,6 @@ configuration.caucase_port = 8890 ...@@ -91,7 +91,6 @@ configuration.caucase_port = 8890
configuration.caucase_backend_client_port = 8990 configuration.caucase_backend_client_port = 8990
configuration.apache-key = configuration.apache-key =
configuration.apache-certificate = configuration.apache-certificate =
configuration.open-port = 80 443
configuration.disk-cache-size = 8G configuration.disk-cache-size = 8G
configuration.ram-cache-size = 1G configuration.ram-cache-size = 1G
configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
......
...@@ -108,6 +108,7 @@ haproxy_executable = ${haproxy:location}/sbin/haproxy ...@@ -108,6 +108,7 @@ haproxy_executable = ${haproxy:location}/sbin/haproxy
haproxy_quic_executable = ${haproxy-quic:location}/sbin/haproxy haproxy_quic_executable = ${haproxy-quic:location}/sbin/haproxy
rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
curl = ${curl:location} curl = ${curl:location}
curl_http3 = ${curl-http3:location}
dash = ${dash:location} dash = ${dash:location}
gzip = ${gzip:location} gzip = ${gzip:location}
logrotate = ${logrotate:location} logrotate = ${logrotate:location}
......
...@@ -6,11 +6,7 @@ ...@@ -6,11 +6,7 @@
{%- if slave['ciphers'] %} {%- if slave['ciphers'] %}
{%- do sslbindconf.append('ciphers %s' % (slave['ciphers']),) %} {%- do sslbindconf.append('ciphers %s' % (slave['ciphers']),) %}
{%- endif %} {%- endif %}
{%- if slave['enable_h2'] %} {%- do sslbindconf.append(slave['alpn']) %}
{%- do sslbindconf.append('alpn h2,http/1.1,http/1.0') %}
{%- else %}
{%- do sslbindconf.append('alpn http/1.1,http/1.0') %}
{%- endif %}
{%- do entry_list.append('[' + ' '.join(sslbindconf) + ']') %} {%- do entry_list.append('[' + ' '.join(sslbindconf) + ']') %}
{#- <snifilter> #} {#- <snifilter> #}
{%- do entry_list.extend(slave['host_list']) %} {%- do entry_list.extend(slave['host_list']) %}
......
...@@ -82,9 +82,9 @@ frontend https-frontend ...@@ -82,9 +82,9 @@ frontend https-frontend
{%- if QUIC %} {%- if QUIC %}
bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3 bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3 bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
http-response set-header alt-svc "h3=\":%fp\";ma=900;" http-response set-header alt-svc "h3=\":{{ configuration['quic-port'] }}\"; ma=3600"
{#- Ask Chromium to use QUIC #} {#- Ask Chromium to use QUIC #}
http-response set-header alternate-protocol %fp:quic http-response set-header alternate-protocol {{ configuration['quic-port'] }}:quic
{%- endif %} {%- endif %}
{{ frontend_common() }} {{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%} {%- for slave_instance in frontend_slave_list -%}
......
...@@ -6761,6 +6761,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6761,6 +6761,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'frontend-haproxy-flavour': 'basic', 'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False', 'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-1', 'frontend-name': 'caddy-frontend-1',
'frontend-quic-port': '443',
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8411, 'monitor-httpd-port': 8411,
...@@ -6788,6 +6789,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6788,6 +6789,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'frontend-haproxy-flavour': 'basic', 'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False', 'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-2', 'frontend-name': 'caddy-frontend-2',
'frontend-quic-port': '443',
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8412, 'monitor-httpd-port': 8412,
...@@ -6815,6 +6817,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6815,6 +6817,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'frontend-haproxy-flavour': 'basic', 'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False', 'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-3', 'frontend-name': 'caddy-frontend-3',
'frontend-quic-port': '443',
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8413, 'monitor-httpd-port': 8413,
...@@ -7364,6 +7367,86 @@ backend _health-check-default-http ...@@ -7364,6 +7367,86 @@ backend _health-check-default-http
self.assertEqual(result.status_code, http.client.SERVICE_UNAVAILABLE) self.assertEqual(result.status_code, http.client.SERVICE_UNAVAILABLE)
class TestSlaveQuic(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
@classmethod
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'request-timeout': '12',
'-frontend-1-experimental-haproxy-quic': True,
'-frontend-1-experimental-haproxy-flavour': 'quic',
'-frontend-1-experimental-quic-port': HTTPS_PORT,
}
@classmethod
def getSlaveParameterDictDict(cls):
return {
'url': {
'url': cls.backend_url,
},
'enable_cache': {
'url': cls.backend_url,
'enable_cache': True,
},
}
def get_curl_http3(self):
# Very hacky way to fetch curl from own software release instead of
# polluting slapos-sr-testing
with open(os.path.join(self.software_path, '.installed.cfg')) as fh:
for line in fh.readlines():
if line.startswith('location =') and 'curl-http3' in line:
return '/'.join([line.strip().split()[-1], 'bin/curl'])
def assertHttp3(self, domain, direct=True):
alt_svc = tempfile.NamedTemporaryFile(delete=False)
curl_command = [self.get_curl_http3()]
if direct:
curl_command.append('--http3')
else:
curl_command.extend(['--alt-svc', alt_svc.name])
curl_command.extend([
'-k',
'-v',
'-D', '-',
'-o', '/dev/null',
'-H', 'Host: %s' % (domain,),
'--resolve', '%(domain)s:%(https_port)s:%(ip)s' % dict(
ip=TEST_IP, domain=domain, https_port=HTTPS_PORT),
'https://%(domain)s:%(https_port)s/' % dict(
domain=domain, https_port=HTTPS_PORT),
])
def call_curl():
prc = subprocess.Popen(
curl_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
out, err = prc.communicate()
assert prc.returncode == 0, "Problem running %r. "\
"Output:\n%s\nError:\n%s" % (
' '.join(curl_command), out, err)
return [q.strip() for q in out.decode().splitlines()]
if not direct:
# curl with alt-svc does not switch to HTTP3 in one request
self.assertEqual('HTTP/2 200', call_curl()[0])
self.assertEqual('HTTP/3 200', call_curl()[0])
def test_url(self):
parameter_dict = self.assertSlaveBase('url')
self.assertHttp3(parameter_dict['domain'])
self.assertHttp3(parameter_dict['domain'], direct=False)
def test_enable_cache(self):
parameter_dict = self.assertSlaveBase('enable_cache')
self.assertHttp3(parameter_dict['domain'])
self.assertHttp3(parameter_dict['domain'], direct=False)
if __name__ == '__main__': if __name__ == '__main__':
class HTTP6Server(ThreadedHTTPServer): class HTTP6Server(ThreadedHTTPServer):
address_family = socket.AF_INET6 address_family = socket.AF_INET6
......
...@@ -107,6 +107,7 @@ ...@@ -107,6 +107,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -109,6 +109,7 @@ ...@@ -109,6 +109,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -65,6 +65,7 @@ ...@@ -65,6 +65,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -63,6 +63,7 @@ ...@@ -63,6 +63,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -65,6 +65,7 @@ ...@@ -65,6 +65,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -79,6 +79,7 @@ ...@@ -79,6 +79,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -79,6 +79,7 @@ ...@@ -79,6 +79,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -83,6 +83,7 @@ ...@@ -83,6 +83,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -122,6 +123,7 @@ ...@@ -122,6 +123,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-2", "frontend-name": "caddy-frontend-2",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -790,6 +790,7 @@ ...@@ -790,6 +790,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -95,6 +95,7 @@ ...@@ -95,6 +95,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -284,6 +284,7 @@ ...@@ -284,6 +284,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -92,6 +92,7 @@ ...@@ -92,6 +92,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
[
{
"-frontend-1-experimental-haproxy-flavour": "quic",
"-frontend-1-experimental-haproxy-quic": "True",
"-frontend-1-experimental-quic-port": "11443",
"caucase_port": "15090",
"domain": "example.com",
"full_address_list": [],
"instance_title": "testing partition 0",
"ip_list": [
[
"T-0",
"@@_ipv4_address@@"
],
[
"T-0",
"@@_ipv6_address@@"
]
],
"kedifa_port": "15080",
"plain_http_port": "11080",
"port": "11443",
"request-timeout": "12",
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-0",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_url",
"slave_title": "_url",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_enable_cache",
"slave_title": "_enable_cache",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"caucase_port": "15090",
"cluster-identification": "testing partition 0",
"kedifa_port": "15080",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"slave-list": [
{
"enable_cache": true,
"slave_reference": "_enable_cache",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slave_reference": "_url",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
]
},
"full_address_list": [],
"instance_title": "kedifa",
"ip_list": [
[
"T-1",
"@@_ipv4_address@@"
],
[
"T-1",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-1",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "kedifa",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
},
{
"_": {
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_enable_cache\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_url\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "quic",
"frontend-haproxy-quic": "True",
"frontend-name": "caddy-frontend-1",
"frontend-quic-port": "11443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
"monitor-httpd-port": 8411,
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"request-timeout": "12",
"slave-kedifa-information": "{\"_enable_cache\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@/@@enable_cache_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@?auth=\"}, \"_url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url_key-generate-auth-url@@/@@enable_cache_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
"instance_title": "caddy-frontend-1",
"ip_list": [
[
"T-2",
"@@_ipv4_address@@"
],
[
"T-2",
"@@_ipv6_address@@"
]
],
"root_instance_title": "testing partition 0",
"slap_computer_id": "local",
"slap_computer_partition_id": "T-2",
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "single-custom-personal",
"slave_instance_list": [],
"timestamp": "@@TIMESTAMP@@"
}
]
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_enable_cache_access_log
T-2/var/log/httpd/_enable_cache_backend_log
T-2/var/log/httpd/_url_access_log
T-2/var/log/httpd/_url_backend_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
T-2/var/log/slave-introspection-error.log
T-2/var/log/trafficserver/manager.log
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/backend-haproxy-rsyslogd.pid
T-2/var/run/backend-haproxy.pid
T-2/var/run/backend_haproxy_configuration_last_state
T-2/var/run/backend_haproxy_graceful_configuration_state_signature
T-2/var/run/bhlog.sck
T-2/var/run/fhlog.sck
T-2/var/run/frontend-haproxy-rsyslogd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-2/var/run/slave-introspection.pid
T-2/var/run/slave_introspection_configuration_last_state
T-2/var/run/slave_introspection_graceful_configuration_state_signature
T-0:aibcc-user-caucase-updater-on-watch RUNNING
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:master-introspection-server-{hash-master-introspection}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:backend-haproxy-safe-graceful EXITED
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
T-2:frontend-haproxy-safe-graceful EXITED
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
T-2:slave-introspection-safe-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aibcc-sign-promise.py
T-0/etc/plugin/aibcc-user-caucase-updater.py
T-0/etc/plugin/aikc-sign-promise.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/caucased-backend-client.py
T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/master-introspection-server-ip-port-listening.py
T-0/etc/plugin/master-key-download-url-ready-promise.py
T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
T-0/etc/plugin/master-key-upload-url-ready-promise.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/publish-failsafe-error.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-1/etc/plugin/promise-kedifa-auth-ready.py
T-1/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/backend-client-caucase-updater.py
T-2/etc/plugin/backend-haproxy-configuration.py
T-2/etc/plugin/backend-haproxy-statistic-frontend.py
T-2/etc/plugin/backend_haproxy_http.py
T-2/etc/plugin/backend_haproxy_https.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr-ip-port-listening.py
T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
T-2/etc/plugin/frontend_haproxy_ipv4_http.py
T-2/etc/plugin/frontend_haproxy_ipv4_https.py
T-2/etc/plugin/frontend_haproxy_ipv6_http.py
T-2/etc/plugin/frontend_haproxy_ipv6_https.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/promise-key-download-url-ready.py
T-2/etc/plugin/promise-logrotate-setup.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/slave-introspection-configuration.py
T-2/etc/plugin/slave_introspection_https.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
...@@ -243,6 +243,7 @@ ...@@ -243,6 +243,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -83,6 +83,7 @@ ...@@ -83,6 +83,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -83,6 +83,7 @@ ...@@ -83,6 +83,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment