Commit 041a49c3 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Name passed parameter correctly

"parameter_dict" says nothing, whereas "software_parameter_dict" explains
source and purpose of the information.
parent d98f21c4
No related merge requests found
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 4ee9654b01dd99e36ed84ddb08814309 md5sum = d1df1988d793357de74643771b3cd62a
[profile-common] [profile-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,11 +22,11 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,11 +22,11 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend] [profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 584095eaee849764d55983beeb35c0e7 md5sum = 70fba21c38c309d5237b972626faf096
[profile-caddy-replicate] [profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = 74beef8d78df18e7fe9d5a6a3a9bf43c md5sum = 5fe2de2096fa9da9f549bd44e3c69c0e
[profile-slave-list] [profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
...@@ -114,7 +114,7 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8 ...@@ -114,7 +114,7 @@ md5sum = 38792c2dceae38ab411592ec36fff6a8
[profile-kedifa] [profile-kedifa]
filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
md5sum = b5165126e373a488fa514a724d3b1d70 md5sum = c8cfbfe7a2ef43cc7731f5ad9dd52d8d
[template-backend-haproxy-rsyslogd-conf] [template-backend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
......
...@@ -3,9 +3,9 @@ ...@@ -3,9 +3,9 @@
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
[buildout] [buildout]
extends = extends =
{{ parameter_dict['profile_common'] }} {{ software_parameter_dict['profile_common'] }}
{{ parameter_dict['profile_monitor'] }} {{ software_parameter_dict['profile_monitor'] }}
{{ parameter_dict['profile_logrotate_base'] }} {{ software_parameter_dict['profile_logrotate_base'] }}
parts = parts =
directory directory
...@@ -102,16 +102,16 @@ single-default = ${dynamic-custom-personal-profile-slave-list:rendered} ...@@ -102,16 +102,16 @@ single-default = ${dynamic-custom-personal-profile-slave-list:rendered}
single-custom-personal = ${dynamic-custom-personal-profile-slave-list:rendered} single-custom-personal = ${dynamic-custom-personal-profile-slave-list:rendered}
[frontend-configuration] [frontend-configuration]
template-log-access = {{ parameter_dict['template_log_access'] }} template-log-access = {{ software_parameter_dict['template_log_access'] }}
log-access-configuration = ${directory:etc}/log-access.conf log-access-configuration = ${directory:etc}/log-access.conf
ip-access-certificate = ${self-signed-ip-access:certificate} ip-access-certificate = ${self-signed-ip-access:certificate}
caddy-directory = {{ parameter_dict['caddy_location'] }} caddy-directory = {{ software_parameter_dict['caddy_location'] }}
caddy-ipv6 = {{ instance_parameter['ipv6-random'] }} caddy-ipv6 = {{ instance_parameter['ipv6-random'] }}
caddy-https-port = ${configuration:port} caddy-https-port = ${configuration:port}
nginx = {{ parameter_dict['nginx'] }} nginx = {{ software_parameter_dict['nginx'] }}
nginx_mime = {{ parameter_dict['nginx_mime'] }} nginx_mime = {{ software_parameter_dict['nginx_mime'] }}
htpasswd = {{ parameter_dict['htpasswd'] }} htpasswd = {{ software_parameter_dict['htpasswd'] }}
slave-introspection-template = {{ parameter_dict['template_slave_introspection_httpd_nginx'] }} slave-introspection-template = {{ software_parameter_dict['template_slave_introspection_httpd_nginx'] }}
slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf
slave-introspection-https-port = ${configuration:slave-introspection-https-port} slave-introspection-https-port = ${configuration:slave-introspection-https-port}
slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access} slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access}
...@@ -129,14 +129,14 @@ command = ...@@ -129,14 +129,14 @@ command =
[ -f ${:certificate} ] && exit 0 [ -f ${:certificate} ] && exit 0
rm -f ${:certificate} rm -f ${:certificate}
/bin/bash -c ' \ /bin/bash -c ' \
{{ parameter_dict['openssl'] }} req \ {{ software_parameter_dict['openssl'] }} req \
-new -newkey rsa:2048 -sha256 \ -new -newkey rsa:2048 -sha256 \
-nodes -x509 -days 36500 \ -nodes -x509 -days 36500 \
-keyout ${:certificate} \ -keyout ${:certificate} \
-subj "/CN=Self Signed IP Access" \ -subj "/CN=Self Signed IP Access" \
-reqexts SAN \ -reqexts SAN \
-extensions SAN \ -extensions SAN \
-config <(cat {{ parameter_dict['openssl_cnf'] }} \ -config <(cat {{ software_parameter_dict['openssl_cnf'] }} \
<(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \ <(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \
-out ${:certificate}' -out ${:certificate}'
...@@ -152,7 +152,7 @@ command = ...@@ -152,7 +152,7 @@ command =
[ -f ${:certificate} ] && exit 0 [ -f ${:certificate} ] && exit 0
rm -f ${:certificate} rm -f ${:certificate}
/bin/bash -c ' \ /bin/bash -c ' \
{{ parameter_dict['openssl'] }} req \ {{ software_parameter_dict['openssl'] }} req \
-new -newkey rsa:2048 -sha256 \ -new -newkey rsa:2048 -sha256 \
-nodes -x509 -days 36500 \ -nodes -x509 -days 36500 \
-keyout ${:certificate} \ -keyout ${:certificate} \
...@@ -168,20 +168,20 @@ slapparameter_dict = {{ dumps(instance_parameter['configuration']) }} ...@@ -168,20 +168,20 @@ slapparameter_dict = {{ dumps(instance_parameter['configuration']) }}
slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }} slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }}
context = context =
import json_module json import json_module json
raw profile_common {{ parameter_dict['profile_common'] }} raw profile_common {{ software_parameter_dict['profile_common'] }}
raw profile_logrotate_base {{ parameter_dict['profile_logrotate_base'] }} raw profile_logrotate_base {{ software_parameter_dict['profile_logrotate_base'] }}
raw profile_monitor {{ parameter_dict['profile_monitor'] }} raw profile_monitor {{ software_parameter_dict['profile_monitor'] }}
key slap_software_type :slap_software_type key slap_software_type :slap_software_type
key slapparameter_dict :slapparameter_dict key slapparameter_dict :slapparameter_dict
section directory directory section directory directory
${:extra-context} ${:extra-context}
[software-release-path] [software-release-path]
template-empty = {{ parameter_dict['template_empty'] }} template-empty = {{ software_parameter_dict['template_empty'] }}
template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }} template-default-slave-virtualhost = {{ software_parameter_dict['template_default_slave_virtualhost'] }}
template-backend-haproxy-configuration = {{ parameter_dict['template_backend_haproxy_configuration'] }} template-backend-haproxy-configuration = {{ software_parameter_dict['template_backend_haproxy_configuration'] }}
template-backend-haproxy-rsyslogd-conf = {{ parameter_dict['template_backend_haproxy_rsyslogd_conf'] }} template-backend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_backend_haproxy_rsyslogd_conf'] }}
caddy-location = {{ parameter_dict['caddy_location'] }} caddy-location = {{ software_parameter_dict['caddy_location'] }}
[kedifa-login-config] [kedifa-login-config]
d = ${directory:ca-dir} d = ${directory:ca-dir}
...@@ -199,7 +199,7 @@ organizational_unit = {{ instance_parameter['configuration.frontend-name'] }} ...@@ -199,7 +199,7 @@ organizational_unit = {{ instance_parameter['configuration.frontend-name'] }}
command = command =
{% if slapparameter_dict['kedifa-caucase-url'] %} {% if slapparameter_dict['kedifa-caucase-url'] %}
if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
{{ parameter_dict['openssl'] }} req -new -sha256 \ {{ software_parameter_dict['openssl'] }} req -new -sha256 \
-newkey rsa:2048 -nodes -keyout ${:key} \ -newkey rsa:2048 -nodes -keyout ${:key} \
-subj "/O=${:organization}/OU=${:organizational_unit}" \ -subj "/O=${:organization}/OU=${:organizational_unit}" \
-out ${:template-csr} -out ${:template-csr}
...@@ -213,7 +213,7 @@ stop-on-error = True ...@@ -213,7 +213,7 @@ stop-on-error = True
{{ caucase.updater( {{ caucase.updater(
prefix='caucase-updater', prefix='caucase-updater',
buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
updater_path='${directory:service}/kedifa-login-certificate-caucase-updater', updater_path='${directory:service}/kedifa-login-certificate-caucase-updater',
url=slapparameter_dict['kedifa-caucase-url'], url=slapparameter_dict['kedifa-caucase-url'],
data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
...@@ -231,7 +231,7 @@ certificate = ${kedifa-login-config:certificate} ...@@ -231,7 +231,7 @@ certificate = ${kedifa-login-config:certificate}
cas-ca-certificate = ${kedifa-login-config:cas-ca-certificate} cas-ca-certificate = ${kedifa-login-config:cas-ca-certificate}
csr = ${caucase-updater-csr:csr} csr = ${caucase-updater-csr:csr}
crl = ${kedifa-login-config:crl} crl = ${kedifa-login-config:crl}
kedifa-updater = {{ parameter_dict['kedifa-updater'] }} kedifa-updater = {{ software_parameter_dict['kedifa-updater'] }}
kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt kedifa-updater-mapping-file = ${directory:etc}/kedifa_updater_mapping.txt
kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json kedifa-updater-state-file = ${directory:srv}/kedifa_updater_state.json
slave_kedifa_information = {{ dumps(slapparameter_dict['slave-kedifa-information']) }} slave_kedifa_information = {{ dumps(slapparameter_dict['slave-kedifa-information']) }}
...@@ -252,7 +252,7 @@ organizational_unit = {{ instance_parameter['configuration.frontend-name'] }} ...@@ -252,7 +252,7 @@ organizational_unit = {{ instance_parameter['configuration.frontend-name'] }}
command = command =
{% if slapparameter_dict['backend-client-caucase-url'] %} {% if slapparameter_dict['backend-client-caucase-url'] %}
if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
{{ parameter_dict['openssl'] }} req -new -sha256 \ {{ software_parameter_dict['openssl'] }} req -new -sha256 \
-newkey rsa:2048 -nodes -keyout ${:key} \ -newkey rsa:2048 -nodes -keyout ${:key} \
-subj "/O=${:organization}/OU=${:organizational_unit}" \ -subj "/O=${:organization}/OU=${:organizational_unit}" \
-out ${:template-csr} -out ${:template-csr}
...@@ -266,7 +266,7 @@ stop-on-error = True ...@@ -266,7 +266,7 @@ stop-on-error = True
{{ caucase.updater( {{ caucase.updater(
prefix='backend-client-caucase-updater', prefix='backend-client-caucase-updater',
buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
updater_path='${directory:service}/backend-client-login-certificate-caucase-updater', updater_path='${directory:service}/backend-client-login-certificate-caucase-updater',
url=slapparameter_dict['backend-client-caucase-url'], url=slapparameter_dict['backend-client-caucase-url'],
data_dir='${directory:srv}/backend-client-caucase-updater', data_dir='${directory:srv}/backend-client-caucase-updater',
...@@ -280,13 +280,13 @@ stop-on-error = True ...@@ -280,13 +280,13 @@ stop-on-error = True
[dynamic-custom-personal-profile-slave-list] [dynamic-custom-personal-profile-slave-list]
< = jinja2-template-base < = jinja2-template-base
depends = ${caddyprofiledeps:recipe} depends = ${caddyprofiledeps:recipe}
template = {{ parameter_dict['profile_slave_list'] }} template = {{ software_parameter_dict['profile_slave_list'] }}
filename = custom-personal-instance-slave-list.cfg filename = custom-personal-instance-slave-list.cfg
master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }} master_key_download_url = {{ dumps(slapparameter_dict['master-key-download-url']) }}
software_type = single-custom-personal software_type = single-custom-personal
bin_directory = {{ parameter_dict['bin_directory'] }} bin_directory = {{ software_parameter_dict['bin_directory'] }}
caddy_executable = {{ parameter_dict['caddy'] }} caddy_executable = {{ software_parameter_dict['caddy'] }}
sixtunnel_executable = {{ parameter_dict['sixtunnel'] }}/bin/6tunnel sixtunnel_executable = {{ software_parameter_dict['sixtunnel'] }}/bin/6tunnel
organization = {{ slapparameter_dict['cluster-identification'] }} organization = {{ slapparameter_dict['cluster-identification'] }}
organizational-unit = {{ instance_parameter['configuration.frontend-name'] }} organizational-unit = {{ instance_parameter['configuration.frontend-name'] }}
backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] }} backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] }}
...@@ -326,7 +326,7 @@ extra-context = ...@@ -326,7 +326,7 @@ extra-context =
# Deploy Caddy Frontend with Jinja power # Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template] [dynamic-caddy-frontend-template]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_caddy_frontend_configuration'] }} template = {{ software_parameter_dict['template_caddy_frontend_configuration'] }}
rendered = ${caddy-configuration:frontend-configuration} rendered = ${caddy-configuration:frontend-configuration}
local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }} local_ipv4 = {{ dumps(instance_parameter['ipv4-random']) }}
extra-context = extra-context =
...@@ -355,7 +355,7 @@ template = inline: ...@@ -355,7 +355,7 @@ template = inline:
#!/bin/sh #!/bin/sh
export CADDYPATH=${directory:frontend_cluster} export CADDYPATH=${directory:frontend_cluster}
ulimit -n $(ulimit -Hn) ulimit -n $(ulimit -Hn)
exec {{ parameter_dict['caddy'] }} \ exec {{ software_parameter_dict['caddy'] }} \
-conf ${dynamic-caddy-frontend-template:rendered} \ -conf ${dynamic-caddy-frontend-template:rendered} \
-log ${caddy-configuration:error-log} \ -log ${caddy-configuration:error-log} \
-log-roll-mb 0 \ -log-roll-mb 0 \
...@@ -382,7 +382,7 @@ hash-files = ${caddy-wrapper:rendered} ...@@ -382,7 +382,7 @@ hash-files = ${caddy-wrapper:rendered}
recipe = plone.recipe.command recipe = plone.recipe.command
update-command = ${:command} update-command = ${:command}
filename = notfound.html filename = notfound.html
command = ln -sf {{ parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename} command = ln -sf {{ software_parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename}
[caddy-directory] [caddy-directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
...@@ -451,7 +451,7 @@ delaycompress = ...@@ -451,7 +451,7 @@ delaycompress =
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
configuration = ${directory:etc}/trafficserver configuration = ${directory:etc}/trafficserver
local-state = ${directory:var}/trafficserver local-state = ${directory:var}/trafficserver
bin_path = {{ parameter_dict['trafficserver'] }}/bin bin_path = {{ software_parameter_dict['trafficserver'] }}/bin
log = ${directory:log}/trafficserver log = ${directory:log}/trafficserver
cache-path = ${directory:srv}/ats_cache cache-path = ${directory:srv}/ats_cache
logrotate-backup = ${logrotate-directory:logrotate-backup}/trafficserver logrotate-backup = ${logrotate-directory:logrotate-backup}/trafficserver
...@@ -467,24 +467,24 @@ ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow ...@@ -467,24 +467,24 @@ ip-allow-config = src_ip=0.0.0.0-255.255.255.255 action=ip_allow
cache-path = ${trafficserver-directory:cache-path} cache-path = ${trafficserver-directory:cache-path}
disk-cache-size = ${configuration:disk-cache-size} disk-cache-size = ${configuration:disk-cache-size}
ram-cache-size = ${configuration:ram-cache-size} ram-cache-size = ${configuration:ram-cache-size}
templates-dir = {{ parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory templates-dir = {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory
request-timeout = ${configuration:request-timeout} request-timeout = ${configuration:request-timeout}
[trafficserver-configuration-directory] [trafficserver-configuration-directory]
recipe = plone.recipe.command recipe = plone.recipe.command
command = cp -rn {{ parameter_dict['trafficserver'] }}/etc/trafficserver/* ${:target} command = cp -rn {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/* ${:target}
target = ${trafficserver-directory:configuration} target = ${trafficserver-directory:configuration}
[trafficserver-launcher] [trafficserver-launcher]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_manager command-line = {{ software_parameter_dict['trafficserver'] }}/bin/traffic_manager
wrapper-path = ${trafficserver-variable:wrapper-path} wrapper-path = ${trafficserver-variable:wrapper-path}
environment = TS_ROOT=${buildout:directory} environment = TS_ROOT=${buildout:directory}
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[trafficserver-reload] [trafficserver-reload]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_ctl config reload command-line = {{ software_parameter_dict['trafficserver'] }}/bin/traffic_ctl config reload
wrapper-path = ${trafficserver-variable:reload-path} wrapper-path = ${trafficserver-variable:reload-path}
environment = TS_ROOT=${buildout:directory} environment = TS_ROOT=${buildout:directory}
...@@ -501,19 +501,19 @@ context = ...@@ -501,19 +501,19 @@ context =
[trafficserver-records-config] [trafficserver-records-config]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_records_config'] }} template = {{ software_parameter_dict['template_trafficserver_records_config'] }}
filename = records.config filename = records.config
extra-context = extra-context =
import os_module os import os_module os
[trafficserver-storage-config] [trafficserver-storage-config]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_storage_config'] }} template = {{ software_parameter_dict['template_trafficserver_storage_config'] }}
filename = storage.config filename = storage.config
[trafficserver-logging-yaml] [trafficserver-logging-yaml]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_logging_yaml'] }} template = {{ software_parameter_dict['template_trafficserver_logging_yaml'] }}
filename = logging.yaml filename = logging.yaml
[trafficserver-remap-config] [trafficserver-remap-config]
...@@ -532,14 +532,14 @@ filename = remap.config ...@@ -532,14 +532,14 @@ filename = remap.config
[trafficserver-plugin-config] [trafficserver-plugin-config]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
filename = plugin.config filename = plugin.config
context = context =
key content trafficserver-variable:plugin-config key content trafficserver-variable:plugin-config
[trafficserver-ip-allow-config] [trafficserver-ip-allow-config]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
filename = ip_allow.config filename = ip_allow.config
context = context =
key content trafficserver-variable:ip-allow-config key content trafficserver-variable:ip-allow-config
...@@ -553,7 +553,7 @@ config-port = ${trafficserver-variable:input-port} ...@@ -553,7 +553,7 @@ config-port = ${trafficserver-variable:input-port}
[trafficserver-ctl] [trafficserver-ctl]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['trafficserver'] }}/bin/traffic_ctl command-line = {{ software_parameter_dict['trafficserver'] }}/bin/traffic_ctl
wrapper-path = ${directory:bin}/traffic_ctl wrapper-path = ${directory:bin}/traffic_ctl
environment = TS_ROOT=${buildout:directory} environment = TS_ROOT=${buildout:directory}
...@@ -565,10 +565,10 @@ config-wrapper-path = ${trafficserver-ctl:wrapper-path} ...@@ -565,10 +565,10 @@ config-wrapper-path = ${trafficserver-ctl:wrapper-path}
[trafficserver-rotate-script] [trafficserver-rotate-script]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_rotate_script'] }} template = {{ software_parameter_dict['template_rotate_script'] }}
rendered = ${directory:bin}/trafficserver-rotate rendered = ${directory:bin}/trafficserver-rotate
mode = 0700 mode = 0700
xz_binary = {{ parameter_dict['xz_location'] ~ '/bin/xz' }} xz_binary = {{ software_parameter_dict['xz_location'] ~ '/bin/xz' }}
pattern = *.old pattern = *.old
# days to keep log files # days to keep log files
keep_days = 365 keep_days = 365
...@@ -592,12 +592,12 @@ command = ${trafficserver-rotate-script:rendered} ...@@ -592,12 +592,12 @@ command = ${trafficserver-rotate-script:rendered}
### Caddy Graceful and promises ### Caddy Graceful and promises
[frontend-caddy-configuration-state] [frontend-caddy-configuration-state]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_configuration_state_script'] }} template = {{ software_parameter_dict['template_configuration_state_script'] }}
rendered = ${directory:bin}/${:_buildout_section_name_} rendered = ${directory:bin}/${:_buildout_section_name_}
mode = 0700 mode = 0700
path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
sha256sum = {{ parameter_dict['sha256sum'] }} sha256sum = {{ software_parameter_dict['sha256sum'] }}
extra-context = extra-context =
key path_list :path_list key path_list :path_list
...@@ -614,7 +614,7 @@ signature_file = ${directory:run}/validate_configuration_state_signature ...@@ -614,7 +614,7 @@ signature_file = ${directory:run}/validate_configuration_state_signature
[frontend-caddy-graceful] [frontend-caddy-graceful]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_graceful_script'] }} template = {{ software_parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/frontend-caddy-safe-graceful rendered = ${directory:etc-run}/frontend-caddy-safe-graceful
mode = 0700 mode = 0700
...@@ -624,7 +624,7 @@ extra-context = ...@@ -624,7 +624,7 @@ extra-context =
[frontend-caddy-validate] [frontend-caddy-validate]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_validate_script'] }} template = {{ software_parameter_dict['template_validate_script'] }}
rendered = ${directory:bin}/frontend-caddy-validate rendered = ${directory:bin}/frontend-caddy-validate
mode = 0700 mode = 0700
last_state_file = ${directory:run}/caddy_configuration_last_state last_state_file = ${directory:run}/caddy_configuration_last_state
...@@ -636,7 +636,7 @@ extra-context = ...@@ -636,7 +636,7 @@ extra-context =
[frontend-caddy-lazy-graceful] [frontend-caddy-lazy-graceful]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_caddy_lazy_script_call'] }} template = {{ software_parameter_dict['template_caddy_lazy_script_call'] }}
rendered = ${directory:bin}/frontend-caddy-lazy-graceful rendered = ${directory:bin}/frontend-caddy-lazy-graceful
mode = 0700 mode = 0700
pid-file = ${directory:run}/lazy-graceful.pid pid-file = ${directory:run}/lazy-graceful.pid
...@@ -649,7 +649,7 @@ extra-context = ...@@ -649,7 +649,7 @@ extra-context =
# Promises checking configuration: # Promises checking configuration:
[promise-helper-last-configuration-state] [promise-helper-last-configuration-state]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
rendered = ${directory:bin}/frontend-read-last-configuration-state rendered = ${directory:bin}/frontend-read-last-configuration-state
mode = 0700 mode = 0700
content = content =
...@@ -730,13 +730,13 @@ statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connecti ...@@ -730,13 +730,13 @@ statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connecti
[backend-haproxy] [backend-haproxy]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} command-line = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file}
wrapper-path = ${directory:service}/backend-haproxy wrapper-path = ${directory:service}/backend-haproxy
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[backend-haproxy-rsyslogd-lazy-graceful] [backend-haproxy-rsyslogd-lazy-graceful]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_caddy_lazy_script_call'] }} template = {{ software_parameter_dict['template_caddy_lazy_script_call'] }}
rendered = ${directory:bin}/backend-haproxy-rsyslogd-lazy-graceful rendered = ${directory:bin}/backend-haproxy-rsyslogd-lazy-graceful
mode = 0700 mode = 0700
pid-file = ${directory:run}/backend-haproxy-rsyslogd-lazy-graceful.pid pid-file = ${directory:run}/backend-haproxy-rsyslogd-lazy-graceful.pid
...@@ -761,12 +761,12 @@ delaycompress = ...@@ -761,12 +761,12 @@ delaycompress =
[backend-haproxy-configuration-state] [backend-haproxy-configuration-state]
<= jinja2-template-base <= jinja2-template-base
template = {{ parameter_dict['template_configuration_state_script'] }} template = {{ software_parameter_dict['template_configuration_state_script'] }}
rendered = ${directory:bin}/${:_buildout_section_name_} rendered = ${directory:bin}/${:_buildout_section_name_}
mode = 0700 mode = 0700
path_list = ${backend-haproxy-configuration:file} ${backend-client-login-config:certificate} path_list = ${backend-haproxy-configuration:file} ${backend-client-login-config:certificate}
sha256sum = {{ parameter_dict['sha256sum'] }} sha256sum = {{ software_parameter_dict['sha256sum'] }}
extra-context = extra-context =
key path_list :path_list key path_list :path_list
...@@ -783,7 +783,7 @@ signature_file = ${directory:run}/backend_haproxy_validate_configuration_state_s ...@@ -783,7 +783,7 @@ signature_file = ${directory:run}/backend_haproxy_validate_configuration_state_s
[backend-haproxy-graceful] [backend-haproxy-graceful]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_graceful_script'] }} template = {{ software_parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/backend-haproxy-safe-graceful rendered = ${directory:etc-run}/backend-haproxy-safe-graceful
mode = 0700 mode = 0700
...@@ -793,11 +793,11 @@ extra-context = ...@@ -793,11 +793,11 @@ extra-context =
[backend-haproxy-validate] [backend-haproxy-validate]
<= jinja2-template-base <= jinja2-template-base
template = {{ parameter_dict['template_validate_script'] }} template = {{ software_parameter_dict['template_validate_script'] }}
rendered = ${directory:bin}/backend-haproxy-validate rendered = ${directory:bin}/backend-haproxy-validate
mode = 0700 mode = 0700
last_state_file = ${directory:run}/backend_haproxy_configuration_last_state last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
validate_command = {{ parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c
extra-context = extra-context =
key validate_command :validate_command key validate_command :validate_command
key configuration_state_command backend-haproxy-configuration-state-validate:rendered key configuration_state_command backend-haproxy-configuration-state-validate:rendered
...@@ -811,7 +811,7 @@ config-verification-script = ${promise-backend-haproxy-configuration-helper:rend ...@@ -811,7 +811,7 @@ config-verification-script = ${promise-backend-haproxy-configuration-helper:rend
[promise-backend-haproxy-configuration-helper] [promise-backend-haproxy-configuration-helper]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
rendered = ${directory:bin}/backend-haproxy-read-last-configuration-state rendered = ${directory:bin}/backend-haproxy-read-last-configuration-state
mode = 0700 mode = 0700
content = content =
...@@ -837,7 +837,7 @@ extra-context = ...@@ -837,7 +837,7 @@ extra-context =
[backend-haproxy-rsyslogd] [backend-haproxy-rsyslogd]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['rsyslogd_executable'] }} -i ${backend-haproxy-rsyslogd-config:pid-file} -n -f ${backend-haproxy-rsyslogd-configuration:rendered} command-line = {{ software_parameter_dict['rsyslogd_executable'] }} -i ${backend-haproxy-rsyslogd-config:pid-file} -n -f ${backend-haproxy-rsyslogd-configuration:rendered}
wrapper-path = ${directory:service}/backend-haproxy-rsyslogd wrapper-path = ${directory:service}/backend-haproxy-rsyslogd
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
...@@ -859,35 +859,35 @@ private-path-list += ...@@ -859,35 +859,35 @@ private-path-list +=
[monitor-traffic-summary-last-stats-wrapper] [monitor-traffic-summary-last-stats-wrapper]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }} template = {{ software_parameter_dict['template_wrapper'] }}
rendered = ${directory:bin}/traffic-summary-last-stats_every_1_hour rendered = ${directory:bin}/traffic-summary-last-stats_every_1_hour
mode = 0700 mode = 0700
command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ parameter_dict['trafficserver'] }}/bin/traffic_logstats -f ${trafficserver-directory:log}/squid.blog)</pre>" command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ software_parameter_dict['trafficserver'] }}/bin/traffic_logstats -f ${trafficserver-directory:log}/squid.blog)</pre>"
extra-context = extra-context =
key content monitor-traffic-summary-last-stats-wrapper:command key content monitor-traffic-summary-last-stats-wrapper:command
# Produce ATS Cache stats # Produce ATS Cache stats
[monitor-ats-cache-stats-wrapper] [monitor-ats-cache-stats-wrapper]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }} template = {{ software_parameter_dict['template_wrapper'] }}
rendered = ${directory:bin}/ats-cache-stats_every_1_hour rendered = ${directory:bin}/ats-cache-stats_every_1_hour
mode = 0700 mode = 0700
command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ parameter_dict['trafficserver'] }}/bin/traffic_shell ${monitor-ats-cache-stats-config:rendered})</pre>" command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ software_parameter_dict['trafficserver'] }}/bin/traffic_shell ${monitor-ats-cache-stats-config:rendered})</pre>"
extra-context = extra-context =
key content monitor-ats-cache-stats-wrapper:command key content monitor-ats-cache-stats-wrapper:command
[monitor-caddy-server-status-wrapper] [monitor-caddy-server-status-wrapper]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }} template = {{ software_parameter_dict['template_wrapper'] }}
rendered = ${directory:bin}/monitor-caddy-server-status-wrapper rendered = ${directory:bin}/monitor-caddy-server-status-wrapper
mode = 0700 mode = 0700
command = {{ parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1 command = {{ software_parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1
extra-context = extra-context =
key content monitor-caddy-server-status-wrapper:command key content monitor-caddy-server-status-wrapper:command
[monitor-ats-cache-stats-config] [monitor-ats-cache-stats-config]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
rendered = ${trafficserver-configuration-directory:target}/cache-config.stats rendered = ${trafficserver-configuration-directory:target}/cache-config.stats
mode = 644 mode = 644
context = context =
...@@ -931,12 +931,12 @@ return = domain secure_access ...@@ -931,12 +931,12 @@ return = domain secure_access
[slave-introspection-configuration-state] [slave-introspection-configuration-state]
<= jinja2-template-base <= jinja2-template-base
template = {{ parameter_dict['template_configuration_state_script'] }} template = {{ software_parameter_dict['template_configuration_state_script'] }}
rendered = ${directory:bin}/${:_buildout_section_name_} rendered = ${directory:bin}/${:_buildout_section_name_}
mode = 0700 mode = 0700
path_list = ${frontend-configuration:slave-introspection-configuration} ${frontend-configuration:ip-access-certificate} path_list = ${frontend-configuration:slave-introspection-configuration} ${frontend-configuration:ip-access-certificate}
sha256sum = {{ parameter_dict['sha256sum'] }} sha256sum = {{ software_parameter_dict['sha256sum'] }}
extra-context = extra-context =
key path_list :path_list key path_list :path_list
...@@ -953,7 +953,7 @@ signature_file = ${directory:run}/slave_introspection_validate_configuration_sta ...@@ -953,7 +953,7 @@ signature_file = ${directory:run}/slave_introspection_validate_configuration_sta
[slave-introspection-graceful] [slave-introspection-graceful]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_graceful_script'] }} template = {{ software_parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/slave-introspection-safe-graceful rendered = ${directory:etc-run}/slave-introspection-safe-graceful
mode = 0700 mode = 0700
...@@ -963,11 +963,11 @@ extra-context = ...@@ -963,11 +963,11 @@ extra-context =
[slave-introspection-validate] [slave-introspection-validate]
<= jinja2-template-base <= jinja2-template-base
template = {{ parameter_dict['template_validate_script'] }} template = {{ software_parameter_dict['template_validate_script'] }}
rendered = ${directory:bin}/slave-introspection-validate rendered = ${directory:bin}/slave-introspection-validate
mode = 0700 mode = 0700
last_state_file = ${directory:run}/slave_introspection_configuration_last_state last_state_file = ${directory:run}/slave_introspection_configuration_last_state
validate_command = {{ parameter_dict['nginx'] }} -c ${frontend-configuration:slave-introspection-configuration} -t validate_command = {{ software_parameter_dict['nginx'] }} -c ${frontend-configuration:slave-introspection-configuration} -t
extra-context = extra-context =
key validate_command :validate_command key validate_command :validate_command
key configuration_state_command slave-introspection-configuration-state-validate:rendered key configuration_state_command slave-introspection-configuration-state-validate:rendered
...@@ -981,7 +981,7 @@ config-verification-script = ${promise-slave-introspection-configuration-helper: ...@@ -981,7 +981,7 @@ config-verification-script = ${promise-slave-introspection-configuration-helper:
[promise-slave-introspection-configuration-helper] [promise-slave-introspection-configuration-helper]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
rendered = ${directory:bin}/slave-introspection-read-last-configuration-state rendered = ${directory:bin}/slave-introspection-read-last-configuration-state
mode = 0700 mode = 0700
content = content =
......
...@@ -20,7 +20,7 @@ rendered = ${buildout:directory}/${:filename} ...@@ -20,7 +20,7 @@ rendered = ${buildout:directory}/${:filename}
extra-context = extra-context =
context = context =
import json_module json import json_module json
raw profile_common {{ parameter_dict['profile_common'] }} raw profile_common {{ software_parameter_dict['profile_common'] }}
${:extra-context} ${:extra-context}
{% set popen = functools_module.partial(subprocess_module.Popen, stdout=subprocess_module.PIPE, stderr=subprocess_module.STDOUT, stdin=subprocess_module.PIPE) %} {% set popen = functools_module.partial(subprocess_module.Popen, stdout=subprocess_module.PIPE, stderr=subprocess_module.STDOUT, stdin=subprocess_module.PIPE) %}
...@@ -142,7 +142,7 @@ context = ...@@ -142,7 +142,7 @@ context =
{% for url_key in ['url', 'https-url'] %} {% for url_key in ['url', 'https-url'] %}
{% if url_key in slave %} {% if url_key in slave %}
{% set url = (slave[url_key] or '').strip() %} {% set url = (slave[url_key] or '').strip() %}
{% if subprocess_module.call([parameter_dict['caddy_backend_url_validator'], url]) == 1 or not validators.url(url) %} {% if subprocess_module.call([software_parameter_dict['caddy_backend_url_validator'], url]) == 1 or not validators.url(url) %}
{% do slave_error_list.append('slave %s %r invalid' % (url_key, url)) %} {% do slave_error_list.append('slave %s %r invalid' % (url_key, url)) %}
{% elif url != slave[url_key] %} {% elif url != slave[url_key] %}
{% do slave_warning_list.append('slave %s %r has been converted to %r' % (url_key, slave[url_key], url)) %} {% do slave_warning_list.append('slave %s %r has been converted to %r' % (url_key, slave[url_key], url)) %}
...@@ -151,7 +151,7 @@ context = ...@@ -151,7 +151,7 @@ context =
{% endfor %} {% endfor %}
{% if 'ssl_proxy_ca_crt' in slave %} {% if 'ssl_proxy_ca_crt' in slave %}
{% set ssl_proxy_ca_crt = slave.get('ssl_proxy_ca_crt', '') %} {% set ssl_proxy_ca_crt = slave.get('ssl_proxy_ca_crt', '') %}
{% set check_popen = popen([parameter_dict['openssl'], 'x509', '-noout']) %} {% set check_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout']) %}
{% do check_popen.communicate(ssl_proxy_ca_crt) %} {% do check_popen.communicate(ssl_proxy_ca_crt) %}
{% if check_popen.returncode != 0 %} {% if check_popen.returncode != 0 %}
{% do slave_error_list.append('ssl_proxy_ca_crt is invalid') %} {% do slave_error_list.append('ssl_proxy_ca_crt is invalid') %}
...@@ -167,8 +167,8 @@ context = ...@@ -167,8 +167,8 @@ context =
{% do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required') %} {% do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required') %}
{% endif %} {% endif %}
{% if slave.get('ssl_key') and slave.get('ssl_crt') %} {% if slave.get('ssl_key') and slave.get('ssl_crt') %}
{% set key_popen = popen([parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %} {% set key_popen = popen([software_parameter_dict['openssl'], 'rsa', '-noout', '-modulus']) %}
{% set crt_popen = popen([parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %} {% set crt_popen = popen([software_parameter_dict['openssl'], 'x509', '-noout', '-modulus']) %}
{% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %} {% set key_modulus = key_popen.communicate(slave['ssl_key'])[0] | trim %}
{% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %} {% set crt_modulus = crt_popen.communicate(slave['ssl_crt'])[0] | trim %}
{% if not key_modulus or key_modulus != crt_modulus %} {% if not key_modulus or key_modulus != crt_modulus %}
...@@ -375,7 +375,7 @@ active-slave-instance-list = {{ json_module.dumps(active_slave_instance_list, so ...@@ -375,7 +375,7 @@ active-slave-instance-list = {{ json_module.dumps(active_slave_instance_list, so
[dynamic-publish-slave-information] [dynamic-publish-slave-information]
< = jinja2-template-base < = jinja2-template-base
template = {{ parameter_dict['profile_replicate_publish_slave_information'] }} template = {{ software_parameter_dict['profile_replicate_publish_slave_information'] }}
filename = dynamic-publish-slave-information.cfg filename = dynamic-publish-slave-information.cfg
extensions = jinja2.ext.do extensions = jinja2.ext.do
extra-context = extra-context =
...@@ -422,7 +422,7 @@ organization = {{ cluster_identification }} ...@@ -422,7 +422,7 @@ organization = {{ cluster_identification }}
organizational_unit = Automatic Internal Kedifa Caucase CSR organizational_unit = Automatic Internal Kedifa Caucase CSR
command = command =
if [ ! -f ${:csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:csr} ] && [ ! -f ${:key} ] ; then
{{ parameter_dict['openssl'] }} req -new -sha256 \ {{ software_parameter_dict['openssl'] }} req -new -sha256 \
-newkey rsa:2048 -nodes -keyout ${:key} \ -newkey rsa:2048 -nodes -keyout ${:key} \
-subj "/O=${:organization}/OU=${:organizational_unit}" \ -subj "/O=${:organization}/OU=${:organizational_unit}" \
-out ${:csr} -out ${:csr}
...@@ -438,8 +438,8 @@ stop-on-error = True ...@@ -438,8 +438,8 @@ stop-on-error = True
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
context = context =
key caucase_url aikc-config:caucase-url key caucase_url aikc-config:caucase-url
template = inline:#!{{ parameter_dict['dash'] }}/bin/dash template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
exec {{ parameter_dict['bin_directory'] }}/caucase \ exec {{ software_parameter_dict['bin_directory'] }}/caucase \
{# raw block to use context #} {# raw block to use context #}
{% raw %} {% raw %}
--ca-url {{ caucase_url }} \ --ca-url {{ caucase_url }} \
...@@ -472,7 +472,7 @@ command = ...@@ -472,7 +472,7 @@ command =
{% do part_list.append('aikc-user-caucase-updater-promise') %} {% do part_list.append('aikc-user-caucase-updater-promise') %}
{{ caucase.updater( {{ caucase.updater(
prefix='aikc-user-caucase-updater', prefix='aikc-user-caucase-updater',
buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
updater_path='${directory:service}/aikc-user-caucase-updater', updater_path='${directory:service}/aikc-user-caucase-updater',
url='${aikc-config:caucase-url}', url='${aikc-config:caucase-url}',
data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
...@@ -503,7 +503,7 @@ recipe = slapos.recipe.template:jinja2 ...@@ -503,7 +503,7 @@ recipe = slapos.recipe.template:jinja2
context = context =
key csr_id_url request-{{ csr }}:connection-csr_id-url key csr_id_url request-{{ csr }}:connection-csr_id-url
key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate
template = inline:#!{{ parameter_dict['dash'] }}/bin/dash template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
test -f ${directory:aikc}/{{ csr }}-done && exit 0 test -f ${directory:aikc}/{{ csr }}-done && exit 0
${buildout:executable} ${aikc-check-certificate:rendered} \ ${buildout:executable} ${aikc-check-certificate:rendered} \
{# raw block to use context #} {# raw block to use context #}
...@@ -512,7 +512,7 @@ template = inline:#!{{ parameter_dict['dash'] }}/bin/dash ...@@ -512,7 +512,7 @@ template = inline:#!{{ parameter_dict['dash'] }}/bin/dash
"""{{ csr_id_certificate }}""" """{{ csr_id_certificate }}"""
{% endraw %} {% endraw %}
if [ $? = 0 ]; then if [ $? = 0 ]; then
csr_id=`{{ parameter_dict['curl'] }}/bin/curl -s -k -g \ csr_id=`{{ software_parameter_dict['curl'] }}/bin/curl -s -k -g \
{% raw %} {% raw %}
{{ csr_id_url }} \ {{ csr_id_url }} \
{% endraw %} {% endraw %}
...@@ -554,7 +554,7 @@ organization = {{ cluster_identification }} ...@@ -554,7 +554,7 @@ organization = {{ cluster_identification }}
organizational_unit = Automatic Sign Backend Client Caucase CSR organizational_unit = Automatic Sign Backend Client Caucase CSR
command = command =
if [ ! -f ${:csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:csr} ] && [ ! -f ${:key} ] ; then
{{ parameter_dict['openssl'] }} req -new -sha256 \ {{ software_parameter_dict['openssl'] }} req -new -sha256 \
-newkey rsa:2048 -nodes -keyout ${:key} \ -newkey rsa:2048 -nodes -keyout ${:key} \
-subj "/O=${:organization}/OU=${:organizational_unit}" \ -subj "/O=${:organization}/OU=${:organizational_unit}" \
-out ${:csr} -out ${:csr}
...@@ -570,8 +570,8 @@ stop-on-error = True ...@@ -570,8 +570,8 @@ stop-on-error = True
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
context = context =
key caucase_url aibcc-config:caucase-url key caucase_url aibcc-config:caucase-url
template = inline:#!{{ parameter_dict['dash'] }}/bin/dash template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
exec {{ parameter_dict['bin_directory'] }}/caucase \ exec {{ software_parameter_dict['bin_directory'] }}/caucase \
{# raw block to use context #} {# raw block to use context #}
{% raw %} {% raw %}
--ca-url {{ caucase_url }} \ --ca-url {{ caucase_url }} \
...@@ -606,7 +606,7 @@ command = ...@@ -606,7 +606,7 @@ command =
{% do part_list.append('aibcc-user-caucase-updater-promise') %} {% do part_list.append('aibcc-user-caucase-updater-promise') %}
{{ caucase.updater( {{ caucase.updater(
prefix='aibcc-user-caucase-updater', prefix='aibcc-user-caucase-updater',
buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
updater_path='${directory:service}/aibcc-user-caucase-updater', updater_path='${directory:service}/aibcc-user-caucase-updater',
url='${aibcc-config:caucase-url}', url='${aibcc-config:caucase-url}',
data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
...@@ -636,7 +636,7 @@ recipe = slapos.recipe.template:jinja2 ...@@ -636,7 +636,7 @@ recipe = slapos.recipe.template:jinja2
context = context =
key csr_id_url request-{{ csr }}:connection-backend-client-csr_id-url key csr_id_url request-{{ csr }}:connection-backend-client-csr_id-url
key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate key csr_id_certificate request-{{ csr }}:connection-csr_id-certificate
template = inline:#!{{ parameter_dict['dash'] }}/bin/dash template = inline:#!{{ software_parameter_dict['dash'] }}/bin/dash
test -f ${directory:aibcc}/{{ csr }}-done && exit 0 test -f ${directory:aibcc}/{{ csr }}-done && exit 0
${buildout:executable} ${aibcc-check-certificate:rendered} \ ${buildout:executable} ${aibcc-check-certificate:rendered} \
{# raw block to use context #} {# raw block to use context #}
...@@ -645,7 +645,7 @@ template = inline:#!{{ parameter_dict['dash'] }}/bin/dash ...@@ -645,7 +645,7 @@ template = inline:#!{{ parameter_dict['dash'] }}/bin/dash
"""{{ csr_id_certificate }}""" """{{ csr_id_certificate }}"""
{% endraw %} {% endraw %}
if [ $? = 0 ]; then if [ $? = 0 ]; then
csr_id=`{{ parameter_dict['curl'] }}/bin/curl -s -k -g \ csr_id=`{{ software_parameter_dict['curl'] }}/bin/curl -s -k -g \
{% raw %} {% raw %}
{{ csr_id_url }} \ {{ csr_id_url }} \
{% endraw %} {% endraw %}
...@@ -670,7 +670,7 @@ recipe = slapos.recipe.template:jinja2 ...@@ -670,7 +670,7 @@ recipe = slapos.recipe.template:jinja2
filename = rejected-slave.json filename = rejected-slave.json
directory = ${directory:promise-output} directory = ${directory:promise-output}
rendered = ${:directory}/${:filename} rendered = ${:directory}/${:filename}
template = {{ parameter_dict['template_empty'] }} template = {{ software_parameter_dict['template_empty'] }}
{% if rejected_slave_title_dict %} {% if rejected_slave_title_dict %}
{# sort_keys are important in order to avoid shuffling parameters on each run #} {# sort_keys are important in order to avoid shuffling parameters on each run #}
content = {{ dumps(json_module.dumps(rejected_slave_title_dict, indent=2, sort_keys=True)) }} content = {{ dumps(json_module.dumps(rejected_slave_title_dict, indent=2, sort_keys=True)) }}
...@@ -692,7 +692,7 @@ port = 14455 ...@@ -692,7 +692,7 @@ port = 14455
directory = ${rejected-slave-json:directory} directory = ${rejected-slave-json:directory}
url = https://${rejected-slave-password:user}:${rejected-slave-password:passwd}@[${rejected-slave-publish-configuration:ip}]:${rejected-slave-publish-configuration:port}/${rejected-slave-json:filename} url = https://${rejected-slave-password:user}:${rejected-slave-password:passwd}@[${rejected-slave-publish-configuration:ip}]:${rejected-slave-publish-configuration:port}/${rejected-slave-json:filename}
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['caddy'] }} command-line = {{ software_parameter_dict['caddy'] }}
-conf ${rejected-slave-template:rendered} -conf ${rejected-slave-template:rendered}
-log stderr -log stderr
-http2=true -http2=true
...@@ -761,7 +761,7 @@ config-url = ${rejected-slave-publish:url} ...@@ -761,7 +761,7 @@ config-url = ${rejected-slave-publish:url}
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{{ caucase.caucased( {{ caucase.caucased(
prefix='caucased-backend-client', prefix='caucased-backend-client',
buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
caucased_path='${directory:service}/caucased-backend-client', caucased_path='${directory:service}/caucased-backend-client',
backup_dir='${directory:backup-caucased}', backup_dir='${directory:backup-caucased}',
data_dir='${directory:caucased}', data_dir='${directory:caucased}',
...@@ -773,8 +773,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -773,8 +773,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[buildout] [buildout]
extends = extends =
{{ parameter_dict['profile_common'] }} {{ software_parameter_dict['profile_common'] }}
{{ parameter_dict['profile_monitor2'] }} {{ software_parameter_dict['profile_monitor2'] }}
parts = parts =
monitor-base monitor-base
publish-slave-information publish-slave-information
......
...@@ -3,9 +3,9 @@ ...@@ -3,9 +3,9 @@
# KeDiFa instance profile # KeDiFa instance profile
[buildout] [buildout]
extends = extends =
{{ parameter_dict['profile_common'] }} {{ software_parameter_dict['profile_common'] }}
{{ parameter_dict['profile_monitor'] }} {{ software_parameter_dict['profile_monitor'] }}
{{ parameter_dict['profile_logrotate_base'] }} {{ software_parameter_dict['profile_logrotate_base'] }}
parts = parts =
monitor-base monitor-base
...@@ -36,7 +36,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -36,7 +36,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{% set caucase_url = 'http://' ~ caucase_netloc -%} {% set caucase_url = 'http://' ~ caucase_netloc -%}
{{ caucase.caucased( {{ caucase.caucased(
prefix='caucased', prefix='caucased',
buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
caucased_path='${directory:service}/caucased', caucased_path='${directory:service}/caucased',
backup_dir='${directory:backup-caucased}', backup_dir='${directory:backup-caucased}',
data_dir='${directory:caucased}', data_dir='${directory:caucased}',
...@@ -83,11 +83,11 @@ organization = {{ slapparameter_dict['cluster-identification'] }} ...@@ -83,11 +83,11 @@ organization = {{ slapparameter_dict['cluster-identification'] }}
organizational_unit = Kedifa Partition organizational_unit = Kedifa Partition
command = command =
if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
/bin/bash -c '{{ parameter_dict['openssl'] }} req -new -sha256 \ /bin/bash -c '{{ software_parameter_dict['openssl'] }} req -new -sha256 \
-newkey rsa:2048 -nodes -keyout ${:key} \ -newkey rsa:2048 -nodes -keyout ${:key} \
-subj "/O=${:organization}/OU=${:organizational_unit}" \ -subj "/O=${:organization}/OU=${:organizational_unit}" \
-reqexts SAN \ -reqexts SAN \
-config <(cat {{ parameter_dict['openssl_cnf'] }} \ -config <(cat {{ software_parameter_dict['openssl_cnf'] }} \
<(printf "\n[SAN]\nsubjectAltName=IP:${kedifa-config:ip}")) \ <(printf "\n[SAN]\nsubjectAltName=IP:${kedifa-config:ip}")) \
-out ${:template-csr}' -out ${:template-csr}'
fi fi
...@@ -98,7 +98,7 @@ stop-on-error = True ...@@ -98,7 +98,7 @@ stop-on-error = True
{{ caucase.updater( {{ caucase.updater(
prefix='caucase-updater', prefix='caucase-updater',
buildout_bin_directory=parameter_dict['bin_directory'], buildout_bin_directory=software_parameter_dict['bin_directory'],
updater_path='${directory:service}/caucase-updater', updater_path='${directory:service}/caucase-updater',
url=caucase_url, url=caucase_url,
data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
...@@ -119,7 +119,7 @@ csr_work_path = ${directory:tmp}/${:_buildout_section_name_} ...@@ -119,7 +119,7 @@ csr_work_path = ${directory:tmp}/${:_buildout_section_name_}
stop-on-error = False stop-on-error = False
update-command = ${:command} update-command = ${:command}
command = command =
{{ parameter_dict['bin_directory'] }}/caucase \ {{ software_parameter_dict['bin_directory'] }}/caucase \
--ca-url {{ caucase_url }} \ --ca-url {{ caucase_url }} \
--ca-crt ${kedifa-config:ca-certificate} \ --ca-crt ${kedifa-config:ca-certificate} \
--crl ${kedifa-config:crl} \ --crl ${kedifa-config:crl} \
...@@ -138,7 +138,7 @@ stop-on-error = True ...@@ -138,7 +138,7 @@ stop-on-error = True
update-command = ${:command} update-command = ${:command}
command = command =
if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then if ! [ -f ${:key} ] && ! [ -f ${:certificate} ] ; then
{{ parameter_dict['openssl'] }} req -new -newkey rsa:2048 -sha256 -subj \ {{ software_parameter_dict['openssl'] }} req -new -newkey rsa:2048 -sha256 -subj \
"/O=${kedifa-csr:organization}/OU=${kedifa-csr:organizational_unit}/CN={{ instance_parameter['ipv6-random'] }}" \ "/O=${kedifa-csr:organization}/OU=${kedifa-csr:organizational_unit}/CN={{ instance_parameter['ipv6-random'] }}" \
-days 5 -nodes -x509 -keyout ${:key} -out ${:certificate} -days 5 -nodes -x509 -keyout ${:key} -out ${:certificate}
fi fi
...@@ -171,7 +171,7 @@ config-port = ${expose-csr_id-configuration:port} ...@@ -171,7 +171,7 @@ config-port = ${expose-csr_id-configuration:port}
[expose-csr_id] [expose-csr_id]
depends = ${store-csr_id:command} depends = ${store-csr_id:command}
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['caddy'] }} command-line = {{ software_parameter_dict['caddy'] }}
-conf ${expose-csr_id-template:rendered} -conf ${expose-csr_id-template:rendered}
-log ${expose-csr_id-configuration:error-log} -log ${expose-csr_id-configuration:error-log}
-http2=true -http2=true
...@@ -195,7 +195,7 @@ slapparameter_dict = {{ dumps(instance_parameter['configuration']) }} ...@@ -195,7 +195,7 @@ slapparameter_dict = {{ dumps(instance_parameter['configuration']) }}
slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }} slap_software_type = {{ dumps(instance_parameter['slap-software-type']) }}
context = context =
import json_module json import json_module json
raw profile_common {{ parameter_dict['profile_common'] }} raw profile_common {{ software_parameter_dict['profile_common'] }}
key slap_software_type :slap_software_type key slap_software_type :slap_software_type
key slapparameter_dict :slapparameter_dict key slapparameter_dict :slapparameter_dict
section directory directory section directory directory
...@@ -215,7 +215,7 @@ logfile = ${directory:log}/kedifa.log ...@@ -215,7 +215,7 @@ logfile = ${directory:log}/kedifa.log
[kedifa-reloader] [kedifa-reloader]
<= jinja2-template-base <= jinja2-template-base
template = {{ parameter_dict['template_wrapper'] }} template = {{ software_parameter_dict['template_wrapper'] }}
rendered = ${directory:etc-run}/kedifa-reloader rendered = ${directory:etc-run}/kedifa-reloader
command = command =
kill -HUP `cat ${kedifa-config:pidfile}` kill -HUP `cat ${kedifa-config:pidfile}`
...@@ -241,7 +241,7 @@ delaycompress = ...@@ -241,7 +241,7 @@ delaycompress =
[kedifa] [kedifa]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
command-line = {{ parameter_dict['kedifa'] }} command-line = {{ software_parameter_dict['kedifa'] }}
--ip ${kedifa-config:ip} --ip ${kedifa-config:ip}
--port ${kedifa-config:port} --port ${kedifa-config:port}
--db ${kedifa-config:db} --db ${kedifa-config:db}
...@@ -268,7 +268,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -268,7 +268,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
recipe = plone.recipe.command recipe = plone.recipe.command
file = ${directory:reservation}/${:_buildout_section_name_} file = ${directory:reservation}/${:_buildout_section_name_}
command = command =
[ ! -f ${:file} ] && {{ parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file} [ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file}
update-command = ${:command} update-command = ${:command}
[{{ slave_reference }}-auth-random] [{{ slave_reference }}-auth-random]
...@@ -283,7 +283,7 @@ commands = ...@@ -283,7 +283,7 @@ commands =
recipe = plone.recipe.command recipe = plone.recipe.command
file = ${directory:reservation}/${:_buildout_section_name_} file = ${directory:reservation}/${:_buildout_section_name_}
command = command =
[ ! -f ${:file} ] && {{ parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file} [ ! -f ${:file} ] && {{ software_parameter_dict['curl'] }}/bin/curl -s -g -X POST https://[${kedifa-config:ip}]:${kedifa-config:port}/reserve-id --cert ${kedifa-config:certificate} --cacert ${kedifa-config:ca-certificate} > ${:file}.tmp && mv ${:file}.tmp ${:file}
update-command = ${:command} update-command = ${:command}
[master-auth-random] [master-auth-random]
......
[buildout] [buildout]
extends = {{ template_frontend_parameter_dict['profile_common'] }} extends = {{ software_parameter_dict['profile_common'] }}
parts = parts =
switch-softwaretype switch-softwaretype
...@@ -16,7 +16,7 @@ context = ...@@ -16,7 +16,7 @@ context =
key slapparameter_dict instance-parameter:configuration key slapparameter_dict instance-parameter:configuration
key slave_instance_list instance-parameter:slave-instance-list key slave_instance_list instance-parameter:slave-instance-list
section instance_parameter instance-parameter section instance_parameter instance-parameter
section parameter_dict dynamic-parameter-section section software_parameter_dict software-parameter-section
${:extra-context} ${:extra-context}
[switch-softwaretype] [switch-softwaretype]
...@@ -29,27 +29,27 @@ single-custom-personal = ${dynamic-profile-caddy-frontend:rendered} ...@@ -29,27 +29,27 @@ single-custom-personal = ${dynamic-profile-caddy-frontend:rendered}
replicate = ${dynamic-profile-caddy-replicate:rendered} replicate = ${dynamic-profile-caddy-replicate:rendered}
kedifa = ${dynamic-profile-kedifa:rendered} kedifa = ${dynamic-profile-kedifa:rendered}
[dynamic-parameter-section] [software-parameter-section]
{% for key,value in template_frontend_parameter_dict.iteritems() %} {% for key,value in software_parameter_dict.iteritems() %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{% endfor -%} {% endfor -%}
[dynamic-profile-caddy-frontend] [dynamic-profile-caddy-frontend]
< = jinja2-template-base < = jinja2-template-base
template = {{ template_frontend_parameter_dict['profile_caddy_frontend'] }} template = {{ software_parameter_dict['profile_caddy_frontend'] }}
filename = instance-caddy-frontend.cfg filename = instance-caddy-frontend.cfg
extensions = jinja2.ext.do extensions = jinja2.ext.do
extra-context = extra-context =
import furl_module furl import furl_module furl
raw software_type single-custom-personal raw software_type single-custom-personal
caucase-jinja2-library = {{ template_frontend_parameter_dict['caucase_jinja2_library'] }} caucase-jinja2-library = {{ software_parameter_dict['caucase_jinja2_library'] }}
import-list = import-list =
file caucase :caucase-jinja2-library file caucase :caucase-jinja2-library
[dynamic-profile-caddy-replicate] [dynamic-profile-caddy-replicate]
< = jinja2-template-base < = jinja2-template-base
depends = ${caddyprofiledeps:recipe} depends = ${caddyprofiledeps:recipe}
template = {{ template_frontend_parameter_dict['profile_caddy_replicate'] }} template = {{ software_parameter_dict['profile_caddy_replicate'] }}
filename = instance-caddy-replicate.cfg filename = instance-caddy-replicate.cfg
extensions = jinja2.ext.do extensions = jinja2.ext.do
extra-context = extra-context =
...@@ -59,18 +59,18 @@ extra-context = ...@@ -59,18 +59,18 @@ extra-context =
key cluster_identification instance-parameter:root-instance-title key cluster_identification instance-parameter:root-instance-title
# Must match the key id in [switch-softwaretype] which uses this section. # Must match the key id in [switch-softwaretype] which uses this section.
raw software_type RootSoftwareInstance-default-custom-personal-replicate raw software_type RootSoftwareInstance-default-custom-personal-replicate
caucase-jinja2-library = {{ template_frontend_parameter_dict['caucase_jinja2_library'] }} caucase-jinja2-library = {{ software_parameter_dict['caucase_jinja2_library'] }}
import-list = import-list =
file caucase :caucase-jinja2-library file caucase :caucase-jinja2-library
[dynamic-profile-kedifa] [dynamic-profile-kedifa]
< = jinja2-template-base < = jinja2-template-base
template = {{ template_frontend_parameter_dict['profile_kedifa'] }} template = {{ software_parameter_dict['profile_kedifa'] }}
filename = instance-kedifa.cfg filename = instance-kedifa.cfg
extensions = jinja2.ext.do extensions = jinja2.ext.do
extra-context = extra-context =
raw software_type kedifa raw software_type kedifa
caucase-jinja2-library = {{ template_frontend_parameter_dict['caucase_jinja2_library'] }} caucase-jinja2-library = {{ software_parameter_dict['caucase_jinja2_library'] }}
import-list = import-list =
file caucase :caucase-jinja2-library file caucase :caucase-jinja2-library
......
...@@ -82,7 +82,7 @@ context = ...@@ -82,7 +82,7 @@ context =
key develop_eggs_directory buildout:develop-eggs-directory key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory key eggs_directory buildout:eggs-directory
[template-frontend-parameter-section] [software-parameter-section]
# libraries # libraries
caucase_jinja2_library = ${caucase-jinja2-library:target} caucase_jinja2_library = ${caucase-jinja2-library:target}
...@@ -148,7 +148,7 @@ template = ${:_profile_base_location_}/instance.cfg.in ...@@ -148,7 +148,7 @@ template = ${:_profile_base_location_}/instance.cfg.in
rendered = ${buildout:directory}/template.cfg rendered = ${buildout:directory}/template.cfg
mode = 0644 mode = 0644
context = context =
section template_frontend_parameter_dict template-frontend-parameter-section section software_parameter_dict software-parameter-section
[profile-caddy-frontend] [profile-caddy-frontend]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment