Merge remote-tracking branch 'upstream/master' into zope4py2

bec3a84c · Jérome Perrin · de063483 · 238008f6 · bec3a84c · bec3a84c
Commit bec3a84c authored Nov 07, 2022 by Jérome Perrin
9 changed files
--- a/component/libxml2/buildout.cfg
+++ b/component/libxml2/buildout.cfg
@@ -12,8 +12,8 @@ parts =
 [libxml2]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.14.tar.xz
-md5sum = b7b3029ac6beb32a7925225515f83ca3
+url = https://download.gnome.org/sources/libxml2/2.10/libxml2-2.10.3.tar.xz
+md5sum = f9edac7fac232b3657a003fd9a5bbe42
 configure-options =
  --disable-static
  --without-python

--- a/component/libxslt/buildout.cfg
+++ b/component/libxslt/buildout.cfg
@@ -7,8 +7,8 @@ parts =
  libxslt

 [libxslt]
-url = https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.tar.xz
-md5sum = 5b3a634b77effd8a6268c21173575053
+url = https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.37.tar.xz
+md5sum = 84e86fc8a1b7495674016e05e4c5da44
 recipe = slapos.recipe.cmmi
 shared = true
 # --disable-static is temporarilly removed due to build error

--- a/component/python-xmlsec/buildout.cfg
+++ b/component/python-xmlsec/buildout.cfg
+# Python bindings for the XML Security Library.
+# https://xmlsec.readthedocs.io/
+
+[buildout]
+extends =
+  ../lxml-python/buildout.cfg
+  ../xmlsec/buildout.cfg
+
+
+[python-xmlsec]
+recipe = zc.recipe.egg:custom
+egg = xmlsec
+rpath =
+  ${libxml2:location}/lib/
+  ${libxslt:location}/lib/
+  ${openssl:location}/lib/
+  ${xmlsec:location}/lib/
+  ${zlib:location}/lib/
+setup-eggs =
+  ${lxml-python:egg}
+  pkgconfig
+  pathlib2
+  setuptools-scm
+  toml
+environment = python-xmlsec-env
+
+[python-xmlsec-env]
+PKG_CONFIG=${pkgconfig:location}/bin/pkg-config
+PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${libxslt:location}/lib/pkgconfig:${xmlsec:location}/lib/pkgconfig
+
+
+[versions]
+xmlsec = 1.3.13
+setuptools-scm = 7.0.5
+toml = 0.10.2
+
+[versions:python2]
+xmlsec = 1.3.9
+setuptools-scm = 5.0.2
--- a/component/xmlsec/buildout.cfg
+++ b/component/xmlsec/buildout.cfg
+# XML Security Library
+# https://www.aleksey.com/xmlsec/
+
+[buildout]
+extends =
+  ../libxml2/buildout.cfg
+  ../libxslt/buildout.cfg
+  ../openssl/buildout.cfg
+  ../pkgconfig/buildout.cfg
+
+[xmlsec]
+recipe = slapos.recipe.cmmi
+url = https://www.aleksey.com/xmlsec/download/xmlsec1-1.2.34.tar.gz
+md5sum = 87b0074e7ae535e061acf8ef64dada1b
+shared = true
+configure-options =
+  --disable-crypto-dl
+environment =
+  PATH=${pkgconfig:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${libxslt:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig
+  LDFLAGS=-Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${zlib:location}/lib
+
+[xmlsec:python2]
+# Newer versions are not compatible with python2 version of python-xmlsec
+url = https://www.aleksey.com/xmlsec/download/xmlsec1-1.2.30.tar.gz
+md5sum = b66ec21e0a0ac331afb4b1bc5c9ef966
--- a/software/caddy-frontend/README.caddy_frontend.rst
+++ b/software/caddy-frontend/README.caddy_frontend.rst
@@ -233,6 +233,8 @@ Please be aware that the `health-check-timeout` is really short by default, so i

 Thanks to using health-check it's possible to configure failover system. By providing `health-check-failover-url` or `health-check-failover-https-url` some special backend can be used to reply in case if original backend replies with error (codes like `5xx`). As a note one can setup this failover URL like `https://failover.example.com/?p=` so that the path from the incoming request will be passed as parameter. Additionally authentication to failover URL is supported with `health-check-authenticate-to-failover-backend` and SSL Proxy verification with `health-check-failover-ssl-proxy-verify` and `health-check-failover-ssl-proxy-ca-crt`.

+**Note**: It's important to correctly configure failover URL response, especially in case if it's expected to use `stale-if-error` simulation available while `enable_cache` is used. In order to serve pages from cache the failover URL have to return error HTTP code (like 503 SERVICE_UNAVAILABLE), so that in such case cached page will have precedence over the reply from failover URL.
+
 Examples
 ========


--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
--- a/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test00cluster_request_instance_parameter_dict.txt
@@ -61,6 +61,7 @@
        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
      },
      {
+        "enable_cache": true,
        "health-check": true,
        "health-check-failover-https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=",
        "health-check-failover-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=",
@@ -183,6 +184,7 @@
          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
        },
        {
+          "enable_cache": true,
          "health-check": true,
          "health-check-failover-https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=",
          "health-check-failover-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=",
@@ -279,7 +281,7 @@
      "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
-      "extra_slave_instance_list": "[{\"health-check\": true, \"health-check-http-method\": \"CONNECT\", \"slave_reference\": \"_health-check-connect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-fall\": \"7\", \"health-check-http-method\": \"POST\", \"health-check-http-path\": \"/POST-path to be encoded\", \"health-check-http-version\": \"HTTP/1.0\", \"health-check-interval\": \"15\", \"health-check-rise\": \"3\", \"health-check-timeout\": \"7\", \"slave_reference\": \"_health-check-custom\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"slave_reference\": \"_health-check-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_health-check-disabled\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-authenticate-to-failover-backend\": true, \"health-check-failover-https-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url-auth-to-backend\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-auth-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-failover-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@test_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-missing\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-missing\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@another_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-unverified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-unverified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "extra_slave_instance_list": "[{\"health-check\": true, \"health-check-http-method\": \"CONNECT\", \"slave_reference\": \"_health-check-connect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-fall\": \"7\", \"health-check-http-method\": \"POST\", \"health-check-http-path\": \"/POST-path to be encoded\", \"health-check-http-version\": \"HTTP/1.0\", \"health-check-interval\": \"15\", \"health-check-rise\": \"3\", \"health-check-timeout\": \"7\", \"slave_reference\": \"_health-check-custom\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"slave_reference\": \"_health-check-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_health-check-disabled\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-authenticate-to-failover-backend\": true, \"health-check-failover-https-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url-auth-to-backend\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-auth-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-failover-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@test_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-missing\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-missing\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@another_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-unverified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-unverified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/stack/caucase/buildout.cfg
+++ b/stack/caucase/buildout.cfg
@@ -35,7 +35,7 @@ url = ${:_profile_base_location_}/${:filename}
 depends = ${caucase-jinja2-library-eggs:eggs}

 [versions]
-caucase = 0.9.12
+caucase = 0.9.14
 pem = 21.1.0
 PyJWT = 2.4.0


--- a/stack/erp5/buildout.cfg
+++ b/stack/erp5/buildout.cfg
@@ -63,6 +63,7 @@ extends =
  ../../component/pygolang/buildout.cfg
  ../../component/bcrypt/buildout.cfg
  ../../component/python-pynacl/buildout.cfg
+  ../../component/python-xmlsec/buildout.cfg
  ../../stack/caucase/buildout.cfg
  ../../software/neoppod/software-common.cfg
 # keep neoppod extends last
@@ -460,6 +461,7 @@ eggs = ${neoppod:eggs}
  ${pandas:egg}
  ${pillow-python:egg}
  ${python-ldap-python:egg}
+  ${python-xmlsec:egg}
  ${pysvn-python:egg}
  ${pycrypto-python:egg}
  ${scipy:egg}