- 04 Nov, 2020 1 commit
-
-
Jérome Perrin authored
Revert f8f72a17 ([erp5] don't use caucase generated certificate for now, 2019-03-12) since nothing prevents us drom using caucase certificate now. Use [managed resources](slapos.core!259) to simplify existing tests and introduce tests for: ## Access Log - [x] balancer partition should produce logs in apache "combined" log format with microsecond timing of requests. - [x] these logs should be rotated daily - [x] an [apachedex](https://lab.nexedi.com/nexedi/apachedex) report is ran on these logs daily. ## Balancing - [x] requests are balanced to multiple backends using round-robin algorithm - [x] if backend is down it is excluded - [x] a "sticky cookie" is used so that clients are associated to the same backend - [x] the cookie is set by balancer - [x] when client comes with a cookie it "sticks" on the associated backend - [x] if "sticked" backend is down, another backend will be used ## Content-Encoding - [x] balancer encodes responses in gzip for some configured content types. ## HTTP - [x] Server uses HTTP/1.1 or more and keep connection with clients ## TLS (server certificate) In this MR we also change apache to use a caucase managed certificate and add test coverage for: - [x] balancer listen on https with a certificate that can be verified using the CA from caucase. - [x] balancer uses the new certificate when its own certificate is renewed. But we don't add support for: - ~~balancer can be instantiated with a certificate and key passed as SlapOS request parameters (code [here](https://lab.nexedi.com/nexedi/slapos/blob/757c1a4ddee93659d5e2649e4252d87bf9494566/stack/erp5/instance-balancer.cfg.in#L208-213))~~ this use case is the job of caucase, so we no longer support this. ## TLS (client certificate) - [x] balancer verifies frontend certificates from frontend caucases ( also tested in "Forwarded-For" section ) - [x] if frontend provided a verified certificate, balancer set `remote-user` header - [x] balancer updates CRL from caucases ( `caucase-updater-housekeeper` ) - (NOT TESTED) balancer updates CA certificate from caucase ( `caucase-updater-housekeeper` ). Since this is would be complex to test and basic functionality of `caucase-updater-housekeeper` for frontend caucases is covered by CRL test, we don't test this for simplicity. ## "Forwarded-For" header This was also covered by existing tests: - [x] balancer set `X-Forwarded-For` header when frontend certificate can be verified - [x] balancer strips existing `X-Forwarded-For` ## Integration with the rest of ERP5 software release This was also covered by existing tests: - [x] The https URL of each Zope family is published and replies properly - [x] Some https URLs are generated for `runUnitTest`, so that test run with an https certificate. This is also covered by regular ERP5 functional tests. See merge request !840
-
- 02 Nov, 2020 4 commits
-
-
Léo-Paul Géneau authored
-
Léo-Paul Géneau authored
-
Thomas Gambier authored
See merge request nexedi/slapos!839
-
- 30 Oct, 2020 1 commit
-
-
Łukasz Nowak authored
-
- 29 Oct, 2020 5 commits
-
-
Xavier Thompson authored
Future Cython+ work will use it.
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
Fix for #20200514-218C705 - \[testnode\] frontend for log access Depends on nexedi/erp5!1304 See merge request nexedi/slapos!848
-
- 28 Oct, 2020 3 commits
-
-
Julien Muchembled authored
This fixes the nextcloud SR, which was broken by commit 92779bf4 (mariadb is not a part anymore).
-
Julien Muchembled authored
This fixes commit a62e5e7b. See also commit 491e6e28.
-
Jérome Perrin authored
And set it as log_frontend_url in testnode config
-
- 27 Oct, 2020 12 commits
-
-
Julien Muchembled authored
Just add the following 2 lines in a SR: [mariadb] location = ${mariadb-10.4:location}
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
It does not build with GCC 8.2
-
Kirill Smelkov authored
Going Go1.14.9 -> Go1.14.10 brings in compiler and runtime fixes including fix for crash in garbage-collector due to race condition: https://github.com/golang/go/issues/40642 https://github.com/golang/go/issues/40641 Tested on helloworld SR.
-
Łukasz Nowak authored
See merge request nexedi/slapos!844
-
Łukasz Nowak authored
validators.url is enough, even for Caddy, to check that URL is correct, and caddy_backend_url_validator was introduced before validators. Also calling an external command for each slave takes a lot of time.
-
Łukasz Nowak authored
Thanks to this other sections can directly reference them, and so they are correctly created as needed, so linking section does not need update-command
-
Łukasz Nowak authored
The password is anyway present in the section itself, so it's eventual change will result with reinstalling the section.
-
Jérome Perrin authored
Also change a bit existing frontend_url to manage it the same way.
-
Jérome Perrin authored
This way buildout can reuse egg caches and it's a bit faster: To run a simple instance buildout, from 2.837s it goes down to 1.875s. To run slapos node instance 10 times just after requesting an ERP5 instance, it goes from ~112s to 98s before: hyperfine "/srv/slapgrid/slappart4/srv/slapos/inst/slappart0/tmp/shared/python2.7/60364a13cc977dd5a894e0239ac889b9/bin/python2.7 /srv/slapgrid/slappart4/srv/slapos/inst/slappart0/tmp/soft/c63ba7265399450b28f9ea6d5667a5e7/bin/buildout -U" Benchmark #1: /srv/slapgrid/slappart4/srv/slapos/inst/slappart0/tmp/shared/python2.7/60364a13cc977dd5a894e0239ac889b9/bin/python2.7 /srv/slapgrid/slappart4/srv/slapos/inst/slappart0/tmp/soft/c63ba7265399450b28f9ea6d5667a5e7/bin/buildout -U Time (mean ± σ): 2.837 s ± 0.275 s [User: 2.481 s, System: 0.285 s] Range (min … max): 2.482 s … 3.222 s 10 runs after: hyperfine "/srv/slapgrid/slappart4/srv/slapos/inst/slappart0/tmp/shared/python2.7/60364a13cc977dd5a894e0239ac889b9/bin/python2.7 /srv/slapgrid/slappart4/srv/slapos/inst/slappart0/tmp/soft/c63ba7265399450b28f9ea6d5667a5e7/bin/buildout -U" Benchmark #1: /srv/slapgrid/slappart4/srv/slapos/inst/slappart0/tmp/shared/python2.7/60364a13cc977dd5a894e0239ac889b9/bin/python2.7 /srv/slapgrid/slappart4/srv/slapos/inst/slappart0/tmp/soft/c63ba7265399450b28f9ea6d5667a5e7/bin/buildout -U Time (mean ± σ): 1.875 s ± 0.067 s [User: 1.660 s, System: 0.148 s] Range (min … max): 1.816 s … 2.038 s 10 runs
-
- 26 Oct, 2020 4 commits
-
-
Julien Muchembled authored
See merge request nexedi/slapos!846
-
Léo-Paul Géneau authored
Changes configuration files to run repman tests in python3.
-
Léo-Paul Géneau authored
Adds the newly added to nexedi's repositories rubygemsrecipe (https://lab.nexedi.com/nexedi/rubygemsrecipe) to the list of tested eggs.
-
Julien Muchembled authored
This also fixes rpath of rust binaries.
-
- 23 Oct, 2020 10 commits
-
-
Léo-Paul Géneau authored
See merge request nexedi/slapos!845
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
Since 0.9.6 caucase stopped using the 128bits OID arc that caddy/golang does not support, so nothing prevents us from using a caucase certiciate now.
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-