Commit d294ba6b authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

Update Release Candidate

parents 804396fa c965227f
...@@ -23,14 +23,14 @@ ...@@ -23,14 +23,14 @@
# # The path given to "SSLSessionCache shmcb:<folder_path>(512000)" # # The path given to "SSLSessionCache shmcb:<folder_path>(512000)"
# "ssl-session-cache": "<folder_path>", # "ssl-session-cache": "<folder_path>",
# #
# # The path given to "SSLCACertificateFile" (can be empty) # # The path given to "SSLCACertificatePath" (can be empty)
# # If this value is not empty, it enables client certificate check. # # If this value is not empty, it enables client certificate check.
# # (Enabling "SSLVerifyClient require") # # (Enabling "SSLVerifyClient require")
# "ca-cert": "<file_path>", # "ca-cert-dir": "<directory_path>",
# #
# # The path given to "SSLCARevocationFile" (used if ca-cert is not # # The path given to "SSLCARevocationPath" (used if ca-cert-dir is not
# # empty) # # empty)
# "crl": "<file_path>", # "crl-dir": "<directory_path>",
# #
# # The path given to "ErrorLog" # # The path given to "ErrorLog"
# "error-log": "<file_path>", # "error-log": "<file_path>",
...@@ -69,7 +69,7 @@ ...@@ -69,7 +69,7 @@
# From to `backend-list`: # From to `backend-list`:
# - 0.0.0.0:8000 redirecting internaly to http://10.0.0.10:8001 and # - 0.0.0.0:8000 redirecting internaly to http://10.0.0.10:8001 and
# - [::1]:8000 redirecting internaly to http://10.0.0.10:8001 # - [::1]:8000 redirecting internaly to http://10.0.0.10:8001
# only accepting requests from clients who provide a valid SSL certificate trusted in `ca-cert`. # only accepting requests from clients who provide a valid SSL certificate trusted in `ca-cert-dir`.
# - 0.0.0.0:8002 redirecting internaly to http://10.0.0.10:8003 # - 0.0.0.0:8002 redirecting internaly to http://10.0.0.10:8003
# - [::1]:8002 redirecting internaly to http://10.0.0.10:8003 # - [::1]:8002 redirecting internaly to http://10.0.0.10:8003
# accepting requests from any client. # accepting requests from any client.
...@@ -83,6 +83,8 @@ ...@@ -83,6 +83,8 @@
# For more details, refer to # For more details, refer to
# https://docs.zope.org/zope2/zope2book/VirtualHosting.html#using-virtualhostroot-and-virtualhostbase-together # https://docs.zope.org/zope2/zope2book/VirtualHosting.html#using-virtualhostroot-and-virtualhostbase-together
-#} -#}
{% set ca_cert_dir = parameter_dict.get('ca-cert-dir') -%}
{% set crl_dir = parameter_dict.get('crl-dir') -%}
LoadModule unixd_module modules/mod_unixd.so LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_core_module modules/mod_authz_core.so
...@@ -133,15 +135,17 @@ SSLProxyEngine On ...@@ -133,15 +135,17 @@ SSLProxyEngine On
# As backend is trusting Remote-User header unset it always # As backend is trusting Remote-User header unset it always
RequestHeader unset Remote-User RequestHeader unset Remote-User
{% if parameter_dict['ca-cert'] -%} # Drop incoming X-Forwarded-For without valid client authentication
RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
{% if ca_cert_dir -%}
SSLVerifyClient optional SSLVerifyClient optional
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
SSLCACertificateFile {{ parameter_dict['ca-cert'] }} SSLCACertificatePath {{ ca_cert_dir }}
{% if parameter_dict['crl'] -%} {% if crl_dir -%}
SSLCARevocationCheck chain SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }} SSLCARevocationPath {{ crl_dir }}
{%- endif %} {% endif -%}
{%- endif %} {% endif -%}
ErrorLog "{{ parameter_dict['error-log'] }}" ErrorLog "{{ parameter_dict['error-log'] }}"
# Default apache log format with request time in microsecond at the end # Default apache log format with request time in microsecond at the end
...@@ -161,11 +165,9 @@ Listen {{ ip }}:{{ port }} ...@@ -161,11 +165,9 @@ Listen {{ ip }}:{{ port }}
{% endfor -%} {% endfor -%}
<VirtualHost *:{{ port }}> <VirtualHost *:{{ port }}>
SSLEngine on SSLEngine on
{% if enable_authentication and parameter_dict['ca-cert'] and parameter_dict['crl'] -%} {% if enable_authentication -%}
{{ assert(ca_cert_dir) -}}
SSLVerifyClient require SSLVerifyClient require
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }}
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
...@@ -183,11 +185,9 @@ Listen {{ ip }}:{{ port }} ...@@ -183,11 +185,9 @@ Listen {{ ip }}:{{ port }}
<VirtualHost {{ ip }}:{{ port }}> <VirtualHost {{ ip }}:{{ port }}>
SSLEngine on SSLEngine on
Timeout 3600 Timeout 3600
{% if enable_authentication and parameter_dict['ca-cert'] and parameter_dict['crl'] -%} {% if enable_authentication -%}
{{ assert(ca_cert_dir) -}}
SSLVerifyClient require SSLVerifyClient require
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }}
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
......
...@@ -14,5 +14,5 @@ ...@@ -14,5 +14,5 @@
# not need these here). # not need these here).
[template-apache-backend-conf] [template-apache-backend-conf]
filename = apache-backend.conf.in filename = apache-backend.conf.in
md5sum = bb8c175a93336f0e1838fd47225426f9 md5sum = ace264843228af84d025797f520ce70f
...@@ -13,14 +13,15 @@ parts = haproxy ...@@ -13,14 +13,15 @@ parts = haproxy
[haproxy] [haproxy]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://www.haproxy.org/download/1.8/src/haproxy-1.8.25.tar.gz url = http://www.haproxy.org/download/2.0/src/haproxy-2.0.15.tar.gz
md5sum = ef2164ca3b1ea9011aa271a8cbe030a4 md5sum = 59f892991476f08e2d16ac460c502f61
configure-command = true configure-command = true
# If the system is running on Linux 2.6, we use "linux26" as the TARGET, # for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET,
# otherwise use "generic". # otherwise use "generic".
# For ARCH value, x86_64 and i[3456]86 are supported. # For ARCH value, x86_64 and i[3456]86 are supported.
make-options = make-options =
TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux2628 || echo generic)" TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
CPU=native
ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')" ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
PREFIX=@@LOCATION@@ PREFIX=@@LOCATION@@
USE_DL=1 USE_DL=1
......
...@@ -4,5 +4,6 @@ parts = ...@@ -4,5 +4,6 @@ parts =
[libestr] [libestr]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://libestr.adiscon.com/files/download/libestr-0.1.10.tar.gz url = http://libestr.adiscon.com/files/download/libestr-0.1.11.tar.gz
md5sum = f4c9165a23587e77f7efe65d676d5e8e md5sum = 1f25a2332750d4bfacfb314235fedff0
shared = true
[buildout]
extends =
../autoconf/buildout.cfg
../automake/buildout.cfg
../pkgconfig/buildout.cfg
../m4/buildout.cfg
parts =
libfastjson
[libfastjson]
recipe = slapos.recipe.cmmi
url = https://github.com/rsyslog/libfastjson/archive/v0.99.8.tar.gz
md5sum = 730713ad1d851def7ac8898f751bbfdd
shared = true
pre-configure =
autoreconf -fvi -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal -I ${automake:location}/share/aclocal
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:%(PATH)s
M4=${m4:location}/bin/m4
# To be extended after mariadb's buildout.cfg
[mariadb]
patches +=
${:_profile_base_location_}/mdev20693.patch#34ca907d6b36ba81d75bed118243f637
From: Sergei Petrunia <psergey@askmonty.org>
Date: Tue, 1 Oct 2019 15:29:38 -0700
Subject: [PATCH] #1052: ha_rocksdb::records_in_range() vastly overestimates
#rows (#1053)
Summary:
In ha_rocksdb::records_in_range, Do not adjust the key value. See
issue comments for justification.
The optimizer_loose_index_scans test was hitting this. The testcase
there has a key(b,d) and queries with WHERE b=... and d>=98 (the latter
condition not matching any rows in the table).
Pull Request resolved: https://github.com/facebook/mysql-5.6/pull/1053
Upstream commit 2b1e7918066a967b3a48fe486e5687d786aee052.
diff -ur a/storage/rocksdb/ha_rocksdb.cc b/storage/rocksdb/ha_rocksdb.cc
--- a/storage/rocksdb/ha_rocksdb.cc 2020-05-09 21:28:02.000000000 +0200
+++ b/storage/rocksdb/ha_rocksdb.cc 2020-06-24 21:14:13.090911121 +0200
@@ -11941,11 +11941,6 @@
max_key->flag == HA_READ_AFTER_KEY) {
kd.successor(m_sk_packed_tuple_old, size2);
}
- // pad the upper key with FFFFs to make sure it is more than the lower
- if (size1 > size2) {
- memset(m_sk_packed_tuple_old + size2, 0xff, size1 - size2);
- size2 = size1;
- }
} else {
kd.get_supremum_key(m_sk_packed_tuple_old, &size2);
}
@@ -11953,8 +11948,11 @@
const rocksdb::Slice slice1((const char *)m_sk_packed_tuple, size1);
const rocksdb::Slice slice2((const char *)m_sk_packed_tuple_old, size2);
- // slice1 >= slice2 means no row will match
+ // It's possible to get slice1 == slice2 for a non-inclusive range with the
+ // right bound being successor() of the left one, e.g. "t.key>10 AND t.key<11"
if (slice1.compare(slice2) >= 0) {
+ // It's not possible to get slice2 > slice1
+ DBUG_ASSERT(slice1.compare(slice2) == 0);
DBUG_RETURN(HA_EXIT_SUCCESS);
}
diff -ur a/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result b/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result
--- a/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result 2020-05-09 21:28:02.000000000 +0200
+++ b/storage/rocksdb/mysql-test/rocksdb/r/optimizer_loose_index_scans.result 2020-06-24 21:14:13.082911030 +0200
@@ -126,9 +126,9 @@
set optimizer_switch = 'skip_scan=off';
explain select a, b, c, d from t where a in (1, 5) and b in (1, 2) and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
-1 SIMPLE t range PRIMARY,b PRIMARY 8 NULL # Using where; Using index
+1 SIMPLE t range PRIMARY,b b 12 NULL # Using where; Using index
rows_read
-200
+0
set optimizer_switch = 'skip_scan=on,skip_scan_cost_based=off';
explain select a, b, c, d from t where a in (1, 5) and b in (1, 2) and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
@@ -140,9 +140,9 @@
set optimizer_switch = 'skip_scan=off';
explain select a, b, c, d from t where a in (1, 2, 3, 4, 5) and b in (1, 2, 3) and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
-1 SIMPLE t range PRIMARY,b PRIMARY 8 NULL # Using where; Using index
+1 SIMPLE t range PRIMARY,b b 12 NULL # Using where; Using index
rows_read
-750
+0
set optimizer_switch = 'skip_scan=on,skip_scan_cost_based=off';
explain select a, b, c, d from t where a in (1, 2, 3, 4, 5) and b in (1, 2, 3) and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
@@ -154,9 +154,9 @@
set optimizer_switch = 'skip_scan=off';
explain select a, b, c, d from t where a = 5 and b = 2 and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
-1 SIMPLE t ref PRIMARY,b PRIMARY 8 const,const # Using where; Using index
+1 SIMPLE t range PRIMARY,b b 12 NULL # Using where; Using index
rows_read
-50
+0
set optimizer_switch = 'skip_scan=on,skip_scan_cost_based=off';
explain select a, b, c, d from t where a = 5 and b = 2 and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
@@ -271,7 +271,7 @@
1
explain select a, b, c, d from t where (a < 1 or a = 4 or a = 5) and b in (1, 2, 3) and d >= 98;
id select_type table type possible_keys key key_len ref rows Extra
-1 SIMPLE t range PRIMARY,b PRIMARY 8 NULL # Using where; Using index
+1 SIMPLE t range PRIMARY,b b 8 NULL # Using where; Using index
select count(*) from information_schema.optimizer_trace where trace like '%prefix_not_const_equality%';
count(*)
1
diff -ur a/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result b/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result
--- a/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result 2020-05-09 21:28:02.000000000 +0200
+++ b/storage/rocksdb/mysql-test/rocksdb/r/rocksdb_range2.result 2020-06-24 21:14:13.082911030 +0200
@@ -27,3 +27,42 @@
date
2018-10-05
drop table t1;
+#
+# Issue #1052: ha_rocksdb::records_in_range() vastly overestimates the number of rows in certain ranges
+#
+CREATE TABLE t1 (
+part_id smallint(5) unsigned NOT NULL,
+oid bigint(20) unsigned NOT NULL,
+tid bigint(20) unsigned NOT NULL,
+filler char(32),
+KEY tid (part_id,tid,oid)
+) ENGINE=ROCKSDB;
+create table t2(a int primary key);
+insert into t2 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
+create table t3(a int primary key);
+insert into t3 select A.a + B.a* 10 + C.a * 100 from t2 A, t2 B, t2 C;
+set rocksdb_max_row_locks=1000000;
+insert into t1
+select
+0,
+A.a + 1000*B.a,
+A.a + 1000*B.a,
+'filler-data'
+from t2 A, t3 B;
+insert into t1
+select
+1,
+A.a + 1000*B.a,
+A.a + 1000*B.a,
+'filler-data'
+from t2 A, t3 B;
+set global rocksdb_force_flush_memtable_now=1;
+explain select * from t1 where part_id=0 and tid>100000000;
+id select_type table type possible_keys key key_len ref rows Extra
+1 SIMPLE t1 range tid tid 10 NULL # Using index condition
+# We can't check "rows" in EXPLAIN output directly as that value tends
+# to change a bit. Instead, check that the value is sufficiently low
+select @a < 10 as "MUST BE 1";
+MUST BE 1
+1
+drop table t2,t3,t1;
diff -ur a/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test b/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test
--- a/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test 2020-05-09 21:28:02.000000000 +0200
+++ b/storage/rocksdb/mysql-test/rocksdb/t/rocksdb_range2.test 2020-06-24 21:14:13.082911030 +0200
@@ -31,3 +31,63 @@
select * from t1 where date < '2018-10-09' order by date desc limit 1;
drop table t1;
+
+--echo #
+--echo # Issue #1052: ha_rocksdb::records_in_range() vastly overestimates the number of rows in certain ranges
+--echo #
+
+CREATE TABLE t1 (
+ part_id smallint(5) unsigned NOT NULL,
+ oid bigint(20) unsigned NOT NULL,
+ tid bigint(20) unsigned NOT NULL,
+ filler char(32),
+ KEY tid (part_id,tid,oid)
+) ENGINE=ROCKSDB;
+
+create table t2(a int primary key);
+insert into t2 values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);
+
+create table t3(a int primary key);
+insert into t3 select A.a + B.a* 10 + C.a * 100 from t2 A, t2 B, t2 C;
+
+set rocksdb_max_row_locks=1000000;
+insert into t1
+select
+ 0,
+ A.a + 1000*B.a,
+ A.a + 1000*B.a,
+ 'filler-data'
+from t2 A, t3 B;
+
+insert into t1
+select
+ 1,
+ A.a + 1000*B.a,
+ A.a + 1000*B.a,
+ 'filler-data'
+from t2 A, t3 B;
+set global rocksdb_force_flush_memtable_now=1;
+
+--replace_column 9 #
+explain select * from t1 where part_id=0 and tid>100000000;
+
+--echo # We can't check "rows" in EXPLAIN output directly as that value tends
+--echo # to change a bit. Instead, check that the value is sufficiently low
+
+let $explain=`explain select * from t1 where part_id=0 and tid>100000000`;
+--disable_query_log
+eval set @a= '$explain';
+set @a=(select substr(@a, 1+locate('\t', @a))); # id
+set @a=(select substr(@a, 1+locate('\t', @a))); # select_type
+set @a=(select substr(@a, 1+locate('\t', @a))); # table
+set @a=(select substr(@a, 1+locate('\t', @a))); # type
+set @a=(select substr(@a, 1+locate('\t', @a))); # possible_keys
+set @a=(select substr(@a, 1+locate('\t', @a))); # key
+set @a=(select substr(@a, 1+locate('\t', @a))); # key_len
+set @a=(select substr(@a, 1+locate('\t', @a))); # ref
+# ok now at rows
+set @a=(select substr(@a, 1, locate('\t', @a)-1)); # rows
+--enable_query_log
+
+select @a < 10 as "MUST BE 1";
+drop table t2,t3,t1;
...@@ -2,33 +2,42 @@ ...@@ -2,33 +2,42 @@
extends = extends =
../autoconf/buildout.cfg ../autoconf/buildout.cfg
../automake/buildout.cfg ../automake/buildout.cfg
../bison/buildout.cfg
../flex/buildout.cfg
../git/buildout.cfg
../boost-lib/buildout.cfg ../boost-lib/buildout.cfg
../libtool/buildout.cfg ../libtool/buildout.cfg
../make/buildout.cfg ../make/buildout.cfg
../mariadb/buildout.cfg ../openssl/buildout.cfg
../pkgconfig/buildout.cfg ../pkgconfig/buildout.cfg
../ragel/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
# For geoip backend
# https://doc.powerdns.com/authoritative/backends/geoip.html
../geoip2/buildout.cfg
../yaml-cpp/buildout.cfg
parts = parts =
powerdns powerdns
[powerdns] [powerdns]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://downloads.powerdns.com/releases/pdns-3.3.1.tar.gz url = http://downloads.powerdns.com/releases/pdns-4.2.1.tar.bz2
md5sum = 074e2ff211fd12ecad25b5c1cc190dd4 md5sum = b5f3998a3bc438b905c72c0473408839
configure-options = configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_} --prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-boost=${boost-lib:location} --with-boost=${boost-lib:location}
--with-modules="geo" --with-libcrypto=${openssl:location}
--with-modules="geoip"
--with-dynmodules="" --with-dynmodules=""
--without-lua --without-lua
--disable-lua-records
pkg_config_depends = ${yaml-cpp:location}/lib/pkgconfig
environment = environment =
PATH=${make:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:${bison:location}/bin:${flex:location}/bin:${git:location}/bin:${ragel:location}/bin:%(PATH)s PATH=${autoconf:location}/bin:${automake:location}/bin:${libmaxminddb:location}/bin:${libtool:location}/bin:${make:location}/bin:${pkgconfig:location}/bin:%(PATH)s
LDFLAGS=-L${boost-lib:location}/lib -Wl,-rpath=${boost-lib:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -lz LDFLAGS=-L${boost-lib:location}/lib -Wl,-rpath=${boost-lib:location}/lib -L${libmaxminddb:location}/lib -Wl,-rpath=${libmaxminddb:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${yaml-cpp:location}/lib -Wl,-rpath=${yaml-cpp:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
CPPFLAGS=-I${boost-lib:location}/include CPPFLAGS=-I${boost-lib:location}/include -I${libmaxminddb:location}/include -I${yaml-cpp:location}/include
PKG_CONFIG_PATH=${:pkg_config_depends}
# XXX: Override the default value "-Llib -lyaml-cpp"; "-Llib" is a problem
YAML_LIBS = -lyaml-cpp
make-options =
LIBTOOL=libtool
make-target = make-target =
install install
[buildout]
extends =
../bzip2/buildout.cfg
../gdbm/buildout.cfg
../libexpat/buildout.cfg
../libffi/buildout.cfg
../ncurses/buildout.cfg
../openssl/buildout.cfg
../pkgconfig/buildout.cfg
../sqlite3/buildout.cfg
../zlib/buildout.cfg
[pycparser-shared]
# XXX:
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/eliben/pycparser/archive/release_v2.20.tar.gz
md5sum = a5d9ea5350a8edb8239af73913ea2858
configure-command = :
make-binary =
make-targets = python setup.py install --install-lib @@LOCATION@@
[pypy2]
recipe = slapos.recipe.cmmi
shared = true
url = https://bitbucket.org/pypy/pypy/downloads/pypy2.7-v7.3.1-src.tar.bz2
md5sum = 7608bd58940ffc5403632c2c786d83bb
configure-command =
sed -i '/"_tkinter":/s/^/#/' lib_pypy/tools/build_cffi_imports.py
cat <<EOF > Makefile
PREFIX = @@LOCATION@@
export PYPY_USESSION_BASENAME=slapos
export TMPDIR=\$(realpath ..)
all: pypy/goal/pypy-c lib_pypy/tools/build_cffi_imports.py
\$^
c_src_dir:
cd pypy/goal && PYTHONPATH=${pycparser-shared:location} $${PYTHON:-python2} ../../rpython/bin/rpython --batch --source --opt=jit --shared targetpypystandalone
ln -s ../usession-\$\$PYPY_USESSION_BASENAME-\$\$USER/testing_1 \$@
pypy/goal/pypy-c: c_src_dir
\$(MAKE) -C \$<
mv \$</libpypy-c.so \$</pypy-c pypy/goal
touch \$@
install:
mkdir -p \$(PREFIX)/bin \$(PREFIX)/include
find lib_pypy lib-python/2.7 -type d '(' '(' -name __pycache__ -o -name _tkinter -o -name test -o -name tests ')' -prune -o -print ')' \
|while read d; do mkdir -p \$(PREFIX)/\$\$d && find \$\$d -maxdepth 1 -type f ! -name '*.o' ! -name '*.c' |xargs -r cp -t \$(PREFIX)/\$\$d; done
d=lib-python/2.7/test && mkdir -p \$(PREFIX)/\$\$d && for x in __init__ pystone regrtest test_support; do echo \$\$d/\$\$x.py; done |xargs -r cp -t \$(PREFIX)/\$\$d
cd lib-python && cp conftest.py stdlib-version.* \$(PREFIX)/lib-python
cp -r include/pypy_*.h include/PyPy.h pypy/module/cpyext/include/* pypy/module/cpyext/parse/* \$(PREFIX)/include
cd pypy/goal && cp libpypy-c.so \$(PREFIX)/bin && cp pypy-c \$(PREFIX)/bin/pypy
environment =
C_INCLUDE_PATH=${bzip2:location}/include:${gdbm:location}/include:${libexpat:location}/include:${ncurses:location}/include:${ncurses:location}/include/ncursesw:${openssl:location}/include:${sqlite3:location}/include:${zlib:location}/include
LDFLAGS=-L${bzip2:location}/lib -L${gdbm:location}/lib -L${libexpat:location}/lib -L${libffi:location}/lib -L${ncurses:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -L${zlib:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${libffi:location}/lib/pkgconfig
...@@ -2,21 +2,25 @@ ...@@ -2,21 +2,25 @@
parts = parts =
rsyslogd rsyslogd
extends = extends =
../curl/buildout.cfg
../libestr/buildout.cfg ../libestr/buildout.cfg
../json-c/buildout.cfg ../libfastjson/buildout.cfg
../libuuid/buildout.cfg ../libuuid/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
[rsyslogd] [rsyslogd]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.12.0.tar.gz url = https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2004.0.tar.gz
md5sum = c31c2d545c8a3b8695bdf076851d1517 md5sum = 375a60ab0f461367f84f07a5dbda6de2
shared = true
configure-options = configure-options =
--disable-klog --disable-klog
--disable-libgcrypt --disable-libgcrypt
--disable-liblogging-stdlog --disable-liblogging-stdlog
--disable-libsystemd
environment = environment =
PKG_CONFIG_PATH=${libestr:location}/lib/pkgconfig:${json-c:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig PATH=${pkgconfig:location}/bin:%(PATH)s
CPPFLAGS=-I${libestr:location}/include -I${json-c:location}/include -I${libuuid:location}/include -I${zlib:location}/include PKG_CONFIG_PATH=${libestr:location}/lib/pkgconfig:${curl:location}/lib/pkgconfig:${libfastjson:location}/lib/pkgconfig:${libuuid:location}/lib/pkgconfig
LDFLAGS=-Wl,-rpath=${libestr:location}/lib -Wl,-rpath=${json-c:location}/lib -Wl,-rpath=${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib CPPFLAGS=-I${libestr:location}/include -I${curl:location}/include -I${libfastjson:location}/include -I${libuuid:location}/include -I${zlib:location}/include
LDFLAGS=-Wl,-rpath=${libestr:location}/lib -Wl,-rpath=${curl:location}/lib -Wl,-rpath=${libfastjson:location}/lib -Wl,-rpath=${libuuid:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
ZLIB_CFLAGS=-I${zlib:location}/include ZLIB_CFLAGS=-I${zlib:location}/include
...@@ -86,8 +86,12 @@ environment += ...@@ -86,8 +86,12 @@ environment +=
pre-configure = pre-configure =
sed -i 's#/opt/slapos/parts/dbus/lib/libdbus-1.la#${dbus:location}/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la sed -i 's#/opt/slapos/parts/dbus/lib/libdbus-1.la#${dbus:location}/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la
environment += environment +=
PATH=${pkgconfig:location}/bin:${python:location}/bin:%(PATH)s
LD_LIBRARY_PATH=${dbus:location}/lib LD_LIBRARY_PATH=${dbus:location}/lib
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${dbus:location}/lib -Wl,-rpath=${dbus:location}/lib LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${dbus:location}/lib -Wl,-rpath=${dbus:location}/lib
PYTHON=${python:location}/bin/python${python:version}
PYTHON_INCLUDES=-I${python:location}/include/python${python:version}
PYTHON_LIBS=-L${python:location}/lib -lpython${python:version} -lpthread -ldl -lutil -lm
post-install = post-install =
sed -i 's#${dbus:location}/lib/libdbus-1.la#/opt/slapos/parts/dbus/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la sed -i 's#${dbus:location}/lib/libdbus-1.la#/opt/slapos/parts/dbus/lib/libdbus-1.la#' ${dbus-glib:location}/lib/libdbus-glib-1.la
...@@ -110,7 +114,7 @@ make-options = ...@@ -110,7 +114,7 @@ make-options =
[gobject-introspection] [gobject-introspection]
pre-configure = pre-configure =
ln -s ${python2.7:location}/bin/python2.7 ${python2.7:location}/bin/python2. ln -s ${python:location}/bin/python${python:version} ${python:location}/bin/python2.
sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config
libtoolize -c -f libtoolize -c -f
aclocal -I${pkgconfig:location}/share/aclocal -I${gettext:location}/share/aclocal -I${libtool:location}/share/aclocal -I${glib:location}/share/aclocal aclocal -I${pkgconfig:location}/share/aclocal -I${gettext:location}/share/aclocal -I${libtool:location}/share/aclocal -I${glib:location}/share/aclocal
...@@ -120,24 +124,24 @@ configure-options += ...@@ -120,24 +124,24 @@ configure-options +=
environment += environment +=
PATH=${autoconf:location}/bin:${automake:location}/bin:${pkgconfig:location}/bin:${libtool:location}/bin:${intltool:location}/bin:${gettext:location}/bin:${glib:location}/bin:${flex:location}/bin:${bison-go:location}/bin:%(PATH)s PATH=${autoconf:location}/bin:${automake:location}/bin:${pkgconfig:location}/bin:${libtool:location}/bin:${intltool:location}/bin:${gettext:location}/bin:${glib:location}/bin:${flex:location}/bin:${bison-go:location}/bin:%(PATH)s
GIR_DIR=${buildout:parts-directory}/${:_buildout_section_name_}/share/gir-1.0 GIR_DIR=${buildout:parts-directory}/${:_buildout_section_name_}/share/gir-1.0
CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${python2.7:location}/include/python2.7 CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${python:location}/include/python${python:version}
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi -L${python2.7:location}/lib LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libffi:location}/lib -Wl,-rpath=${libffi:location}/lib -lffi -L${python:location}/lib
ACLOCAL_PATH=${pkgconfig:location}/share/aclocal:${gettext:location}/share/aclocal:${libtool:location}/share/aclocal:${glib:location}/share/aclocal:${intltool:location}/share/aclocal ACLOCAL_PATH=${pkgconfig:location}/share/aclocal:${gettext:location}/share/aclocal:${libtool:location}/share/aclocal:${glib:location}/share/aclocal:${intltool:location}/share/aclocal
M4=${m4:location}/bin/m4 M4=${m4:location}/bin/m4
PERL5LIB=${perl:location}/lib/5.28.1/ PERL5LIB=${perl:location}/lib/5.28.1/
post-install = post-install =
sed -i 's#!${python2.7:location}/bin/python2.7#!/opt/slapos/parts/python2.7/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!${python:location}/bin/python${python:version}#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#' ${python:location}/bin/python-config
rm -rf ${bison-go:location} rm -rf ${bison-go:location}
[pygobject3] [pygobject3]
pre-configure += pre-configure +=
sed -i 's#!/opt/slapos/parts/python2.7/bin/python2.7#!${python2.7:location}/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#!${python:location}/bin/python${python:version}#' ${python:location}/bin/python-config
environment += environment +=
CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${gettext:location}/include -I${libffi:location}/include -I${python2.7:location}/include/python2.7 CPPFLAGS=-I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include -I${gettext:location}/include -I${libffi:location}/include -I${python:location}/include/python${python:version}
LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${python2.7:location}/lib LDFLAGS=-L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${python:location}/lib
post-install = post-install =
sed -i 's#!${python2.7:location}/bin/python2.7#!/opt/slapos/parts/python2.7/bin/python2.7#' ${python2.7:location}/bin/python-config sed -i 's#!${python:location}/bin/python${python:version}#!/opt/slapos/parts/python${python:version}/bin/python${python:version}#' ${python:location}/bin/python-config
[ncurses] [ncurses]
configure-options = configure-options =
......
...@@ -16,7 +16,6 @@ shared = true ...@@ -16,7 +16,6 @@ shared = true
url = https://github.com/akopytov/sysbench/archive/1.0.19.tar.gz url = https://github.com/akopytov/sysbench/archive/1.0.19.tar.gz
md5sum = 2912bfe7238cac7351459019a84e2557 md5sum = 2912bfe7238cac7351459019a84e2557
pre-configure = pre-configure =
aclocal -I${pkgconfig:location}/share/aclocal -I${libtool:location}/share/aclocal -I${gettext:location}/share/aclocal
./autogen.sh ./autogen.sh
configure-options = configure-options =
--disable-static --disable-static
......
[buildout]
extends =
../cmake/buildout.cfg
parts =
yaml-cpp
[yaml-cpp]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-0.6.3.tar.gz
md5sum = b45bf1089a382e81f6b661062c10d0c2
location = @@LOCATION@@
configure-command =
mkdir build && cd build && \
${cmake:location}/bin/cmake \
-DYAML_BUILD_SHARED_LIBS=ON \
-DCMAKE_INSTALL_PREFIX=${:location} \
..
make-options = -C build
...@@ -3,10 +3,7 @@ global ...@@ -3,10 +3,7 @@ global
stats socket %(socket_path)s level admin stats socket %(socket_path)s level admin
defaults defaults
log global
mode http mode http
option httplog
option dontlognull
retries 1 retries 1
option redispatch option redispatch
maxconn 2000 maxconn 2000
...@@ -23,11 +20,11 @@ defaults ...@@ -23,11 +20,11 @@ defaults
timeout connect 5s timeout connect 5s
# As requested in haproxy doc, make this "at least equal to timeout server". # As requested in haproxy doc, make this "at least equal to timeout server".
timeout client 305s timeout client 305s
# Use "option forceclose" to not preserve client & server persistent connections # Use "option httpclose" to not preserve client & server persistent connections
# while handling every incoming request individually, dispatching them one after # while handling every incoming request individually, dispatching them one after
# another to servers, in HTTP close mode. This is really needed when haproxy # another to servers, in HTTP close mode. This is really needed when haproxy
# is configured with maxconn to 1, without this options browser are unable # is configured with maxconn to 1, without this options browser are unable
# to render a page # to render a page
option forceclose option httpclose
%(server_text)s %(server_text)s
...@@ -237,14 +237,6 @@ Will append the specified path to the "VirtualHostRoot" of the zope's VirtualHos ...@@ -237,14 +237,6 @@ Will append the specified path to the "VirtualHostRoot" of the zope's VirtualHos
"path" is an optional parameter, ignored if not specified. "path" is an optional parameter, ignored if not specified.
Example of value: "/erp5/web_site_module/hosting/" Example of value: "/erp5/web_site_module/hosting/"
caddy_custom_https
~~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
caddy_custom_http
~~~~~~~~~~~~~~~~~
Raw Caddy configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above
url url
~~~ ~~~
Necessary to activate cache. ``url`` of backend to use. Necessary to activate cache. ``url`` of backend to use.
...@@ -359,33 +351,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be:: ...@@ -359,33 +351,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
partition_parameter_kw={ partition_parameter_kw={
"url":"https://[1:2:3:4:5:6:7:8]:1234", "url":"https://[1:2:3:4:5:6:7:8]:1234",
"caddy_custom_https":'
https://www.example.com:%(https_port)s, https://example.com:%(https_port)s {
bind %(local_ipv4)s
tls %(certificate)s %(certificate)s
log / %(access_log)s {combined}
errors %(error_log)s
proxy / https://[1:2:3:4:5:6:7:8]:1234 {
transparent
timeout 600s
insecure_skip_verify
}
}
"caddy_custom_http":'
http://www.example.com:%(http_port)s, http://example.com:%(http_port)s {
bind %(local_ipv4)s
log / %(access_log)s {combined}
errors %(error_log)s
proxy / https://[1:2:3:4:5:6:7:8]:1234/ {
transparent
timeout 600s
insecure_skip_verify
}
}
Simple Cache Example - XXX - to be written Simple Cache Example - XXX - to be written
------------------------------------------ ------------------------------------------
...@@ -402,40 +367,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be:: ...@@ -402,40 +367,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
"domain": "www.example.org", "domain": "www.example.org",
"enable_cache": "True", "enable_cache": "True",
"caddy_custom_https":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLEngine on
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
RewriteRule ^/(.*) %(cache_access)s/$1 [L,P]',
"caddy_custom_http":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*) %(cache_access)s/$1 [L,P],
}
)
Advanced example - XXX - to be written Advanced example - XXX - to be written
-------------------------------------- --------------------------------------
...@@ -457,56 +388,6 @@ the proxy:: ...@@ -457,56 +388,6 @@ the proxy::
"path":"/erp5", "path":"/erp5",
"domain":"example.org", "domain":"example.org",
"caddy_custom_https":'
ServerName www.example.org
ServerAlias www.example.org
ServerAdmin example.org
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
# Use personal ssl certificates
SSLCertificateFile %(ssl_crt)s
SSLCertificateKeyFile %(ssl_key)s
SSLCACertificateFile %(ssl_ca_crt)s
SSLCertificateChainFile %(ssl_ca_crt)s
# Configure personal logs
ErrorLog "%(error_log)s"
LogLevel info
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Redirect / to /index.html
RewriteRule ^/$ /index.html [R=302,L]
# Use cache
RewriteRule ^/(.*) %(cache_access)s/VirtualHostBase/https/www.example.org:443/erp5/VirtualHostRoot/$1 [L,P]',
"caddy_custom_http":'
ServerName www.example.org
ServerAlias www.example.org
ServerAlias example.org
ServerAdmin geronimo@example.org
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
# Configure personal logs
ErrorLog "%(error_log)s"
LogLevel info
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined
# Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens
# on standard port (443).
RewriteRule ^/(.*)$ https://%%{SERVER_NAME}%%{REQUEST_URI}',
"ssl_key":"-----BEGIN RSA PRIVATE KEY----- "ssl_key":"-----BEGIN RSA PRIVATE KEY-----
XXXXXXX..........XXXXXXXXXXXXXXX XXXXXXX..........XXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----", -----END RSA PRIVATE KEY-----",
...@@ -522,20 +403,6 @@ the proxy:: ...@@ -522,20 +403,6 @@ the proxy::
} }
) )
QUIC Protocol
=============
Note: QUIC support in Caddy is really experimental. It can result with silently having problems with QUIC connections or hanging Caddy process. So in case of QUIC error ``QUIC_NETWORK_IDLE_TIMEOUT`` or ``QUIC_PEER_GOING_AWAY`` it is required to restart caddy process.
Note: Chrome will refuse to connect to QUIC on different port then HTTPS has been served. As Caddy binds to high ports, if QUIC is wanted, the browser need to connect to high port too.
Experimental QUIC available in Caddy is not configurable. If caddy is configured to bind to HTTPS port ``${port}``, QUIC is going to be advertised on this port only. It is not possible to configure another public port in case of port rewriting.
So it is required to ``DNAT`` from ``${public IP}`` of the computer to the computer partition running caddy ``${local IP}`` with configured port::
iptables -A DNAT -d ${public IP}/32 -p udp -m udp --dport ${port} -j DNAT --to-destination ${local IP}:${port}
Promises Promises
======== ========
...@@ -621,3 +488,8 @@ Each `caddy-frontend-N` partition downloads certificates from the kedifa server. ...@@ -621,3 +488,8 @@ Each `caddy-frontend-N` partition downloads certificates from the kedifa server.
Caucase (exposed by ``kedifa-caucase-url`` in master partition parameters) is used to handle certificates for authentication to kedifa server. Caucase (exposed by ``kedifa-caucase-url`` in master partition parameters) is used to handle certificates for authentication to kedifa server.
If ``automatic-internal-kedifa-caucase-csr`` is enabled (by default it is) there are scripts running on master partition to simulate human to sign certificates for each caddy-frontend-N node. If ``automatic-internal-kedifa-caucase-csr`` is enabled (by default it is) there are scripts running on master partition to simulate human to sign certificates for each caddy-frontend-N node.
Support for X-Real-Ip and X-Forwarded-For
-----------------------------------------
X-Forwarded-For and X-Real-Ip are transmitted to the backend, but only for IPv4 access to the frontend. In case of IPv6 access, the provided IP will be wrong, because of using 6tunnel.
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 816bc8179cf4195a35e07f22c36679fa md5sum = 20f7a925e686949092823595c79a0523
[template-common] [template-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,26 +22,22 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b ...@@ -22,26 +22,22 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 60aefa15002b04665a95a6c197eac5ab md5sum = 0851faa528eb4f21330a6f23f77dea7f
[template-caddy-replicate] [template-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = 087bd9404cd120bd7602a9fbfcddc064 md5sum = a544bf7586f5945bbf108abe9818c7dd
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = d96fea7dd4d7f0a157c86d25a263d8e1 md5sum = 9da1616d203e4909af37e658aa923d95
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
md5sum = 54ae95597a126ae552c3a913ddf29e5e
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
filename = templates/replicate-publish-slave-information.cfg.in _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
md5sum = 7e3ee70c447f8203273d78f66ab519c3 md5sum = 7e3ee70c447f8203273d78f66ab519c3
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
filename = templates/Caddyfile.in _update_hash_filename_ = templates/Caddyfile.in
md5sum = f0faf6d2e6c187df7e25bf717676f9df md5sum = f0faf6d2e6c187df7e25bf717676f9df
[caddy-backend-url-validator] [caddy-backend-url-validator]
...@@ -49,63 +45,63 @@ filename = templates/caddy-backend-url-validator.in ...@@ -49,63 +45,63 @@ filename = templates/caddy-backend-url-validator.in
md5sum = 0979a03476e86bf038516c9565dadc17 md5sum = 0979a03476e86bf038516c9565dadc17
[template-not-found-html] [template-not-found-html]
filename = templates/notfound.html _update_hash_filename_ = templates/notfound.html
md5sum = f20d6c3d2d94fb685f8d26dfca1e822b md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in _update_hash_filename_ = templates/default-virtualhost.conf.in
md5sum = 7e26935bb6daf00d8fc01d97eebc7abd md5sum = a72e9056eeda3c7c794f6f6560056380
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in _update_hash_filename_ = templates/cached-virtualhost.conf.in
md5sum = a73839d777fbd548286bbeccf47be335 md5sum = e839ca3cb308f7fcdfa06c2f1b95e93f
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in _update_hash_filename_ = templates/template-log-access.conf.in
md5sum = f8068179333ce19e95df561c70073857 md5sum = f8068179333ce19e95df561c70073857
[template-empty] [template-empty]
filename = templates/empty.in _update_hash_filename_ = templates/empty.in
md5sum = c2314c3a9c3412a38d14b312d3df83c1 md5sum = c2314c3a9c3412a38d14b312d3df83c1
[template-wrapper] [template-wrapper]
filename = templates/wrapper.in _update_hash_filename_ = templates/wrapper.in
md5sum = 8cde04bfd0c0e9bd56744b988275cfd8 md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
[template-trafficserver-records-config] [template-trafficserver-records-config]
filename = templates/trafficserver/records.config.jinja2 _update_hash_filename_ = templates/trafficserver/records.config.jinja2
md5sum = 3a4e378932ffc7768426bb7a897e2c45 md5sum = f3f31188de56bb35383335b3219537f4
[template-trafficserver-storage-config] [template-trafficserver-storage-config]
filename = templates/trafficserver/storage.config.jinja2 _update_hash_filename_ = templates/trafficserver/storage.config.jinja2
md5sum = baf7b89cc9ab5506100b0c900808c1ea md5sum = baf7b89cc9ab5506100b0c900808c1ea
[template-trafficserver-logging-config] [template-trafficserver-logging-config]
filename = templates/trafficserver/logging.config.jinja2 _update_hash_filename_ = templates/trafficserver/logging.config.jinja2
md5sum = 6aed31174dc262ced02f31624321df41 md5sum = 6aed31174dc262ced02f31624321df41
[template-nginx-eventsource-slave-virtualhost] [template-nginx-eventsource-slave-virtualhost]
filename = templates/nginx-eventsource-slave.conf.in _update_hash_filename_ = templates/nginx-eventsource-slave.conf.in
md5sum = 217a6c801b8330b0b825f7b8b4c77184 md5sum = 217a6c801b8330b0b825f7b8b4c77184
[template-caddy-lazy-script-call] [template-caddy-lazy-script-call]
filename = templates/apache-lazy-script-call.sh.in _update_hash_filename_ = templates/apache-lazy-script-call.sh.in
md5sum = b9f73f6323f9fceea054c46c854d2862 md5sum = b9f73f6323f9fceea054c46c854d2862
[template-graceful-script] [template-graceful-script]
filename = templates/graceful-script.sh.in _update_hash_filename_ = templates/graceful-script.sh.in
md5sum = 061cc244558fd3af2b6bacf17cae5555 md5sum = 061cc244558fd3af2b6bacf17cae5555
[template-validate-script] [template-validate-script]
filename = templates/validate-script.sh.in _update_hash_filename_ = templates/validate-script.sh.in
md5sum = f26e11574f266c7437c9c89e3c93825a md5sum = f26e11574f266c7437c9c89e3c93825a
[template-configuration-state-script] [template-configuration-state-script]
filename = templates/configuration-state-script.sh.in _update_hash_filename_ = templates/configuration-state-script.sh.in
md5sum = 4d2537d2698d32a7e909989f8778d144 md5sum = 4d2537d2698d32a7e909989f8778d144
[template-rotate-script] [template-rotate-script]
filename = templates/rotate-script.sh.in _update_hash_filename_ = templates/rotate-script.sh.in
md5sum = 8c150e1e6c993708d31936742f3a7302 md5sum = 8c150e1e6c993708d31936742f3a7302
[caddyprofiledeps-setup] [caddyprofiledeps-setup]
......
...@@ -119,15 +119,10 @@ template_default_slave_virtualhost = ${template-default-slave-virtualhost:target ...@@ -119,15 +119,10 @@ template_default_slave_virtualhost = ${template-default-slave-virtualhost:target
template_empty = ${template-empty:target} template_empty = ${template-empty:target}
template_log_access = ${template-log-access:target} template_log_access = ${template-log-access:target}
template_not_found_html = ${template-not-found-html:target} template_not_found_html = ${template-not-found-html:target}
template_slave_configuration = ${template-slave-configuration:target}
template_slave_list = ${template-slave-list:target} template_slave_list = ${template-slave-list:target}
template_trafficserver_records_config = ${template-trafficserver-records-config:location} template_trafficserver_records_config = ${template-trafficserver-records-config:target}
template_trafficserver_records_config_filename = ${template-trafficserver-records-config:filename} template_trafficserver_storage_config = ${template-trafficserver-storage-config:target}
template_trafficserver_records_config_location = ${template-trafficserver-records-config:location} template_trafficserver_logging_config = ${template-trafficserver-logging-config:target}
template_trafficserver_storage_config_filename = ${template-trafficserver-storage-config:filename}
template_trafficserver_storage_config_location = ${template-trafficserver-storage-config:location}
template_trafficserver_logging_config_filename = ${template-trafficserver-logging-config:filename}
template_trafficserver_logging_config_location = ${template-trafficserver-logging-config:location}
template_wrapper = ${template-wrapper:output} template_wrapper = ${template-wrapper:output}
[template] [template]
...@@ -155,8 +150,7 @@ mode = 0644 ...@@ -155,8 +150,7 @@ mode = 0644
[caddy-backend-url-validator] [caddy-backend-url-validator]
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${:_profile_base_location_}/templates/${:filename} url = ${:_profile_base_location_}/${:filename}
filename = caddy-backend-url-validator.in
output = ${buildout:directory}/caddy-backend-url-validator output = ${buildout:directory}/caddy-backend-url-validator
mode = 0750 mode = 0750
...@@ -172,44 +166,32 @@ mode = 0644 ...@@ -172,44 +166,32 @@ mode = 0644
[download-template] [download-template]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/${:filename} url = ${:_profile_base_location_}/${:_update_hash_filename_}
mode = 640 mode = 640
[template-slave-list] [template-slave-list]
<=download-template <=download-template
filename = apache-custom-slave-list.cfg.in
[template-slave-configuration]
<=download-template
filename = custom-virtualhost.conf.in
[template-replicate-publish-slave-information] [template-replicate-publish-slave-information]
<=download-template <=download-template
filename = replicate-publish-slave-information.cfg.in
[template-caddy-frontend-configuration] [template-caddy-frontend-configuration]
<=download-template <=download-template
filename = Caddyfile.in
[template-not-found-html] [template-not-found-html]
<=download-template <=download-template
filename = notfound.html
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
<=download-template <=download-template
filename = default-virtualhost.conf.in
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
<=download-template <=download-template
filename = cached-virtualhost.conf.in
[template-log-access] [template-log-access]
<=download-template <=download-template
filename = template-log-access.conf.in
[template-empty] [template-empty]
<=download-template <=download-template
filename = empty.in
[template-wrapper] [template-wrapper]
recipe = slapos.recipe.template recipe = slapos.recipe.template
...@@ -219,35 +201,24 @@ mode = 0644 ...@@ -219,35 +201,24 @@ mode = 0644
[template-trafficserver-records-config] [template-trafficserver-records-config]
<=download-template <=download-template
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
filename = records.config.jinja2
[template-trafficserver-storage-config] [template-trafficserver-storage-config]
<=download-template <=download-template
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
filename = storage.config.jinja2
[template-trafficserver-logging-config] [template-trafficserver-logging-config]
<=download-template <=download-template
url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
filename = logging.config.jinja2
[template-rotate-script] [template-rotate-script]
<=download-template <=download-template
filename = rotate-script.sh.in
[template-caddy-lazy-script-call] [template-caddy-lazy-script-call]
<=download-template <=download-template
filename = apache-lazy-script-call.sh.in
[template-graceful-script] [template-graceful-script]
<=download-template <=download-template
filename = graceful-script.sh.in
[template-validate-script] [template-validate-script]
<=download-template <=download-template
filename = validate-script.sh.in
[template-configuration-state-script] [template-configuration-state-script]
<=download-template <=download-template
filename = configuration-state-script.sh.in
...@@ -15,7 +15,6 @@ parts = ...@@ -15,7 +15,6 @@ parts =
caucase-updater caucase-updater
caucase-updater-promise caucase-updater-promise
frontend-caddy-graceful frontend-caddy-graceful
not-found-html
port-redirection port-redirection
promise-frontend-caddy-configuration promise-frontend-caddy-configuration
promise-caddy-frontend-v4-https promise-caddy-frontend-v4-https
...@@ -147,7 +146,6 @@ context = ...@@ -147,7 +146,6 @@ context =
[software-release-path] [software-release-path]
template-empty = {{ parameter_dict['template_empty'] }} template-empty = {{ parameter_dict['template_empty'] }}
template-slave-configuration = {{ parameter_dict['template_slave_configuration'] }}
template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }} template-default-slave-virtualhost = {{ parameter_dict['template_default_slave_virtualhost'] }}
template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }} template-cached-slave-virtualhost = {{ parameter_dict['template_cached_slave_virtualhost'] }}
caddy-location = {{ parameter_dict['caddy_location'] }} caddy-location = {{ parameter_dict['caddy_location'] }}
...@@ -249,7 +247,6 @@ extra-context = ...@@ -249,7 +247,6 @@ extra-context =
key local_ipv6 :local_ipv6 key local_ipv6 :local_ipv6
key global_ipv6 slap-network-information:global-ipv6 key global_ipv6 slap-network-information:global-ipv6
key empty_template software-release-path:template-empty key empty_template software-release-path:template-empty
key template_custom_slave_configuration software-release-path:template-slave-configuration
key template_default_slave_configuration software-release-path:template-default-slave-virtualhost key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost key template_cached_slave_configuration software-release-path:template-cached-slave-virtualhost
key software_type :software_type key software_type :software_type
...@@ -278,19 +275,6 @@ extra-context = ...@@ -278,19 +275,6 @@ extra-context =
key apache_certificate apache-certificate:rendered key apache_certificate apache-certificate:rendered
# BBB: SlapOS Master non-zero knowledge END # BBB: SlapOS Master non-zero knowledge END
[dynamic-virtualhost-template-slave]
<= jinja2-template-base
template = {{ parameter_dict['template_slave_configuration'] }}
rendered = ${directory:template}/slave-virtualhost.conf.in
# BBB: apache_custom_https and apache_custom_http
extra-context =
key https_port configuration:port
key http_port configuration:plain_http_port
key apache_custom_https configuration:apache_custom_https
key apache_custom_http configuration:apache_custom_http
key caddy_custom_https configuration:caddy_custom_https
key caddy_custom_http configuration:caddy_custom_http
# Deploy Caddy Frontend with Jinja power # Deploy Caddy Frontend with Jinja power
[dynamic-caddy-frontend-template] [dynamic-caddy-frontend-template]
< = jinja2-template-base < = jinja2-template-base
...@@ -334,9 +318,6 @@ template = inline: ...@@ -334,9 +318,6 @@ template = inline:
-http2=false \ -http2=false \
{% else %} {% else %}
-http2=true \ -http2=true \
{% endif %}
{% if instance_parameter['configuration.enable-quic'].lower() in TRUE_VALUES %}
-quic \
{% endif %} {% endif %}
-grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s \ -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s \
-disable-http-challenge \ -disable-http-challenge \
...@@ -353,10 +334,10 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -353,10 +334,10 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
hash-files = ${caddy-wrapper:rendered} hash-files = ${caddy-wrapper:rendered}
[not-found-html] [not-found-html]
recipe = slapos.cookbook:symbolic.link recipe = plone.recipe.command
target-directory = ${caddy-directory:document-root} update-command = ${:command}
link-binary = filename = notfound.html
{{ parameter_dict['template_not_found_html'] }} command = ln -sf {{ parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename}
[caddy-directory] [caddy-directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
...@@ -377,7 +358,7 @@ access-log = ${directory:log}/frontend-access.log ...@@ -377,7 +358,7 @@ access-log = ${directory:log}/frontend-access.log
error-log = ${directory:log}/frontend-error.log error-log = ${directory:log}/frontend-error.log
pid-file = ${directory:run}/httpd.pid pid-file = ${directory:run}/httpd.pid
frontend-graceful-command = ${frontend-caddy-validate:rendered} && kill -USR1 $(cat ${:pid-file}) frontend-graceful-command = ${frontend-caddy-validate:rendered} && kill -USR1 $(cat ${:pid-file})
not-found-file = ${caddy-directory:document-root}/notfound.html not-found-file = ${caddy-directory:document-root}/${not-found-html:filename}
master-certificate = ${caddy-directory:master-autocert-dir}/master.pem master-certificate = ${caddy-directory:master-autocert-dir}/master.pem
# Communication with ATS # Communication with ATS
cache-port = ${trafficserver-variable:input-port} cache-port = ${trafficserver-variable:input-port}
...@@ -478,19 +459,19 @@ context = ...@@ -478,19 +459,19 @@ context =
[trafficserver-records-config] [trafficserver-records-config]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_records_config_location'] }}/{{ parameter_dict['template_trafficserver_records_config_filename'] }} template = {{ parameter_dict['template_trafficserver_records_config'] }}
filename = records.config filename = records.config
extra-context = extra-context =
import os_module os import os_module os
[trafficserver-storage-config] [trafficserver-storage-config]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_storage_config_location'] }}/{{ parameter_dict['template_trafficserver_storage_config_filename'] }} template = {{ parameter_dict['template_trafficserver_storage_config'] }}
filename = storage.config filename = storage.config
[trafficserver-logging-config] [trafficserver-logging-config]
< = trafficserver-jinja2-template-base < = trafficserver-jinja2-template-base
template = {{ parameter_dict['template_trafficserver_logging_config_location'] }}/{{ parameter_dict['template_trafficserver_logging_config_filename'] }} template = {{ parameter_dict['template_trafficserver_logging_config'] }}
filename = logging.config filename = logging.config
[trafficserver-remap-config] [trafficserver-remap-config]
......
...@@ -78,13 +78,12 @@ context = ...@@ -78,13 +78,12 @@ context =
}) %} }) %}
{% endfor %} {% endfor %}
{% set authorized_slave_string_list = slapparameter_dict.pop('-frontend-authorized-slave-string', '').split() %} {% set authorized_slave_string_list = [] %}
{% set authorized_slave_list = [] %} {% set authorized_slave_list = [] %}
{% set rejected_slave_dict = {} %} {% set rejected_slave_dict = {} %}
{% set rejected_slave_title_dict = {} %} {% set rejected_slave_title_dict = {} %}
{% set warning_slave_dict = {} %} {% set warning_slave_dict = {} %}
{% set used_host_list = [] %} {% set used_host_list = [] %}
{% set unauthorized_message = 'slave not authorized' %}
{% for slave in sorted(slave_instance_list) %} {% for slave in sorted(slave_instance_list) %}
{% set slave_error_list = [] %} {% set slave_error_list = [] %}
{% set slave_warning_list = [] %} {% set slave_warning_list = [] %}
...@@ -104,7 +103,6 @@ context = ...@@ -104,7 +103,6 @@ context =
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{# BBB: apache_custom_https AND apache_custom_http #}
{% set custom_domain = slave.get('custom_domain') %} {% set custom_domain = slave.get('custom_domain') %}
{% if custom_domain and custom_domain in used_host_list %} {% if custom_domain and custom_domain in used_host_list %}
{% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %} {% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %}
...@@ -133,15 +131,6 @@ context = ...@@ -133,15 +131,6 @@ context =
{% endfor %} {% endfor %}
{% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %} {% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %}
{% endif %} {% endif %}
{% for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %}
{% if slave.get(key) %}
{% if not slave.get('slave_reference') in authorized_slave_string_list %}
{% if not unauthorized_message in slave_error_list %}
{% do slave_error_list.append(unauthorized_message) %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %} {# for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] #}
{% if slave.get('url') %} {% if slave.get('url') %}
{% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1 %} {% if subprocess_module.call([caddy_backend_url_validator, '' ~ slave['url']]) == 1 %}
{% do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %} {% do slave_error_list.append('slave url %r invalid' % (slave['url'],)) %}
......
{ {
"$schema": "http://json-schema.org/draft-04/schema", "$schema": "http://json-schema.org/draft-04/schema",
"properties": { "properties": {
"-frontend-authorized-slave-string": {
"description": "List of SOFTINST-XXX of Slaves, separated by space which is allowed to use custom configuration.",
"title": "Authorized Slave String",
"type": "string"
},
"-frontend-quantity": { "-frontend-quantity": {
"description": "Quantity of Frontends Replicate.", "description": "Quantity of Frontends Replicate.",
"title": "Frontend Replication Quantity", "title": "Frontend Replication Quantity",
...@@ -71,16 +66,6 @@ ...@@ -71,16 +66,6 @@
"title": "Test Verification URL", "title": "Test Verification URL",
"type": "string" "type": "string"
}, },
"enable-quic": {
"default": "false",
"description": "Enables QUIC - Quick UDP Internet Connections. Note that this is experimental feature, thus can result in undefined behaviour. Warning: Changing the parameter will result in restarting Caddy process.",
"enum": [
"true",
"false"
],
"title": "Enable QUIC",
"type": "string"
},
"proxy-try-duration": { "proxy-try-duration": {
"default": 5, "default": 5,
"description": "A time during which Caddy will try to establish connection with a backend. Setting it to 0 will result with immediate return of 502 EOF error to the browser, even if it would be possible to (re)connect to the backend during few moments. More info in https://caddyserver.com/docs/proxy try_durtion.", "description": "A time during which Caddy will try to establish connection with a backend. Setting it to 0 will result with immediate return of 502 EOF error to the browser, even if it would be possible to (re)connect to the backend during few moments. More info in https://caddyserver.com/docs/proxy try_durtion.",
......
...@@ -53,20 +53,6 @@ ...@@ -53,20 +53,6 @@
"title": "HTTPS Only", "title": "HTTPS Only",
"type": "string" "type": "string"
}, },
"caddy_custom_http": {
"default": "",
"description": "Raw http configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
"textarea": true,
"title": "HTTP configuration",
"type": "string"
},
"caddy_custom_https": {
"default": "",
"description": "Raw https configuration in python template format. Your site will be rejected if you use it without notification and approval of frontend administrators",
"textarea": true,
"title": "HTTPS configuration",
"type": "string"
},
"default-path": { "default-path": {
"default": "", "default": "",
"description": "Provide default path to redirect user to when user access / (the site root)", "description": "Provide default path to redirect user to when user access / (the site root)",
...@@ -153,12 +139,6 @@ ...@@ -153,12 +139,6 @@
"title": "Prefer gzip Encoding for Backend", "title": "Prefer gzip Encoding for Backend",
"type": "string" "type": "string"
}, },
"re6st-optimal-test": {
"default": "",
"description": "IPv6 and IPv6 Address for the frontend test if re6st is on the optimal status (use ipv6,ipv4)",
"title": "IPv6 and IPv4 Address to test Re6st",
"type": "string"
},
"server-alias": { "server-alias": {
"default": "", "default": "",
"description": "Server Alias List separated by space", "description": "Server Alias List separated by space",
......
...@@ -103,11 +103,6 @@ configuration.nginx_port = 9443 ...@@ -103,11 +103,6 @@ configuration.nginx_port = 9443
configuration.kedifa_port = 7879 configuration.kedifa_port = 7879
# Warning: Caucase takes also cacuase_port+1 # Warning: Caucase takes also cacuase_port+1
configuration.caucase_port = 8890 configuration.caucase_port = 8890
# BBB: apache_custom_https and apache_custom_http
configuration.apache_custom_https = ""
configuration.apache_custom_http = ""
configuration.caddy_custom_https = ""
configuration.caddy_custom_http = ""
configuration.apache-key = configuration.apache-key =
configuration.apache-certificate = configuration.apache-certificate =
configuration.open-port = 80 443 configuration.open-port = 80 443
...@@ -120,7 +115,6 @@ configuration.enable-http2-by-default = true ...@@ -120,7 +115,6 @@ configuration.enable-http2-by-default = true
configuration.global-disable-http2 = false configuration.global-disable-http2 = false
configuration.ciphers = configuration.ciphers =
configuration.request-timeout = 600 configuration.request-timeout = 600
configuration.enable-quic = false
configuration.mpm-graceful-shutdown-timeout = 5 configuration.mpm-graceful-shutdown-timeout = 5
configuration.frontend-name = configuration.frontend-name =
configuration.proxy-try-duration = 5 configuration.proxy-try-duration = 5
......
{% if software_type == slap_software_type %} {%- if software_type == slap_software_type %}
{%- set kedifa_updater_mapping = [] %}
{% set kedifa_updater_mapping = [] %} {%- set cached_server_dict = {} %}
{% set cached_server_dict = {} %} {%- set part_list = [] %}
{% set part_list = [] %} {%- set cache_port = caddy_configuration.get('cache-port') %}
{% set cache_port = caddy_configuration.get('cache-port') %} {%- set cached_port = caddy_configuration.get('cache-through-port') %}
{% set cached_port = caddy_configuration.get('cache-through-port') %} {%- set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %}
{% set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %} {%- set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %}
{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %} {%- set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %}
{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %} {%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %}
{% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %} {%- set slave_log_dict = {} %}
{% set slave_log_dict = {} %} {%- if extra_slave_instance_list %}
{% if extra_slave_instance_list %} {%- set slave_instance_information_list = [] %}
{% set slave_instance_information_list = [] %} {%- set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %}
{% set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %} {%- endif %}
{% endif %} {%- if master_key_download_url %}
{%- do kedifa_updater_mapping.append((master_key_download_url, master_certificate, apache_certificate)) %}
{%- else %}
{%- do kedifa_updater_mapping.append(('notreadyyet', master_certificate, apache_certificate)) %}
{%- endif %}
{%- if slave_kedifa_information %}
{%- set slave_kedifa_information = json_module.loads(slave_kedifa_information) %}
{%- else %}
{%- set slave_kedifa_information = {} %}
{%- endif -%}
[jinja2-template-base] [jinja2-template-base]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
extensions = jinja2.ext.do extensions = jinja2.ext.do
...@@ -30,18 +39,6 @@ sharedscripts = true ...@@ -30,18 +39,6 @@ sharedscripts = true
notifempty = true notifempty = true
create = true create = true
{% if master_key_download_url %}
{% do kedifa_updater_mapping.append((master_key_download_url, master_certificate, apache_certificate)) %}
{% else %}
{% do kedifa_updater_mapping.append(('notreadyyet', master_certificate, apache_certificate)) %}
{% endif %}
{% if slave_kedifa_information %}
{% set slave_kedifa_information = json_module.loads(slave_kedifa_information) %}
{% else %}
{% set slave_kedifa_information = {} %}
{% endif %}
# empty sections if no slaves are available # empty sections if no slaves are available
[slave-log-directory-dict] [slave-log-directory-dict]
[slave-password] [slave-password]
...@@ -49,172 +46,160 @@ create = true ...@@ -49,172 +46,160 @@ create = true
# empty section if no cached slaves are available # empty section if no cached slaves are available
[slave-log-cache-direct-directory-dict] [slave-log-cache-direct-directory-dict]
{# Loop thought slave list to set up slaves #} {#- Loop thought slave list to set up slaves #}
{% for slave_instance in slave_instance_list %} {%- for slave_instance in slave_instance_list %}
{# Manage ciphers #} {#- Manage ciphers #}
{% set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %} {%- set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %}
{% if slave_ciphers %} {%- if slave_ciphers %}
{% set slave_cipher_list = ' '.join(slave_ciphers) %} {%- set slave_cipher_list = ' '.join(slave_ciphers) %}
{% else %} {%- else %}
{% set slave_cipher_list = ciphers.strip() %} {%- set slave_cipher_list = ciphers.strip() %}
{% endif %} {%- endif %}
{% do slave_instance.__setitem__('cipher_list', slave_cipher_list) %} {%- do slave_instance.__setitem__('cipher_list', slave_cipher_list) %}
{% set slave_type = slave_instance.get('type', '') %} {%- set slave_type = slave_instance.get('type', '') %}
{% set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %} {%- set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
{% set slave_reference = slave_instance.get('slave_reference') %} {%- set slave_reference = slave_instance.get('slave_reference') %}
{% set slave_kedifa = slave_kedifa_information.get(slave_reference) %} {%- set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
{% if slave_kedifa %} {%- if slave_kedifa %}
{% set key_download_url = slave_kedifa.get('key-download-url') %} {%- set key_download_url = slave_kedifa.get('key-download-url') %}
{% else %} {%- else %}
{% set key_download_url = 'notreadyyet' %} {%- set key_download_url = 'notreadyyet' %}
{% endif %} {%- endif %}
{% set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %} {%- set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
{% set slave_parameter_dict = generic_instance_parameter_dict.copy() %} {%- set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
{% set slave_publish_dict = {} %} {%- set slave_publish_dict = {} %}
{% set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %} {%- set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
{% set slave_logrotate_section = slave_reference + "-logs" %} {%- set slave_logrotate_section = slave_reference + "-logs" %}
{% set slave_logrotate_cache_direct_section = slave_reference + "-cache-direct-logs" %} {%- set slave_logrotate_cache_direct_section = slave_reference + "-cache-direct-logs" %}
{% set slave_password_section = slave_reference + "-password" %} {%- set slave_password_section = slave_reference + "-password" %}
{% set slave_ln_section = slave_reference + "-ln" %} {%- set slave_ln_section = slave_reference + "-ln" %}
{#- extend parts #}
{# extend parts #} {%- do part_list.extend([slave_ln_section]) %}
{% do part_list.extend([slave_ln_section]) %} {%- do part_list.extend([slave_logrotate_section, slave_section_title]) %}
{% do part_list.extend([slave_logrotate_section, slave_section_title]) %} {%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
{%- if enable_cache %}
{% set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %} {%- set slave_log_cache_direct_folder = '${logrotate-directory:logrotate-backup}/' + slave_logrotate_cache_direct_section %}
{% if enable_cache %} {%- do part_list.extend([slave_logrotate_cache_direct_section]) %}
{% set slave_log_cache_direct_folder = '${logrotate-directory:logrotate-backup}/' + slave_logrotate_cache_direct_section %} {%- endif %}
{% do part_list.extend([slave_logrotate_cache_direct_section]) %} {#- Pass HTTP2 switch #}
{% endif %} {%- do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
{%- do slave_instance.__setitem__('global_disable_http2', global_disable_http2) %}
{# Pass HTTP2 switch #} {#- Pass proxy_try_duration and proxy_try_interval #}
{% do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %} {%- do slave_instance.__setitem__('proxy_try_duration', proxy_try_duration) %}
{% do slave_instance.__setitem__('global_disable_http2', global_disable_http2) %} {%- do slave_instance.__setitem__('proxy_try_interval', proxy_try_interval) %}
{#- Set Up log files #}
{# Pass proxy_try_duration and proxy_try_interval #} {%- do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}
{% do slave_instance.__setitem__('proxy_try_duration', proxy_try_duration) %} {%- do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %}
{% do slave_instance.__setitem__('proxy_try_interval', proxy_try_interval) %} {%- do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %}
{%- do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %}
{# Set Up log files #} {%- if enable_cache %}
{% do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %} {%- do slave_parameter_dict.__setitem__('access_log_cache_direct', '/'.join([caddy_log_cache_direct_directory, '%s_access_log' % slave_reference])) %}
{% do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %} {%- do slave_parameter_dict.__setitem__('error_log_cache_direct', '/'.join([caddy_log_cache_direct_directory, '%s_error_log' % slave_reference])) %}
{% do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %} {%- do slave_instance.__setitem__('access_log_cache_direct', slave_parameter_dict.get('access_log_cache_direct')) %}
{% do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %} {%- do slave_instance.__setitem__('error_log_cache_direct', slave_parameter_dict.get('error_log_cache_direct')) %}
{% if enable_cache %} {%- endif %}
{% do slave_parameter_dict.__setitem__('access_log_cache_direct', '/'.join([caddy_log_cache_direct_directory, '%s_access_log' % slave_reference])) %} {#- Add slave log directory to the slave log access dict #}
{% do slave_parameter_dict.__setitem__('error_log_cache_direct', '/'.join([caddy_log_cache_direct_directory, '%s_error_log' % slave_reference])) %} {%- do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}
{% do slave_instance.__setitem__('access_log_cache_direct', slave_parameter_dict.get('access_log_cache_direct')) %} {%- set slave_log_access_url = 'https://' + slave_reference.lower() + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('caddy-ipv6') + ']:' + frontend_configuration.get('caddy-https-port') + '/' + slave_reference.lower() + '/' %}
{% do slave_instance.__setitem__('error_log_cache_direct', slave_parameter_dict.get('error_log_cache_direct')) %} {%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
{% endif %} {%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
{%- do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %}
{# Add slave log directory to the slave log access dict #} {#- Set slave domain if none was defined #}
{% do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %} {%- if slave_instance.get('custom_domain', None) == None %}
{%- set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %}
{% set slave_log_access_url = 'https://' + slave_reference.lower() + ':${'+ slave_password_section +':passwd}@[' + frontend_configuration.get('caddy-ipv6') + ']:' + frontend_configuration.get('caddy-https-port') + '/' + slave_reference.lower() + '/' %} {%- do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %}
{% do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %} {%- endif %}
{% do slave_publish_dict.__setitem__('slave-reference', slave_reference) %} {%- if enable_cache and 'url' in slave_instance %}
{% do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %} {%- if 'domain' in slave_instance %}
{%- if not slave_instance.get('custom_domain') %}
{# Set slave domain if none was defined #} {%- do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) %}
{% if slave_instance.get('custom_domain', None) == None %} {%- endif %}
{% set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %} {%- endif %}
{% do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %} {%- do slave_instance.__setitem__('backend_url', slave_instance.get('url')) %}
{% endif %} {%- do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) %}
{%- do slave_instance.__setitem__('url', cache_access) %}
{% if enable_cache and 'url' in slave_instance %} {%- do slave_instance.__setitem__('https-url', ssl_cache_access) %}
{% if 'domain' in slave_instance %} {%- do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %}
{% if not slave_instance.get('custom_domain') %} {%- endif %}
{% do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) %} {%- do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %}
{% endif %} {%- do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{% endif %} {%- do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{% do slave_instance.__setitem__('backend_url', slave_instance.get('url')) %} {%- do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{% do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) %}
{% do slave_instance.__setitem__('url', cache_access) %}
{% do slave_instance.__setitem__('https-url', ssl_cache_access) %}
{% do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %}
{% endif %}
{# BBB: apache_custom_https and apache_custom_http #}
{% if not slave_instance.has_key('caddy_custom_http') and not slave_instance.has_key('caddy_custom_https') and not slave_instance.has_key('apache_custom_http') and not slave_instance.has_key('apache_custom_https') %}
{% do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{% do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{% endif %}
[slave-log-directory-dict] [slave-log-directory-dict]
{{slave_reference}} = {{ slave_log_folder }} {{slave_reference}} = {{ slave_log_folder }}
{% if enable_cache %} {%- if enable_cache %}
[slave-log-cache-direct-directory-dict] [slave-log-cache-direct-directory-dict]
{{slave_reference}}_cache_direct = {{ slave_log_cache_direct_folder }} {{slave_reference}}_cache_direct = {{ slave_log_cache_direct_folder }}
{% endif %} {%- endif %}
[slave-password] [slave-password]
{{ slave_reference }} = {{ '${' + slave_password_section + ':passwd}' }} {{ slave_reference }} = {{ '${' + slave_password_section + ':passwd}' }}
{# Set slave logrotate entry #} {#- Set slave logrotate entry #}
[{{slave_logrotate_section}}] [{{slave_logrotate_section}}]
<= logrotate-entry-base <= logrotate-entry-base
name = ${:_buildout_section_name_} name = ${:_buildout_section_name_}
log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}} log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}}
backup = {{ slave_log_folder }} backup = {{ slave_log_folder }}
{% if enable_cache %} {%- if enable_cache %}
[{{slave_logrotate_cache_direct_section}}] [{{slave_logrotate_cache_direct_section}}]
<= logrotate-entry-base <= logrotate-entry-base
name = ${:_buildout_section_name_} name = ${:_buildout_section_name_}
log = {{slave_parameter_dict.get('access_log_cache_direct')}} {{slave_parameter_dict.get('error_log_cache_direct')}} log = {{slave_parameter_dict.get('access_log_cache_direct')}} {{slave_parameter_dict.get('error_log_cache_direct')}}
backup = {{ slave_log_cache_direct_folder }} backup = {{ slave_log_cache_direct_folder }}
{% endif %} {%- endif %}
{#- integrate current logs inside #}
{# integrate current logs inside #}
[{{slave_ln_section}}] [{{slave_ln_section}}]
recipe = plone.recipe.command recipe = plone.recipe.command
stop-on-error = false stop-on-error = false
command = ln -s {{slave_parameter_dict.get('error_log')}} {{ slave_log_folder }}/error.log && ln -s {{slave_parameter_dict.get('access_log')}} {{ slave_log_folder }}/access.log command = ln -s {{slave_parameter_dict.get('error_log')}} {{ slave_log_folder }}/error.log && ln -s {{slave_parameter_dict.get('access_log')}} {{ slave_log_folder }}/access.log
{# Set password for slave #} {#- Set password for slave #}
[{{slave_password_section}}] [{{slave_password_section}}]
recipe = slapos.cookbook:generate.password recipe = slapos.cookbook:generate.password
storage-path = {{caddy_configuration_directory}}/.{{slave_reference}}.passwd storage-path = {{caddy_configuration_directory}}/.{{slave_reference}}.passwd
bytes = 8 bytes = 8
{# ################################################## #} {#- ################################################## #}
{# Set Slave Certificates if needed #} {#- Set Slave Certificates if needed #}
{# Set certificate key for custom configuration #} {#- Set certificate key for custom configuration #}
{% set cert_name = slave_reference.replace('-','.') + '.pem' %} {%- set cert_name = slave_reference.replace('-','.') + '.pem' %}
{% set certificate = '%s/%s' % (autocert, cert_name) %} {%- set certificate = '%s/%s' % (autocert, cert_name) %}
{% do slave_parameter_dict.__setitem__('certificate', certificate )%} {%- do slave_parameter_dict.__setitem__('certificate', certificate )%}
{#- Set ssl certificates for each slave #}
{# Set ssl certificates for each slave #} {%- for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
{% for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%} {%- if cert_name in slave_instance %}
{% if cert_name in slave_instance %} {%- set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
{% set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %} {%- set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
{% set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %} {%- do part_list.append(cert_title) %}
{% do part_list.append(cert_title) %} {%- do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
{% do slave_parameter_dict.__setitem__(cert_name, cert_file) %} {%- do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
{% do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %} {#- Store certificates on fs #}
{# Store certificates on fs #}
[{{ cert_title }}] [{{ cert_title }}]
< = jinja2-template-base < = jinja2-template-base
template = {{ empty_template }} template = {{ empty_template }}
rendered = {{ cert_file }} rendered = {{ cert_file }}
extra-context = extra-context =
key content {{ cert_title + '-config:value' }} key content {{ cert_title + '-config:value' }}
# BBB: SlapOS Master non-zero knowledge BEGIN {#- BBB: SlapOS Master non-zero knowledge BEGIN #}
# Store certificate in config {#- Store certificate in config #}
[{{ cert_title + '-config' }}] [{{ cert_title + '-config' }}]
value = {{ dumps(slave_instance.get(cert_name)) }} value = {{ dumps(slave_instance.get(cert_name)) }}
{% endif %} {%- endif %}
{% endfor %} {%- endfor %}
{#- Set Up Certs #} {#- Set Up Certs #}
{% if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %} {%- if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
{% set cert_title = '%s-crt' % (slave_reference) %} {%- set cert_title = '%s-crt' % (slave_reference) %}
{% set cert_file = '/'.join([bbb_ssl_directory, cert_title.replace('-','.')]) %} {%- set cert_file = '/'.join([bbb_ssl_directory, cert_title.replace('-','.')]) %}
{% do kedifa_updater_mapping.append((key_download_url, certificate, cert_file)) %} {%- do kedifa_updater_mapping.append((key_download_url, certificate, cert_file)) %}
{% do part_list.append(cert_title) %} {%- do part_list.append(cert_title) %}
{% do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %} {%- do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
[{{cert_title}}] [{{cert_title}}]
< = jinja2-template-base < = jinja2-template-base
...@@ -223,13 +208,14 @@ rendered = {{ cert_file }} ...@@ -223,13 +208,14 @@ rendered = {{ cert_file }}
cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '') + '\n' + slave_instance.get('ssl_key')) }} cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.get('ssl_ca_crt', '') + '\n' + slave_instance.get('ssl_key')) }}
extra-context = extra-context =
key content :cert-content key content :cert-content
{% else %} {%- else %}
{% do kedifa_updater_mapping.append((key_download_url, certificate, master_certificate)) %} {%- do kedifa_updater_mapping.append((key_download_url, certificate, master_certificate)) %}
{% endif %} {%- endif %}
# BBB: SlapOS Master non-zero knowledge END {#- BBB: SlapOS Master non-zero knowledge END #}
{#- ########################################## #}
{#- Set Slave Configuration #}
{# ########################################## #}
{# Set Slave Configuration #}
[{{ slave_configuration_section_name }}] [{{ slave_configuration_section_name }}]
certificate = {{ certificate }} certificate = {{ certificate }}
https_port = {{ dumps('' ~ https_port) }} https_port = {{ dumps('' ~ https_port) }}
...@@ -238,51 +224,29 @@ local_ipv4 = {{ dumps('' ~ local_ipv4) }} ...@@ -238,51 +224,29 @@ local_ipv4 = {{ dumps('' ~ local_ipv4) }}
cached_port = {{ dumps('' ~ cached_port) }} cached_port = {{ dumps('' ~ cached_port) }}
ssl_cached_port = {{ ('' ~ ssl_cached_port) }} ssl_cached_port = {{ ('' ~ ssl_cached_port) }}
request_timeout = {{ ('' ~ request_timeout) }} request_timeout = {{ ('' ~ request_timeout) }}
{# BBB: apache_custom_https and apache_custom_http #} {%- for key, value in slave_instance.iteritems() %}
{% set caddy_custom_http_template = slave_instance.pop('caddy_custom_http', slave_instance.pop('apache_custom_http', '')) %} {%- if value is not none %}
{% set caddy_custom_https_template = slave_instance.pop('caddy_custom_https', slave_instance.pop('apache_custom_https', '')) %}
{% if caddy_custom_http_template is not none %}
{% set caddy_custom_http = ('' ~ caddy_custom_http_template) % slave_parameter_dict %}
caddy_custom_http = {{ dumps(caddy_custom_http) }}
{% else %}
{% set caddy_custom_http = None %}
{% endif %}
{% if caddy_custom_https_template is not none %}
{% set caddy_custom_https = ('' ~ caddy_custom_https_template) % slave_parameter_dict %}
caddy_custom_https = {{ dumps(caddy_custom_https) }}
{% else %}
{% set caddy_custom_https = None %}
{% endif %}
{{ '\n' }}
{% for key, value in slave_instance.iteritems() %}
{% if value is not none %}
{{ key }} = {{ dumps('' ~ value) }} {{ key }} = {{ dumps('' ~ value) }}
{% endif %} {%- endif %}
{% endfor %} {%- endfor %}
[{{ slave_section_title }}] [{{ slave_section_title }}]
< = jinja2-template-base < = jinja2-template-base
rendered = {{ caddy_configuration_directory }}/${:filename} rendered = {{ caddy_configuration_directory }}/${:filename}
{% if caddy_custom_http or caddy_custom_https %}
template = {{ template_custom_slave_configuration }}
extra-context =
section slave_parameter {{ slave_configuration_section_name }}
{% else %}
template = {{ template_default_slave_configuration }} template = {{ template_default_slave_configuration }}
extra-context = extra-context =
section slave_parameter {{ slave_configuration_section_name }} section slave_parameter {{ slave_configuration_section_name }}
import urllib_module urllib import urllib_module urllib
{% endif %}
filename = {{ '%s.conf' % slave_reference }} filename = {{ '%s.conf' % slave_reference }}
{{ '\n' }} {{ '\n' }}
{% set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %} {%- set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
{% if monitor_ipv6_test %} {%- if monitor_ipv6_test %}
{% set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %} {%- set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
{% do part_list.append(monitor_ipv6_section_title) %} {%- do part_list.append(monitor_ipv6_section_title) %}
[{{ monitor_ipv6_section_title }}] [{{ monitor_ipv6_section_title }}]
<= monitor-promise-base <= monitor-promise-base
module = check_icmp_packet_lost module = check_icmp_packet_lost
...@@ -290,12 +254,11 @@ name = {{ monitor_ipv6_section_title }}.py ...@@ -290,12 +254,11 @@ name = {{ monitor_ipv6_section_title }}.py
config-address = {{ dumps(monitor_ipv6_test) }} config-address = {{ dumps(monitor_ipv6_test) }}
# promise frequency in minutes (2 times/day) # promise frequency in minutes (2 times/day)
config-frequency = 720 config-frequency = 720
{% endif %} {%- endif %}
{%- set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %}
{% set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %} {%- if monitor_ipv4_test %}
{% if monitor_ipv4_test %} {%- set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %}
{% set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %} {%- do part_list.append(monitor_ipv4_section_title) %}
{% do part_list.append(monitor_ipv4_section_title) %}
[{{ monitor_ipv4_section_title }}] [{{ monitor_ipv4_section_title }}]
<= monitor-promise-base <= monitor-promise-base
module = check_icmp_packet_lost module = check_icmp_packet_lost
...@@ -304,66 +267,41 @@ config-address = {{ dumps(monitor_ipv4_test) }} ...@@ -304,66 +267,41 @@ config-address = {{ dumps(monitor_ipv4_test) }}
config-ipv4 = true config-ipv4 = true
# promise frequency in minutes (2 times/day) # promise frequency in minutes (2 times/day)
config-frequency = 720 config-frequency = 720
{% endif %} {%- endif %}
{% set re6st_optimal_test = '' ~ slave_instance.get('re6st-optimal-test', '') %}
{% set re6st_ipv6 = None %}
{% set re6st_ipv4 = None %}
{% if ',' in re6st_optimal_test %}
{% set re6st_ipv6, re6st_ipv4 = re6st_optimal_test.split(",") %}
{% endif %}
{% if re6st_ipv6 and re6st_ipv4 %}
{% set re6st_optimal_test_section_title = 'check-%s-re6st-optimal-test' % slave_instance.get('slave_reference') %}
{% do part_list.append(re6st_optimal_test_section_title) %}
[{{ re6st_optimal_test_section_title }}]
<= monitor-promise-base
module = check_re6st_optimal_status
name = {{ re6st_optimal_test_section_title }}.py
config-ipv4 = {{ dumps(re6st_ipv4) }}
config-ipv6 = {{ dumps(re6st_ipv6) }}
# promise frequency in minutes (2 times/day)
config-frequency = 720
{% endif %}
{# ############################### #} {#- ############################### #}
{# Publish Slave Information #} {#- Publish Slave Information #}
{% if not extra_slave_instance_list %} {%- if not extra_slave_instance_list %}
{% set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %} {%- set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %}
{% do part_list.append(publish_section_title) %} {%- do part_list.append(publish_section_title) %}
[{{ publish_section_title }}] [{{ publish_section_title }}]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
{% for key, value in slave_publish_dict.iteritems() %} {%- for key, value in slave_publish_dict.iteritems() %}
{{ key }} = {{ value }} {{ key }} = {{ value }}
{% endfor %} {%- endfor %}
{% else %} {%- else %}
{% do slave_instance_information_list.append(slave_publish_dict) %} {%- do slave_instance_information_list.append(slave_publish_dict) %}
{% endif %} {%- endif %}
{%- endfor %} {# Slave iteration ends for slave_instance in slave_instance_list #}
{# End of the main for loop#}
{% endfor %}
[slave-log-directories] [slave-log-directories]
<= slave-log-directory-dict <= slave-log-directory-dict
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
{% do part_list.append('slave-log-directories') %} {%- do part_list.append('slave-log-directories') %}
[slave-log-cache-direct-directories] [slave-log-cache-direct-directories]
<= slave-log-cache-direct-directory-dict <= slave-log-cache-direct-directory-dict
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
{% do part_list.append('slave-log-cache-direct-directories') %} {%- do part_list.append('slave-log-cache-direct-directories') %}
{%- do part_list.append('caddy-log-access') %}
{% do part_list.append('caddy-log-access') %} {#- ############################################## #}
{#- ## Prepare virtualhost for slaves using cache #}
############################################### {%- for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %}
### Prepare virtualhost for slaves using cache {%- set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %}
{%- do part_list.append(cached_slave_configuration_section_title) %}
{% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %}
{% set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %}
{% do part_list.append(cached_slave_configuration_section_title) %}
[{{ cached_slave_configuration_section_title }}] [{{ cached_slave_configuration_section_title }}]
< = jinja2-template-base < = jinja2-template-base
template = {{ template_cached_slave_configuration }} template = {{ template_cached_slave_configuration }}
...@@ -373,8 +311,7 @@ extensions = jinja2.ext.do ...@@ -373,8 +311,7 @@ extensions = jinja2.ext.do
extra-context = extra-context =
section slave_parameter {{ slave_configuration_section_name }} section slave_parameter {{ slave_configuration_section_name }}
{{ '\n' }} {{ '\n' }}
{% endfor %} {%- endfor %}
{#- Define IPv6 to IPV4 tunneling #} {#- Define IPv6 to IPV4 tunneling #}
[tunnel-6to4-base] [tunnel-6to4-base]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
...@@ -404,7 +341,8 @@ ipv6-port = {{ cached_port }} ...@@ -404,7 +341,8 @@ ipv6-port = {{ cached_port }}
ipv4-port = {{ ssl_cached_port }} ipv4-port = {{ ssl_cached_port }}
ipv6-port = {{ ssl_cached_port }} ipv6-port = {{ ssl_cached_port }}
{# Define log access #} {#- Define log access #}
[caddy-log-access-parameters] [caddy-log-access-parameters]
caddy_log_directory = {{ dumps(caddy_log_directory) }} caddy_log_directory = {{ dumps(caddy_log_directory) }}
caddy_configuration_directory = {{ dumps(caddy_configuration_directory) }} caddy_configuration_directory = {{ dumps(caddy_configuration_directory) }}
...@@ -427,15 +365,15 @@ extra-context = ...@@ -427,15 +365,15 @@ extra-context =
section parameter_dict caddy-log-access-parameters section parameter_dict caddy-log-access-parameters
{# Publish information for the instance #} {#- Publish information for the instance #}
[publish-caddy-information] [publish-caddy-information]
recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
public-ipv4 = {{ public_ipv4 }} public-ipv4 = {{ public_ipv4 }}
private-ipv4 = {{ local_ipv4 }} private-ipv4 = {{ local_ipv4 }}
{% if extra_slave_instance_list %} {%- if extra_slave_instance_list %}
{# sort_keys are important in order to avoid shuffling parameters on each run #} {#- sort_keys are important in order to avoid shuffling parameters on each run #}
slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }} slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
{% endif %} {%- endif %}
monitor-base-url = {{ monitor_base_url }} monitor-base-url = {{ monitor_base_url }}
csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt csr_id-url = https://[${expose-csr_id-configuration:ip}]:${expose-csr_id-configuration:port}/csr_id.txt
csr_id-certificate = ${get-csr_id-certificate:certificate} csr_id-certificate = ${get-csr_id-certificate:certificate}
...@@ -463,9 +401,9 @@ update-command = ${:command} ...@@ -463,9 +401,9 @@ update-command = ${:command}
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
file = {{ kedifa_updater_mapping_file }} file = {{ kedifa_updater_mapping_file }}
template = inline: template = inline:
{% for mapping in kedifa_updater_mapping %} {%- for mapping in kedifa_updater_mapping %}
{{ mapping[0] }} {{ mapping[1] }} {{ mapping[2] }} {{ mapping[0] }} {{ mapping[1] }} {{ mapping[2] }}
{% endfor %} {%- endfor %}
rendered = ${:file} rendered = ${:file}
...@@ -485,12 +423,12 @@ extends = ...@@ -485,12 +423,12 @@ extends =
parts += parts +=
kedifa-updater kedifa-updater
kedifa-updater-run kedifa-updater-run
{% for part in part_list %} {%- for part in part_list %}
{{ ' %s' % part }} {{ ' %s' % part }}
{% endfor %} {%- endfor %}
{% if 'caddy-log-access' not in part_list %} {%- if 'caddy-log-access' not in part_list %}
caddy-log-access-empty caddy-log-access-empty
{% endif %} {%- endif %}
publish-caddy-information publish-caddy-information
tunnel-6to4-base-http_port tunnel-6to4-base-http_port
tunnel-6to4-base-https_port tunnel-6to4-base-https_port
...@@ -576,4 +514,4 @@ recipe = collective.recipe.shelloutput ...@@ -576,4 +514,4 @@ recipe = collective.recipe.shelloutput
commands = commands =
certificate = cat ${certificate-csr_id:certificate} certificate = cat ${certificate-csr_id:certificate}
{% endif %} {%- endif %} {# if software_type == slap_software_type #}
...@@ -22,7 +22,10 @@ ...@@ -22,7 +22,10 @@
try_duration {{ slave_parameter['proxy_try_duration'] }}s try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent header_upstream Host {host}
{# header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
header_upstream -X-Forwarded-For-Real
timeout {{ slave_parameter['request_timeout'] }}s timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %} {%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
...@@ -47,7 +50,10 @@ ...@@ -47,7 +50,10 @@
proxy / {{ slave_parameter.get('https_backend_url', '') }} { proxy / {{ slave_parameter.get('https_backend_url', '') }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent header_upstream Host {host}
{# header_upstream -X-Forwarded-For - caddy behaviour while removing and setting header is unstable, so for now original header has to be kept, even if in that case it comes from after ATS caddy itself #}
header_upstream X-Forwarded-For {>X-Forwarded-For-Real}
header_upstream -X-Forwarded-For-Real
timeout {{ slave_parameter['request_timeout'] }}s timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %} {%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %} {%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
......
{{ slave_parameter.get('caddy_custom_https', '') }}
{{ slave_parameter.get('caddy_custom_http', '') }}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
{%- set enable_cache = slave_parameter.get('enable_cache', '').lower() in TRUE_VALUES %}
{%- set disable_no_cache_header = slave_parameter.get('disable-no-cache-request', '').lower() in TRUE_VALUES %} {%- set disable_no_cache_header = slave_parameter.get('disable-no-cache-request', '').lower() in TRUE_VALUES %}
{%- set disable_via_header = slave_parameter.get('disable-via-header', '').lower() in TRUE_VALUES %} {%- set disable_via_header = slave_parameter.get('disable-via-header', '').lower() in TRUE_VALUES %}
{%- set prefer_gzip = slave_parameter.get('prefer-gzip-encoding-to-backend', '').lower() in TRUE_VALUES %} {%- set prefer_gzip = slave_parameter.get('prefer-gzip-encoding-to-backend', '').lower() in TRUE_VALUES %}
...@@ -39,6 +40,25 @@ ...@@ -39,6 +40,25 @@
{%- set enable_h2 = False %} {%- set enable_h2 = False %}
{%- endif %} {%- endif %}
{%- macro proxy_header() %}
try_duration {{ slave_parameter['proxy_try_duration'] }}s
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
# force reset of X-Forwarded-For
header_upstream X-Forwarded-For {remote}
{%- if enable_cache %}
# provide a header for other components
header_upstream X-Forwarded-For-Real {remote}
{%- endif %}
{%- endmacro %} {# proxy_header #}
{%- for tls in [True, False] %} {%- for tls in [True, False] %}
{%- if tls %} {%- if tls %}
{%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')).rstrip('/') %} {%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')).rstrip('/') %}
...@@ -102,8 +122,7 @@ ...@@ -102,8 +122,7 @@
{%- for (proxy_name, proxy_comment) in proxy_append_list %} {%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }} # {{ proxy_comment }}
proxy /{{ proxy_name }} {{ backend_url }} { proxy /{{ proxy_name }} {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
{%- if proxy_name == 'prefer-gzip' %} {%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip without /prefer-gzip
header_upstream Accept-Encoding gzip header_upstream Accept-Encoding gzip
...@@ -122,14 +141,6 @@ ...@@ -122,14 +141,6 @@
header_upstream -Pragma header_upstream -Pragma
{%- endif %} {#- if disable_no_cache_header #} {%- endif %} {#- if disable_no_cache_header #}
transparent transparent
timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
} {# proxy #} } {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #} {%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- if default_path %} {%- if default_path %}
...@@ -174,54 +185,43 @@ ...@@ -174,54 +185,43 @@
} {# redir #} } {# redir #}
{%- elif slave_type == 'notebook' %} {%- elif slave_type == 'notebook' %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
transparent transparent
insecure_skip_verify
} }
rewrite { rewrite {
regexp "/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/?" regexp "/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/?"
to /proxy/{1} to /proxy/{1}
} }
proxy /proxy/ {{ backend_url }} { proxy /proxy/ {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms transparent
header_upstream X-Real-IP {remote}
header_upstream Host {host}
websocket websocket
without /proxy/ without /proxy/
insecure_skip_verify
} }
{%- elif slave_type == 'websocket' %} {%- elif slave_type == 'websocket' %}
{%- if websocket_path_list %} {%- if websocket_path_list %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
{%- if websocket_transparent %} {%- if websocket_transparent %}
transparent transparent
{%- endif %} {%- endif %}
insecure_skip_verify
} }
{%- for websocket_path in websocket_path_list %} {%- for websocket_path in websocket_path_list %}
proxy /{{ websocket_path }} {{ backend_url }} { proxy /{{ websocket_path }} {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
websocket websocket
{%- if websocket_transparent %} {%- if websocket_transparent %}
transparent transparent
{%- endif %} {%- endif %}
insecure_skip_verify
} }
{%- endfor %} {%- endfor %}
{%- else %} {%- else %}
proxy / {{ backend_url }} { proxy / {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
websocket websocket
{%- if websocket_transparent %} {%- if websocket_transparent %}
transparent transparent
{%- endif %} {%- endif %}
insecure_skip_verify
} }
{%- endif %} {%- endif %}
{%- else %} {#- if slave_type == 'zope' and backend_url #} {%- else %} {#- if slave_type == 'zope' and backend_url #}
...@@ -237,8 +237,7 @@ ...@@ -237,8 +237,7 @@
{%- for (proxy_name, proxy_comment) in proxy_append_list %} {%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }} # {{ proxy_comment }}
proxy /{{ proxy_name }} {{ backend_url }} { proxy /{{ proxy_name }} {{ backend_url }} {
try_duration {{ slave_parameter['proxy_try_duration'] }}s {{ proxy_header() }}
try_interval {{ slave_parameter['proxy_try_interval'] }}ms
{%- if proxy_name == 'prefer-gzip' %} {%- if proxy_name == 'prefer-gzip' %}
without /prefer-gzip without /prefer-gzip
header_upstream Accept-Encoding gzip header_upstream Accept-Encoding gzip
...@@ -257,14 +256,6 @@ ...@@ -257,14 +256,6 @@
header_upstream -Pragma header_upstream -Pragma
{%- endif %} {#- if disable_no_cache_header #} {%- endif %} {#- if disable_no_cache_header #}
transparent transparent
timeout {{ slave_parameter['request_timeout'] }}s
{%- if ssl_proxy_verify %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
} {# proxy #} } {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #} {%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- endif %} {#- if backend_url #} {%- endif %} {#- if backend_url #}
......
...@@ -27,6 +27,14 @@ CONFIG proxy.config.http.cache.open_write_fail_action INT 2 ...@@ -27,6 +27,14 @@ CONFIG proxy.config.http.cache.open_write_fail_action INT 2
CONFIG proxy.config.body_factory.template_sets_dir STRING {{ ats_configuration['templates-dir'] }} CONFIG proxy.config.body_factory.template_sets_dir STRING {{ ats_configuration['templates-dir'] }}
# Support stale-if-error by returning cached content on backend 5xx or unavailability # Support stale-if-error by returning cached content on backend 5xx or unavailability
CONFIG proxy.config.http.negative_revalidating_enabled INT 1 CONFIG proxy.config.http.negative_revalidating_enabled INT 1
##############################################################################
# Proxy users variables. Docs:
# https://docs.trafficserver.apache.org/records.config#proxy-user-variables
##############################################################################
# Do not modify headers, as it needlessly pollutes information
CONFIG proxy.config.http.insert_client_ip INT 0
CONFIG proxy.config.http.insert_squid_x_forwarded_for INT 0
############################################################################## ##############################################################################
# Thread configurations. Docs: # Thread configurations. Docs:
...@@ -98,13 +106,6 @@ CONFIG proxy.config.http.down_server.abort_threshold INT 10 ...@@ -98,13 +106,6 @@ CONFIG proxy.config.http.down_server.abort_threshold INT 10
CONFIG proxy.config.http.negative_caching_enabled INT 0 CONFIG proxy.config.http.negative_caching_enabled INT 0
CONFIG proxy.config.http.negative_caching_lifetime INT 1800 CONFIG proxy.config.http.negative_caching_lifetime INT 1800
##############################################################################
# Proxy users variables. Docs:
# https://docs.trafficserver.apache.org/records.config#proxy-user-variables
##############################################################################
CONFIG proxy.config.http.insert_client_ip INT 1
CONFIG proxy.config.http.insert_squid_x_forwarded_for INT 1
############################################################################## ##############################################################################
# Security. Docs: # Security. Docs:
# https://docs.trafficserver.apache.org/records.config#security # https://docs.trafficserver.apache.org/records.config#security
......
...@@ -46,7 +46,6 @@ setup(name=name, ...@@ -46,7 +46,6 @@ setup(name=name,
# ipaddress is patching IPAddress so IPv6 in SSL certificates # ipaddress is patching IPAddress so IPv6 in SSL certificates
# match works # match works
'ipaddress >= 1.0.22', 'ipaddress >= 1.0.22',
'forcediphttpsadapter',
'requests-toolbelt', 'requests-toolbelt',
'supervisor', 'supervisor',
# caucase needed to connect to the KeDiFa caucase # caucase needed to connect to the KeDiFa caucase
......
...@@ -33,12 +33,10 @@ from requests_toolbelt.adapters import source ...@@ -33,12 +33,10 @@ from requests_toolbelt.adapters import source
import json import json
import multiprocessing import multiprocessing
import subprocess import subprocess
from unittest import skip, expectedFailure from unittest import skip
import ssl import ssl
import signal
from BaseHTTPServer import HTTPServer from BaseHTTPServer import HTTPServer
from BaseHTTPServer import BaseHTTPRequestHandler from BaseHTTPServer import BaseHTTPRequestHandler
from forcediphttpsadapter.adapters import ForcedIPHTTPSAdapter
import time import time
import tempfile import tempfile
import ipaddress import ipaddress
...@@ -48,6 +46,8 @@ import base64 ...@@ -48,6 +46,8 @@ import base64
import re import re
from slapos.recipe.librecipe import generateHashFromFiles from slapos.recipe.librecipe import generateHashFromFiles
import xml.etree.ElementTree as ET import xml.etree.ElementTree as ET
import urlparse
import socket
try: try:
...@@ -77,6 +77,24 @@ HTTPS_PORT = '11443' ...@@ -77,6 +77,24 @@ HTTPS_PORT = '11443'
CAUCASE_PORT = '15090' CAUCASE_PORT = '15090'
KEDIFA_PORT = '15080' KEDIFA_PORT = '15080'
# IP to originate requests from
# has to be not partition one
SOURCE_IP = '127.0.0.1'
# "--resolve" inspired from https://stackoverflow.com/a/44378047/9256748
DNS_CACHE = {}
def add_custom_dns(domain, port, ip):
port = int(port)
key = (domain, port)
value = (socket.AF_INET, 1, 6, '', (ip, port))
DNS_CACHE[key] = [value]
def new_getaddrinfo(*args):
return DNS_CACHE[args[:2]]
# for development: debugging logs and install Ctrl+C handler # for development: debugging logs and install Ctrl+C handler
if os.environ.get('SLAPOS_TEST_DEBUG'): if os.environ.get('SLAPOS_TEST_DEBUG'):
...@@ -225,17 +243,6 @@ def isHTTP2(domain, ip): ...@@ -225,17 +243,6 @@ def isHTTP2(domain, ip):
return 'Using HTTP2, server supports multi-use' in err return 'Using HTTP2, server supports multi-use' in err
def getQUIC(url, ip, port):
quic_client_command = 'quic_client --disable-certificate-verification '\
'--port=%(port)s --host=%(host)s %(url)s' % dict(
port=port, host=ip, url=url)
try:
return True, subprocess.check_output(
quic_client_command.split(), stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
return False, e.output
def getPluginParameterDict(software_path, filepath): def getPluginParameterDict(software_path, filepath):
"""Load the slapos monitor plugin and returns the configuration used by this plugin. """Load the slapos monitor plugin and returns the configuration used by this plugin.
...@@ -328,7 +335,7 @@ class TestDataMixin(object): ...@@ -328,7 +335,7 @@ class TestDataMixin(object):
) )
except AssertionError: except AssertionError:
if os.environ.get('SAVE_TEST_DATA', '0') == '1': if os.environ.get('SAVE_TEST_DATA', '0') == '1':
open(test_data_file, 'w').write(runtime_data.strip()) open(test_data_file, 'w').write(runtime_data.strip() + '\n')
raise raise
finally: finally:
self.maxDiff = maxDiff self.maxDiff = maxDiff
...@@ -413,21 +420,26 @@ class TestDataMixin(object): ...@@ -413,21 +420,26 @@ class TestDataMixin(object):
def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT, def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
headers=None, cookies=None, source_ip=None): headers=None, cookies=None, source_ip=SOURCE_IP):
if headers is None: if headers is None:
headers = {} headers = {}
# workaround request problem of setting Accept-Encoding # workaround request problem of setting Accept-Encoding
# https://github.com/requests/requests/issues/2234 # https://github.com/requests/requests/issues/2234
headers.setdefault('Accept-Encoding', 'dummy') headers.setdefault('Accept-Encoding', 'dummy')
# Headers to tricks the whole system, like rouge user would do
headers.setdefault('X-Forwarded-For', '192.168.0.1')
headers.setdefault('X-Forwarded-Proto', 'irc')
headers.setdefault('X-Forwarded-Port', '17')
session = requests.Session() session = requests.Session()
session.mount(
'https://%s:%s' % (domain, port),
ForcedIPHTTPSAdapter(
dest_ip=real_ip))
if source_ip is not None: if source_ip is not None:
new_source = source.SourceAddressAdapter(source_ip) new_source = source.SourceAddressAdapter(source_ip)
session.mount('http://', new_source) session.mount('http://', new_source)
session.mount('https://', new_source) session.mount('https://', new_source)
socket_getaddrinfo = socket.getaddrinfo
try:
add_custom_dns(domain, port, real_ip)
socket.getaddrinfo = new_getaddrinfo
return session.get( return session.get(
'https://%s:%s/%s' % (domain, port, path), 'https://%s:%s/%s' % (domain, port, path),
verify=False, verify=False,
...@@ -435,17 +447,28 @@ def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT, ...@@ -435,17 +447,28 @@ def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
headers=headers, headers=headers,
cookies=cookies cookies=cookies
) )
finally:
socket.getaddrinfo = socket_getaddrinfo
def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT, def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT,
headers=None): headers=None, source_ip=SOURCE_IP):
if headers is None: if headers is None:
headers = {} headers = {}
# workaround request problem of setting Accept-Encoding # workaround request problem of setting Accept-Encoding
# https://github.com/requests/requests/issues/2234 # https://github.com/requests/requests/issues/2234
headers.setdefault('Accept-Encoding', 'dummy') headers.setdefault('Accept-Encoding', 'dummy')
headers['Host'] = domain # Headers to tricks the whole system, like rouge user would do
return requests.get( headers.setdefault('X-Forwarded-For', '192.168.0.1')
headers.setdefault('X-Forwarded-Proto', 'irc')
headers.setdefault('X-Forwarded-Port', '17')
headers['Host'] = '%s:%s' % (domain, port)
session = requests.Session()
if source_ip is not None:
new_source = source.SourceAddressAdapter(source_ip)
session.mount('http://', new_source)
session.mount('https://', new_source)
return session.get(
'http://%s:%s/%s' % (real_ip, port, path), 'http://%s:%s/%s' % (real_ip, port, path),
headers=headers, headers=headers,
allow_redirects=False, allow_redirects=False,
...@@ -1044,73 +1067,11 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin): ...@@ -1044,73 +1067,11 @@ class TestMasterRequest(HttpFrontendTestCase, TestDataMixin):
class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
caddy_custom_https = '''# caddy_custom_https_filled_in_accepted
https://caddycustomhttpsaccepted.example.com:%%(https_port)s {
bind %%(local_ipv4)s
tls %%(certificate)s %%(certificate)s
log / %%(access_log)s {combined}
errors %%(error_log)s
proxy / %(url)s {
transparent
timeout 600s
insecure_skip_verify
}
}
'''
caddy_custom_http = '''# caddy_custom_http_filled_in_accepted
http://caddycustomhttpsaccepted.example.com:%%(http_port)s {
bind %%(local_ipv4)s
log / %%(access_log)s {combined}
errors %%(error_log)s
proxy / %(url)s {
transparent
timeout 600s
insecure_skip_verify
}
}
'''
apache_custom_https = '''# apache_custom_https_filled_in_accepted
https://apachecustomhttpsaccepted.example.com:%%(https_port)s {
bind %%(local_ipv4)s
tls %%(certificate)s %%(certificate)s
log / %%(access_log)s {combined}
errors %%(error_log)s
proxy / %(url)s {
transparent
timeout 600s
insecure_skip_verify
}
}
'''
apache_custom_http = '''# apache_custom_http_filled_in_accepted
http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
bind %%(local_ipv4)s
log / %%(access_log)s {combined}
errors %%(error_log)s
proxy / %(url)s {
transparent
timeout 600s
insecure_skip_verify
}
}
'''
@classmethod @classmethod
def getInstanceParameterDict(cls): def getInstanceParameterDict(cls):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address, 'public-ipv4': cls._ipv4_address,
'-frontend-authorized-slave-string':
'_apache_custom_http_s-accepted _caddy_custom_http_s-accepted',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
...@@ -1344,36 +1305,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1344,36 +1305,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'enable-http2-default': { 'enable-http2-default': {
'url': cls.backend_url, 'url': cls.backend_url,
}, },
# 'apache_custom_http_s-rejected': {
# 'url': cls.backend_url,
# 'apache_custom_https': '# apache_custom_https_filled_in_rejected',
# 'apache_custom_http': '# apache_custom_http_filled_in_rejected',
# },
'apache_custom_http_s-accepted': {
'url': cls.backend_url,
'apache_custom_https': cls.apache_custom_https % dict(
url=cls.backend_url),
'apache_custom_http': cls.apache_custom_http % dict(
url=cls.backend_url),
},
# 'caddy_custom_http_s-rejected': {
# 'url': cls.backend_url,
# 'caddy_custom_https': '# caddy_custom_https_filled_in_rejected',
# 'caddy_custom_http': '# caddy_custom_http_filled_in_rejected',
# },
'caddy_custom_http_s-accepted': {
'url': cls.backend_url,
'caddy_custom_https': cls.caddy_custom_https % dict(
url=cls.backend_url),
'caddy_custom_http': cls.caddy_custom_http % dict(
url=cls.backend_url),
},
# # this has to be rejected
# 'caddy_custom_http_s': {
# 'url': cls.backend_url,
# 'caddy_custom_https': '# caddy_custom_https_filled_in_rejected_2',
# 'caddy_custom_http': '# caddy_custom_http_filled_in_rejected_2',
# },
'prefer-gzip-encoding-to-backend': { 'prefer-gzip-encoding-to-backend': {
'url': cls.backend_url, 'url': cls.backend_url,
'prefer-gzip-encoding-to-backend': 'true', 'prefer-gzip-encoding-to-backend': 'true',
...@@ -1393,9 +1324,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1393,9 +1324,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'monitor-ipv6-test': { 'monitor-ipv6-test': {
'monitor-ipv6-test': 'monitor-ipv6-test', 'monitor-ipv6-test': 'monitor-ipv6-test',
}, },
're6st-optimal-test': {
're6st-optimal-test': 'ipv6,ipv4',
},
'ciphers': { 'ciphers': {
'ciphers': 'RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA', 'ciphers': 'RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA',
} }
...@@ -1572,9 +1500,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1572,9 +1500,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
expected_parameter_dict = { expected_parameter_dict = {
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address, 'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '54', 'accepted-slave-amount': '51',
'rejected-slave-amount': '0', 'rejected-slave-amount': '0',
'slave-amount': '54', 'slave-amount': '51',
'rejected-slave-dict': { 'rejected-slave-dict': {
} }
} }
...@@ -1647,7 +1575,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1647,7 +1575,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://empty.example.com/test-path', 'https://empty.example.com:%s/test-path' % (HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
) )
...@@ -1682,6 +1610,33 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1682,6 +1610,33 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertFalse('connection-parameter-hash' in line) self.assertFalse('connection-parameter-hash' in line)
self.assertFalse('timestamp' in line) self.assertFalse('timestamp' in line)
def assertBackendHeaders(
self, backend_header_dict, domain, source_ip=SOURCE_IP, port=HTTPS_PORT,
proto='https', ignore_header_list=None):
if ignore_header_list is None:
ignore_header_list = []
self.assertFalse('remote_user' in backend_header_dict.keys())
self.assertFalse('x-forwarded-for-real' in backend_header_dict.keys())
if 'Host' not in ignore_header_list:
self.assertEqual(
backend_header_dict['host'],
'%s:%s' % (domain, port))
# XXX It's really hard to play with Caddy headers, thus we have to keep
# some of them. As other solutions will come in future, more control
# over sent X-Forwarded-For will be possible
self.assertEqual(
backend_header_dict['x-forwarded-for'].split(',')[0],
source_ip
)
self.assertEqual(
backend_header_dict['x-forwarded-port'],
port
)
self.assertEqual(
backend_header_dict['x-forwarded-proto'],
proto
)
def test_url(self): def test_url(self):
parameter_dict = self.assertSlaveBase('Url') parameter_dict = self.assertSlaveBase('Url')
...@@ -1704,11 +1659,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1704,11 +1659,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqual(j['Incoming Headers']['timeout'], '10') self.assertEqual(j['Incoming Headers']['timeout'], '10')
self.assertFalse('Content-Encoding' in result.headers) self.assertFalse('Content-Encoding' in result.headers)
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'secured=value;secure, nonsecured=value', 'secured=value;secure, nonsecured=value',
...@@ -1725,7 +1679,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1725,7 +1679,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://url.example.com/test-path/deeper', 'https://url.example.com:%s/test-path/deeper' % (HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
) )
...@@ -2350,7 +2304,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2350,7 +2304,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys()) self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -2369,7 +2323,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2369,7 +2323,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://typezope.example.com/test-path/deep/.././deeper', 'https://typezope.example.com:%s/test-path/deep/.././deeper' % (
HTTP_PORT,),
result.headers['Location'] result.headers['Location']
) )
...@@ -2389,7 +2344,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2389,7 +2344,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys()) self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -2424,7 +2379,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2424,7 +2379,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys()) self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -2467,7 +2422,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2467,7 +2422,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys()) self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -2487,7 +2442,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2487,7 +2442,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://%s/test-path/deep/.././deeper' % (parameter_dict['domain'],), 'https://%s:%s/test-path/deep/.././deeper' % (
parameter_dict['domain'], HTTP_PORT),
result.headers['Location'] result.headers['Location']
) )
...@@ -2504,7 +2460,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2504,7 +2460,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys()) self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -2527,7 +2483,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2527,7 +2483,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://%s/test-path/deep/.././deeper' % (parameter_dict['domain'],), 'https://%s:%s/test-path/deep/.././deeper' % (
parameter_dict['domain'], HTTP_PORT),
result.headers['Location'] result.headers['Location']
) )
...@@ -2626,6 +2583,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2626,6 +2583,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -2655,6 +2613,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2655,6 +2613,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
parsed = urlparse.urlparse(self.backend_url)
self.assertBackendHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
ignore_header_list=['Host'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -2686,6 +2648,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2686,6 +2648,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertFalse('connection' in j['Incoming Headers'].keys()) self.assertFalse('connection' in j['Incoming Headers'].keys())
self.assertTrue('x-real-ip' in j['Incoming Headers']) self.assertTrue('x-real-ip' in j['Incoming Headers'])
...@@ -2704,6 +2667,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2704,6 +2667,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -2725,6 +2689,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2725,6 +2689,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -2755,6 +2720,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2755,6 +2720,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
parsed = urlparse.urlparse(self.backend_url)
self.assertBackendHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
ignore_header_list=['Host'])
self.assertFalse('connection' in j['Incoming Headers'].keys()) self.assertFalse('connection' in j['Incoming Headers'].keys())
self.assertFalse('x-real-ip' in j['Incoming Headers']) self.assertFalse('x-real-ip' in j['Incoming Headers'])
...@@ -2773,6 +2742,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2773,6 +2742,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
ignore_header_list=['Host'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -2794,6 +2766,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2794,6 +2766,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertBackendHeaders(
j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
ignore_header_list=['Host'])
self.assertEqual( self.assertEqual(
'Upgrade', 'Upgrade',
j['Incoming Headers']['connection'] j['Incoming Headers']['connection']
...@@ -2910,7 +2885,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2910,7 +2885,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://sslproxyverifysslproxycacrtunverified.example.com/test-path', 'https://sslproxyverifysslproxycacrtunverified.example.com:%s/'
'test-path' % (HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
) )
...@@ -2930,7 +2906,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2930,7 +2906,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys()) self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertFalse('Content-Encoding' in result.headers) self.assertFalse('Content-Encoding' in result.headers)
...@@ -2948,7 +2924,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2948,7 +2924,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://sslproxyverifysslproxycacrt.example.com/test-path', 'https://sslproxyverifysslproxycacrt.example.com:%s/test-path' % (
HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
) )
...@@ -3021,8 +2998,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3021,8 +2998,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://enablecachesslproxyverifysslproxycacrtunverified.example.com/' 'https://enablecachesslproxyverifysslproxycacrtunverified.example.com'
'test-path/deeper', ':%s/test-path/deeper' % (HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
) )
...@@ -3159,8 +3136,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3159,8 +3136,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://typezopesslproxyverifysslproxycacrtunverified.example.com/' 'https://typezopesslproxyverifysslproxycacrtunverified.example.com:%s/'
'test-path', 'test-path' % (HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
) )
...@@ -3179,7 +3156,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3179,7 +3156,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
j = result.json() j = result.json()
except Exception: except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,)) raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys()) self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
self.assertEqualResultJson( self.assertEqualResultJson(
result, result,
...@@ -3198,7 +3175,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3198,7 +3175,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://typezopesslproxyverifysslproxycacrt.example.com/test-path', 'https://typezopesslproxyverifysslproxycacrt.example.com:'
'%s/test-path' % (HTTP_PORT,),
result.headers['Location'] result.headers['Location']
) )
...@@ -3238,7 +3216,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3238,7 +3216,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://monitoripv6test.example.com/test-path', 'https://monitoripv6test.example.com:%s/test-path' % (HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
) )
...@@ -3275,7 +3253,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3275,7 +3253,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://monitoripv4test.example.com/test-path', 'https://monitoripv4test.example.com:%s/test-path' % (HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
) )
...@@ -3293,44 +3271,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3293,44 +3271,6 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
} }
) )
def test_re6st_optimal_test(self):
parameter_dict = self.assertSlaveBase('re6st-optimal-test')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(httplib.NOT_FOUND, result.status_code)
result_http = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
httplib.FOUND,
result_http.status_code
)
self.assertEqual(
'https://re6stoptimaltest.example.com/test-path',
result_http.headers['Location']
)
monitor_file = glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'plugin',
'check-_re6st-optimal-test-re6st-optimal-test.py'))[0]
# get promise module and check that parameters are ok
self.assertEqual(
getPluginParameterDict(self.software_path, monitor_file),
{
'frequency': '720',
'ipv4': 'ipv4',
'ipv6': 'ipv6'
}
)
def test_ciphers(self): def test_ciphers(self):
parameter_dict = self.assertSlaveBase('ciphers') parameter_dict = self.assertSlaveBase('ciphers')
...@@ -3352,7 +3292,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3352,7 +3292,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://ciphers.example.com/test-path', 'https://ciphers.example.com:%s/test-path' % (HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
) )
...@@ -3414,6 +3354,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3414,6 +3354,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
via = backend_headers.pop('via', None) via = backend_headers.pop('via', None)
self.assertNotEqual(via, None) self.assertNotEqual(via, None)
self.assertRegexpMatches( self.assertRegexpMatches(
...@@ -3455,6 +3396,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3455,6 +3396,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
via = backend_headers.pop('via', None) via = backend_headers.pop('via', None)
self.assertNotEqual(via, None) self.assertNotEqual(via, None)
self.assertRegexpMatches( self.assertRegexpMatches(
...@@ -3473,18 +3415,23 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3473,18 +3415,23 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://enablecacheserveralias1.example.com/test-path/deeper', 'https://enablecacheserveralias1.example.com:%s/test-path/deeper' % (
HTTP_PORT,),
result.headers['Location'] result.headers['Location']
) )
def test_enable_cache(self): def test_enable_cache(self):
parameter_dict = self.assertSlaveBase('enable_cache') parameter_dict = self.assertSlaveBase('enable_cache')
source_ip = '127.0.0.1'
result = fakeHTTPSResult( result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper', headers={ 'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-' 'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'}) 'revalidate=3600, stale-if-error=3600',
},
source_ip=source_ip
)
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
...@@ -3511,6 +3458,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3511,6 +3458,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
via = backend_headers.pop('via', None) via = backend_headers.pop('via', None)
self.assertNotEqual(via, None) self.assertNotEqual(via, None)
self.assertRegexpMatches( self.assertRegexpMatches(
...@@ -3576,6 +3524,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3576,6 +3524,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
via = backend_headers.pop('via', None) via = backend_headers.pop('via', None)
self.assertNotEqual(via, None) self.assertNotEqual(via, None)
self.assertRegexpMatches( self.assertRegexpMatches(
...@@ -3743,6 +3692,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3743,6 +3692,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
via = backend_headers.pop('via', None) via = backend_headers.pop('via', None)
self.assertNotEqual(via, None) self.assertNotEqual(via, None)
self.assertRegexpMatches( self.assertRegexpMatches(
...@@ -3789,6 +3739,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3789,6 +3739,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
backend_headers = result.json()['Incoming Headers'] backend_headers = result.json()['Incoming Headers']
self.assertBackendHeaders(backend_headers, parameter_dict['domain'])
via = backend_headers.pop('via', None) via = backend_headers.pop('via', None)
self.assertNotEqual(via, None) self.assertNotEqual(via, None)
self.assertRegexpMatches( self.assertRegexpMatches(
...@@ -3879,6 +3830,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3879,6 +3830,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
...@@ -3889,6 +3842,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3889,6 +3842,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding']) 'deflate', result.json()['Incoming Headers']['accept-encoding'])
...@@ -3915,6 +3870,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3915,6 +3870,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'],
port=HTTP_PORT, proto='http')
self.assertEqual( self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
...@@ -3925,6 +3883,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3925,6 +3883,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'],
port=HTTP_PORT, proto='http')
self.assertEqual( self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding']) 'deflate', result.json()['Incoming Headers']['accept-encoding'])
...@@ -3955,6 +3916,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3955,6 +3916,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
...@@ -3965,6 +3928,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3965,6 +3928,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertBackendHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding']) 'deflate', result.json()['Incoming Headers']['accept-encoding'])
...@@ -3995,7 +3960,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3995,7 +3960,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://%s/test-path/deeper' % (parameter_dict['domain'],), 'https://%s:%s/test-path/deeper' % (parameter_dict['domain'], HTTP_PORT),
result.headers['Location'] result.headers['Location']
) )
...@@ -4010,7 +3975,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -4010,7 +3975,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://%s/test-path/deeper' % (parameter_dict['domain'],), 'https://%s:%s/test-path/deeper' % (parameter_dict['domain'], HTTP_PORT),
result.headers['Location'] result.headers['Location']
) )
...@@ -4024,7 +3989,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -4024,7 +3989,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://%s/test-path/deeper' % (parameter_dict['domain'],), 'https://%s:%s/test-path/deeper' % (parameter_dict['domain'], HTTP_PORT),
result.headers['Location'] result.headers['Location']
) )
...@@ -4038,7 +4003,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -4038,7 +4003,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://%s/test-path/deeper' % (parameter_dict['domain'],), 'https://%s:%s/test-path/deeper' % (parameter_dict['domain'], HTTP_PORT),
result.headers['Location'] result.headers['Location']
) )
...@@ -4059,189 +4024,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -4059,189 +4024,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertBackendHeaders(
result.json()['Incoming Headers'], parameter_dict['domain'])
self.assertEqual( self.assertEqual(
'Coffee=present', result.json()['Incoming Headers']['cookie']) 'Coffee=present', result.json()['Incoming Headers']['cookie'])
@skip('Not implemented in new test system')
def test_apache_custom_http_s_rejected(self):
parameter_dict = self.parseSlaveParameterDict(
'apache_custom_http_s-rejected')
self.assertEqual(
{
'request-error-list': ["slave not authorized"]
},
parameter_dict)
slave_configuration_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
# no configuration file contains provided custom http
configuration_file_with_custom_https_list = [
q for q in slave_configuration_file_list
if 'apache_custom_https_filled_in_rejected' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_https_list)
configuration_file_with_custom_http_list = [
q for q in slave_configuration_file_list
if 'apache_custom_http_filled_in_rejected' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_http_list)
def test_apache_custom_http_s_accepted(self):
parameter_dict = self.parseSlaveParameterDict(
'apache_custom_http_s-accepted')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{'replication_number': '1', 'public-ipv4': self._ipv4_address},
parameter_dict
)
result = fakeHTTPSResult(
'apachecustomhttpsaccepted.example.com',
parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
headers = result.headers.copy()
self.assertKeyWithPop('Server', headers)
self.assertKeyWithPop('Date', headers)
# drop vary-keys
headers.pop('Content-Length', None)
headers.pop('Transfer-Encoding', None)
headers.pop('Connection', None)
headers.pop('Keep-Alive', None)
self.assertEqual(
{
'Content-type': 'application/json',
'Set-Cookie': 'secured=value;secure, nonsecured=value'
},
headers
)
result_http = fakeHTTPResult(
'apachecustomhttpsaccepted.example.com',
parameter_dict['public-ipv4'], 'test-path')
self.assertEqualResultJson(result_http, 'Path', '/test-path')
slave_configuration_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
# no configuration file contains provided custom http
configuration_file_with_custom_https_list = [
q for q in slave_configuration_file_list
if 'apache_custom_https_filled_in_accepted' in open(q).read()]
self.assertEqual(1, len(configuration_file_with_custom_https_list))
configuration_file_with_custom_http_list = [
q for q in slave_configuration_file_list
if 'apache_custom_http_filled_in_accepted' in open(q).read()]
self.assertEqual(1, len(configuration_file_with_custom_http_list))
@skip('Not implemented in new test system')
def test_caddy_custom_http_s_rejected(self):
parameter_dict = self.parseSlaveParameterDict(
'caddy_custom_http_s-rejected')
self.assertEqual(
{
'request-error-list': ["slave not authorized"]
},
parameter_dict)
slave_configuration_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
# no configuration file contains provided custom http
configuration_file_with_custom_https_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_https_filled_in_rejected' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_https_list)
configuration_file_with_custom_http_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_http_filled_in_rejected' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_http_list)
@skip('Not implemented in new test system')
def test_caddy_custom_http_s(self):
parameter_dict = self.parseSlaveParameterDict(
'caddy_custom_http_s')
self.assertEqual(
{
'request-error-list': ["slave not authorized"]
},
parameter_dict)
slave_configuration_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
# no configuration file contains provided custom http
configuration_file_with_custom_https_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_https_filled_in_rejected_2' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_https_list)
configuration_file_with_custom_http_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_http_filled_in_rejected_2' in open(q).read()]
self.assertEqual([], configuration_file_with_custom_http_list)
def test_caddy_custom_http_s_accepted(self):
parameter_dict = self.parseSlaveParameterDict(
'caddy_custom_http_s-accepted')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{'replication_number': '1', 'public-ipv4': self._ipv4_address},
parameter_dict
)
result = fakeHTTPSResult(
'caddycustomhttpsaccepted.example.com',
parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
headers = result.headers.copy()
self.assertKeyWithPop('Server', headers)
self.assertKeyWithPop('Date', headers)
# drop vary-keys
headers.pop('Content-Length', None)
headers.pop('Transfer-Encoding', None)
headers.pop('Connection', None)
headers.pop('Keep-Alive', None)
self.assertEqual(
{
'Content-type': 'application/json',
'Set-Cookie': 'secured=value;secure, nonsecured=value'
},
headers
)
result_http = fakeHTTPResult(
'caddycustomhttpsaccepted.example.com',
parameter_dict['public-ipv4'], 'test-path')
self.assertEqualResultJson(result_http, 'Path', '/test-path')
slave_configuration_file_list = glob.glob(os.path.join(
self.instance_path, '*', 'etc', '*slave-conf.d', '*.conf'))
# no configuration file contains provided custom http
configuration_file_with_custom_https_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_https_filled_in_accepted' in open(q).read()]
self.assertEqual(1, len(configuration_file_with_custom_https_list))
configuration_file_with_custom_http_list = [
q for q in slave_configuration_file_list
if 'caddy_custom_http_filled_in_accepted' in open(q).read()]
self.assertEqual(1, len(configuration_file_with_custom_http_list))
def test_https_url(self): def test_https_url(self):
parameter_dict = self.assertSlaveBase('url_https-url') parameter_dict = self.assertSlaveBase('url_https-url')
...@@ -4265,7 +4052,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -4265,7 +4052,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
) )
self.assertEqual( self.assertEqual(
'https://urlhttpsurl.example.com/test-path/deeper', 'https://urlhttpsurl.example.com:%s/test-path/deeper' % (HTTP_PORT,),
result_http.headers['Location'] result_http.headers['Location']
) )
...@@ -4822,104 +4609,6 @@ class TestDefaultMonitorHttpdPort(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4822,104 +4609,6 @@ class TestDefaultMonitorHttpdPort(SlaveHttpFrontendTestCase, TestDataMixin):
'Listen [%s]:8072' % (self._ipv6_address,) in slave_monitor_conf) 'Listen [%s]:8072' % (self._ipv6_address,) in slave_monitor_conf)
class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'enable-quic': 'true',
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'mpm-graceful-shutdown-timeout': 2,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
}
@classmethod
def getSlaveParameterDictDict(cls):
return {
'url': {
'url': cls.backend_url,
'enable_cache': True,
},
}
# It is known problem that QUIC does not work after sending reload signal,
# SIGUSR1, see https://github.com/mholt/caddy/issues/2394
@expectedFailure
def test_url(self):
parameter_dict = self.parseSlaveParameterDict('url')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'url.example.com',
'replication_number': '1',
'url': 'http://url.example.com',
'site_url': 'http://url.example.com',
'secure_access': 'https://url.example.com',
'public-ipv4': self._ipv4_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
try:
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertKeyWithPop('Date', result.headers)
self.assertKeyWithPop('Content-Length', result.headers)
def assertQUIC():
quic_status, quic_result = getQUIC(
'https://%s/%s' % (parameter_dict['domain'], 'test-path'),
parameter_dict['public-ipv4'],
HTTPS_PORT
)
self.assertTrue(quic_status, quic_result)
try:
quic_jsoned = quic_result.split('body: ')[2].split('trailers')[0]
except Exception:
raise ValueError('JSON not found at all in QUIC result:\n%s' % (
quic_result,))
try:
j = json.loads(quic_jsoned)
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (quic_jsoned,))
key = 'Path'
self.assertTrue(key in j, 'No key %r in %s' % (key, j))
self.assertEqual('/test-path', j[key])
assertQUIC()
# https://github.com/mholt/caddy/issues/2394
# after sending USR1 to Caddy QUIC does not work, check current behaviour
caddy_pid = [
q['pid'] for q
in self.callSupervisorMethod('getAllProcessInfo')
if 'frontend_caddy' in q['name']][0]
os.kill(caddy_pid, signal.SIGUSR1)
# give caddy a moment to refresh its config, as sending signal does not
# block until caddy is refreshed
time.sleep(2)
assertQUIC()
@skip('New test system cannot be used with failing promises') @skip('New test system cannot be used with failing promises')
class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod @classmethod
...@@ -4937,13 +4626,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4937,13 +4626,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod @classmethod
def getSlaveParameterDictDict(cls): def getSlaveParameterDictDict(cls):
return { return {
're6st-optimal-test-nocomma': {
're6st-optimal-test': 'nocomma',
},
're6st-optimal-test-unsafe': {
're6st-optimal-test':
'new\nline;rm -fr ~;,new line\n[s${esection:eoption}',
},
'custom_domain-unsafe': { 'custom_domain-unsafe': {
'custom_domain': '${section:option} afterspace\nafternewline', 'custom_domain': '${section:option} afterspace\nafternewline',
}, },
...@@ -4989,9 +4671,9 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -4989,9 +4671,9 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
expected_parameter_dict = { expected_parameter_dict = {
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address, 'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '8', 'accepted-slave-amount': '6',
'rejected-slave-amount': '3', 'rejected-slave-amount': '3',
'slave-amount': '11', 'slave-amount': '9',
'rejected-slave-dict': { 'rejected-slave-dict': {
'_bad-ciphers': [ '_bad-ciphers': [
"Cipher 'bad' is not supported.", "Cipher 'bad' is not supported.",
...@@ -5037,83 +4719,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -5037,83 +4719,6 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
def test_re6st_optimal_test_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('re6st-optimal-test-unsafe')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{
'domain': 're6stoptimaltestunsafe.example.com',
'replication_number': '1',
'url': 'http://re6stoptimaltestunsafe.example.com',
'site_url': 'http://re6stoptimaltestunsafe.example.com',
'secure_access': 'https://re6stoptimaltestunsafe.example.com',
'public-ipv4': self._ipv4_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(httplib.NOT_FOUND, result.status_code)
monitor_file = glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'plugin',
'check-_re6st-optimal-test-unsafe-re6st-optimal-test.py'))[0]
# Note: The result is a bit differnt from the request (newlines stripped),
# but good enough to prove, that ${esection:eoption} has been
# correctly passed to the script.
self.assertEqual(
getPluginParameterDict(self.software_path, monitor_file),
{
'frequency': '720',
'ipv4': 'new line\n[s${esection:eoption}',
'ipv6': 'new\nline;rm -fr ~;',
}
)
def test_re6st_optimal_test_nocomma(self):
parameter_dict = self.parseSlaveParameterDict('re6st-optimal-test-nocomma')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{
'domain': 're6stoptimaltestnocomma.example.com',
'replication_number': '1',
'url': 'http://re6stoptimaltestnocomma.example.com',
'site_url': 'http://re6stoptimaltestnocomma.example.com',
'secure_access': 'https://re6stoptimaltestnocomma.example.com',
'public-ipv4': self._ipv4_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(httplib.NOT_FOUND, result.status_code)
# assert that there is no nocomma file
monitor_file_list = glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'plugin',
'check-_re6st-optimal-test-nocomma-re6st-optimal-test.py'))
self.assertEqual(
[],
monitor_file_list
)
def test_custom_domain_unsafe(self): def test_custom_domain_unsafe(self):
parameter_dict = self.parseSlaveParameterDict('custom_domain-unsafe') parameter_dict = self.parseSlaveParameterDict('custom_domain-unsafe')
self.assertEqual( self.assertEqual(
...@@ -6585,8 +6190,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -6585,8 +6190,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
return { return {
'domain': 'example.com', 'domain': 'example.com',
'public-ipv4': cls._ipv4_address, 'public-ipv4': cls._ipv4_address,
'-frontend-authorized-slave-string':
'_apache_custom_http_s-accepted _caddy_custom_http_s-accepted',
'port': HTTPS_PORT, 'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT, 'plain_http_port': HTTP_PORT,
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
......
...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log ...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_error_log T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_access_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_error_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_access_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_error_log
T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
...@@ -76,8 +72,6 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log ...@@ -76,8 +72,6 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_re6st-optimal-test_access_log
T-2/var/log/httpd/_re6st-optimal-test_error_log
T-2/var/log/httpd/_server-alias-duplicated_access_log T-2/var/log/httpd/_server-alias-duplicated_access_log
T-2/var/log/httpd/_server-alias-duplicated_error_log T-2/var/log/httpd/_server-alias-duplicated_error_log
T-2/var/log/httpd/_server-alias-wildcard_access_log T-2/var/log/httpd/_server-alias-wildcard_access_log
......
...@@ -27,7 +27,6 @@ T-2/etc/plugin/caddy_ssl_cached.py ...@@ -27,7 +27,6 @@ T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
T-2/etc/plugin/check-_re6st-optimal-test-re6st-optimal-test.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-caddy-configuration-promise.py
......
T-2/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test T-2/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test
T-2/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test T-2/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test
T-2/etc/monitor-promise/check-_re6st-optimal-test-re6st-optimal-test
...@@ -12,10 +12,6 @@ T-2/var/log/httpd/_monitor-ipv4-test-unsafe_access_log ...@@ -12,10 +12,6 @@ T-2/var/log/httpd/_monitor-ipv4-test-unsafe_access_log
T-2/var/log/httpd/_monitor-ipv4-test-unsafe_error_log T-2/var/log/httpd/_monitor-ipv4-test-unsafe_error_log
T-2/var/log/httpd/_monitor-ipv6-test-unsafe_access_log T-2/var/log/httpd/_monitor-ipv6-test-unsafe_access_log
T-2/var/log/httpd/_monitor-ipv6-test-unsafe_error_log T-2/var/log/httpd/_monitor-ipv6-test-unsafe_error_log
T-2/var/log/httpd/_re6st-optimal-test-nocomma_access_log
T-2/var/log/httpd/_re6st-optimal-test-nocomma_error_log
T-2/var/log/httpd/_re6st-optimal-test-unsafe_access_log
T-2/var/log/httpd/_re6st-optimal-test-unsafe_error_log
T-2/var/log/httpd/_server-alias-same_access_log T-2/var/log/httpd/_server-alias-same_access_log
T-2/var/log/httpd/_server-alias-same_error_log T-2/var/log/httpd/_server-alias-same_error_log
T-2/var/log/httpd/_virtualhostroot-http-port-unsafe_access_log T-2/var/log/httpd/_virtualhostroot-http-port-unsafe_access_log
......
T-2/etc/monitor-promise/check-_monitor-ipv4-test-unsafe-ipv4-packet-list-test T-2/etc/monitor-promise/check-_monitor-ipv4-test-unsafe-ipv4-packet-list-test
T-2/etc/monitor-promise/check-_monitor-ipv6-test-unsafe-ipv6-packet-list-test T-2/etc/monitor-promise/check-_monitor-ipv6-test-unsafe-ipv6-packet-list-test
T-2/etc/monitor-promise/check-_re6st-optimal-test-unsafe-re6st-optimal-test
...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log ...@@ -26,10 +26,6 @@ T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_error_log T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_access_log
T-2/var/log/httpd/_apache_custom_http_s-accepted_error_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_access_log
T-2/var/log/httpd/_caddy_custom_http_s-accepted_error_log
T-2/var/log/httpd/_ciphers_access_log T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log T-2/var/log/httpd/_custom_domain_access_log
...@@ -76,8 +72,6 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log ...@@ -76,8 +72,6 @@ T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_re6st-optimal-test_access_log
T-2/var/log/httpd/_re6st-optimal-test_error_log
T-2/var/log/httpd/_server-alias-duplicated_access_log T-2/var/log/httpd/_server-alias-duplicated_access_log
T-2/var/log/httpd/_server-alias-duplicated_error_log T-2/var/log/httpd/_server-alias-duplicated_error_log
T-2/var/log/httpd/_server-alias-wildcard_access_log T-2/var/log/httpd/_server-alias-wildcard_access_log
......
...@@ -27,7 +27,6 @@ T-2/etc/plugin/caddy_ssl_cached.py ...@@ -27,7 +27,6 @@ T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
T-2/etc/plugin/check-_re6st-optimal-test-re6st-optimal-test.py
T-2/etc/plugin/check-free-disk-space.py T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py T-2/etc/plugin/frontend-caddy-configuration-promise.py
......
T-1/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test T-1/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test
T-1/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test T-1/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test
T-1/etc/monitor-promise/check-_re6st-optimal-test-re6st-optimal-test
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_dummy-cached_access_log
T-2/var/log/httpd-cache-direct/_dummy-cached_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_dummy-cached_access_log
T-2/var/log/httpd/_dummy-cached_error_log
T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable-http2-true_access_log
T-2/var/log/httpd/_enable-http2-true_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_url_access_log
T-2/var/log/httpd-cache-direct/_url_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_url_access_log
T-2/var/log/httpd/_url_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_default_access_log
T-2/var/log/httpd-cache-direct/_default_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_default_access_log
T-2/var/log/httpd/_default_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_access_log
T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_error_log
T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_access_log
T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_error_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
T-2/var/log/httpd-cache-direct/_enable_cache_access_log
T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_access_log
T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_error_log
T-2/var/log/httpd-cache-direct/_enable_cache_error_log
T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_access_log
T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log
T-2/var/log/httpd/_custom_domain_error_log
T-2/var/log/httpd/_custom_domain_server_alias_access_log
T-2/var/log/httpd/_custom_domain_server_alias_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
T-2/var/log/httpd/_custom_domain_wildcard_access_log
T-2/var/log/httpd/_custom_domain_wildcard_error_log
T-2/var/log/httpd/_disabled-cookie-list_access_log
T-2/var/log/httpd/_disabled-cookie-list_error_log
T-2/var/log/httpd/_empty_access_log
T-2/var/log/httpd/_empty_error_log
T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable_cache-disable-no-cache-request_access_log
T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
T-2/var/log/httpd/_enable_cache_access_log
T-2/var/log/httpd/_enable_cache_custom_domain_access_log
T-2/var/log/httpd/_enable_cache_custom_domain_error_log
T-2/var/log/httpd/_enable_cache_error_log
T-2/var/log/httpd/_enable_cache_server_alias_access_log
T-2/var/log/httpd/_enable_cache_server_alias_error_log
T-2/var/log/httpd/_https-only_access_log
T-2/var/log/httpd/_https-only_error_log
T-2/var/log/httpd/_monitor-ipv4-test_access_log
T-2/var/log/httpd/_monitor-ipv4-test_error_log
T-2/var/log/httpd/_monitor-ipv6-test_access_log
T-2/var/log/httpd/_monitor-ipv6-test_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_server-alias-duplicated_access_log
T-2/var/log/httpd/_server-alias-duplicated_error_log
T-2/var/log/httpd/_server-alias-wildcard_access_log
T-2/var/log/httpd/_server-alias-wildcard_error_log
T-2/var/log/httpd/_server-alias_access_log
T-2/var/log/httpd/_server-alias_custom_domain-duplicated_access_log
T-2/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
T-2/var/log/httpd/_server-alias_error_log
T-2/var/log/httpd/_ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd/_ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_error_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
T-2/var/log/httpd/_ssl_ca_crt_only_access_log
T-2/var/log/httpd/_ssl_ca_crt_only_error_log
T-2/var/log/httpd/_type-notebook_access_log
T-2/var/log/httpd/_type-notebook_error_log
T-2/var/log/httpd/_type-redirect_access_log
T-2/var/log/httpd/_type-redirect_error_log
T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_access_log
T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_error_log
T-2/var/log/httpd/_type-websocket-websocket-path-list_access_log
T-2/var/log/httpd/_type-websocket-websocket-path-list_error_log
T-2/var/log/httpd/_type-websocket-websocket-transparent-false_access_log
T-2/var/log/httpd/_type-websocket-websocket-transparent-false_error_log
T-2/var/log/httpd/_type-websocket_access_log
T-2/var/log/httpd/_type-websocket_error_log
T-2/var/log/httpd/_type-zope-default-path_access_log
T-2/var/log/httpd/_type-zope-default-path_error_log
T-2/var/log/httpd/_type-zope-path_access_log
T-2/var/log/httpd/_type-zope-path_error_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log
T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_error_log
T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_access_log
T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_error_log
T-2/var/log/httpd/_type-zope_access_log
T-2/var/log/httpd/_type-zope_error_log
T-2/var/log/httpd/_url_https-url_access_log
T-2/var/log/httpd/_url_https-url_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
SetEnvIf Origin "^http(s)?://(.+\.)?(monitor\.app\.officejs\.com)$" ORIGIN_DOMAIN=$0
Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_default_ciphers_access_log
T-2/var/log/httpd-cache-direct/_default_ciphers_error_log
T-2/var/log/httpd-cache-direct/_own_ciphers_access_log
T-2/var/log/httpd-cache-direct/_own_ciphers_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_default_ciphers_access_log
T-2/var/log/httpd/_default_ciphers_error_log
T-2/var/log/httpd/_own_ciphers_access_log
T-2/var/log/httpd/_own_ciphers_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_access_log
T-2/var/log/httpd-cache-direct/_enable_cache-disable-no-cache-request_error_log
T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_access_log
T-2/var/log/httpd-cache-direct/_enable_cache-disable-via-header_error_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
T-2/var/log/httpd-cache-direct/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
T-2/var/log/httpd-cache-direct/_enable_cache_access_log
T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_access_log
T-2/var/log/httpd-cache-direct/_enable_cache_custom_domain_error_log
T-2/var/log/httpd-cache-direct/_enable_cache_error_log
T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_access_log
T-2/var/log/httpd-cache-direct/_enable_cache_server_alias_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_Url_access_log
T-2/var/log/httpd/_Url_error_log
T-2/var/log/httpd/_ciphers_access_log
T-2/var/log/httpd/_ciphers_error_log
T-2/var/log/httpd/_custom_domain_access_log
T-2/var/log/httpd/_custom_domain_error_log
T-2/var/log/httpd/_custom_domain_server_alias_access_log
T-2/var/log/httpd/_custom_domain_server_alias_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
T-2/var/log/httpd/_custom_domain_wildcard_access_log
T-2/var/log/httpd/_custom_domain_wildcard_error_log
T-2/var/log/httpd/_disabled-cookie-list_access_log
T-2/var/log/httpd/_disabled-cookie-list_error_log
T-2/var/log/httpd/_empty_access_log
T-2/var/log/httpd/_empty_error_log
T-2/var/log/httpd/_enable-http2-default_access_log
T-2/var/log/httpd/_enable-http2-default_error_log
T-2/var/log/httpd/_enable-http2-false_access_log
T-2/var/log/httpd/_enable-http2-false_error_log
T-2/var/log/httpd/_enable_cache-disable-no-cache-request_access_log
T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
T-2/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
T-2/var/log/httpd/_enable_cache_access_log
T-2/var/log/httpd/_enable_cache_custom_domain_access_log
T-2/var/log/httpd/_enable_cache_custom_domain_error_log
T-2/var/log/httpd/_enable_cache_error_log
T-2/var/log/httpd/_enable_cache_server_alias_access_log
T-2/var/log/httpd/_enable_cache_server_alias_error_log
T-2/var/log/httpd/_https-only_access_log
T-2/var/log/httpd/_https-only_error_log
T-2/var/log/httpd/_monitor-ipv4-test_access_log
T-2/var/log/httpd/_monitor-ipv4-test_error_log
T-2/var/log/httpd/_monitor-ipv6-test_access_log
T-2/var/log/httpd/_monitor-ipv6-test_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_server-alias-duplicated_access_log
T-2/var/log/httpd/_server-alias-duplicated_error_log
T-2/var/log/httpd/_server-alias-wildcard_access_log
T-2/var/log/httpd/_server-alias-wildcard_error_log
T-2/var/log/httpd/_server-alias_access_log
T-2/var/log/httpd/_server-alias_custom_domain-duplicated_access_log
T-2/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
T-2/var/log/httpd/_server-alias_error_log
T-2/var/log/httpd/_ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd/_ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log
T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_error_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
T-2/var/log/httpd/_ssl_ca_crt_only_access_log
T-2/var/log/httpd/_ssl_ca_crt_only_error_log
T-2/var/log/httpd/_type-notebook_access_log
T-2/var/log/httpd/_type-notebook_error_log
T-2/var/log/httpd/_type-redirect_access_log
T-2/var/log/httpd/_type-redirect_error_log
T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_access_log
T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_error_log
T-2/var/log/httpd/_type-websocket-websocket-path-list_access_log
T-2/var/log/httpd/_type-websocket-websocket-path-list_error_log
T-2/var/log/httpd/_type-websocket-websocket-transparent-false_access_log
T-2/var/log/httpd/_type-websocket-websocket-transparent-false_error_log
T-2/var/log/httpd/_type-websocket_access_log
T-2/var/log/httpd/_type-websocket_error_log
T-2/var/log/httpd/_type-zope-default-path_access_log
T-2/var/log/httpd/_type-zope-default-path_error_log
T-2/var/log/httpd/_type-zope-path_access_log
T-2/var/log/httpd/_type-zope-path_error_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_error_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log
T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_error_log
T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_access_log
T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_error_log
T-2/var/log/httpd/_type-zope_access_log
T-2/var/log/httpd/_type-zope_error_log
T-2/var/log/httpd/_url_https-url_access_log
T-2/var/log/httpd/_url_https-url_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
SetEnvIf Origin "^http(s)?://(.+\.)?(monitor\.app\.officejs\.com)$" ORIGIN_DOMAIN=$0
Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_ssl_from_master_access_log
T-2/var/log/httpd-cache-direct/_ssl_from_master_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_error_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_error_log
T-2/var/log/httpd/_ssl_from_slave_access_log
T-2/var/log/httpd/_ssl_from_slave_error_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_access_log
T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_error_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_access_log
T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_ssl_from_master_kedifa_overrides_master_certificate_access_log
T-2/var/log/httpd-cache-direct/_ssl_from_master_kedifa_overrides_master_certificate_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log
T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
T-0/etc/cron.d/logrotate
T-0/etc/cron.d/monitor-configurator
T-0/etc/cron.d/monitor-globalstate
T-0/etc/cron.d/monitor_collect
T-1/etc/cron.d/logrotate
T-1/etc/cron.d/monitor-configurator
T-1/etc/cron.d/monitor-globalstate
T-1/etc/cron.d/monitor_collect
T-2/etc/cron.d/logrotate
T-2/etc/cron.d/monitor-configurator
T-2/etc/cron.d/monitor-globalstate
T-2/etc/cron.d/monitor_collect
T-2/etc/cron.d/trafficserver-logrotate
T-0/var/log/monitor-httpd-access.log
T-0/var/log/monitor-httpd-error.log
T-0/var/log/slapgrid-T-0-error.log
T-1/var/log/expose-csr_id.log
T-1/var/log/kedifa.log
T-1/var/log/monitor-httpd-access.log
T-1/var/log/monitor-httpd-error.log
T-2/var/log/frontend-access.log
T-2/var/log/frontend-error.log
T-2/var/log/httpd-cache-direct/_ssl_from_master_access_log
T-2/var/log/httpd-cache-direct/_ssl_from_master_error_log
T-2/var/log/httpd-csr_id/expose-csr_id.log
T-2/var/log/httpd/_ssl_from_master_access_log
T-2/var/log/httpd/_ssl_from_master_error_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/trafficserver/manager.log
T-2/var/log/trafficserver/traffic.out
T-0/etc/plugin/__init__.py
T-0/etc/plugin/aikc-user-caucase-updater.py
T-0/etc/plugin/buildout-T-0-status.py
T-0/etc/plugin/check-free-disk-space.py
T-0/etc/plugin/monitor-bootstrap-status.py
T-0/etc/plugin/monitor-http-frontend.py
T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
T-0/etc/plugin/rejected-slave-publish-ip-port-listening.py
T-0/etc/plugin/rejected-slave.py
T-1/etc/plugin/__init__.py
T-1/etc/plugin/buildout-T-1-status.py
T-1/etc/plugin/caucased.py
T-1/etc/plugin/check-free-disk-space.py
T-1/etc/plugin/expose-csr_id-ip-port-listening.py
T-1/etc/plugin/kedifa-http-reply.py
T-1/etc/plugin/monitor-bootstrap-status.py
T-1/etc/plugin/monitor-http-frontend.py
T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/__init__.py
T-2/etc/plugin/buildout-T-2-status.py
T-2/etc/plugin/caddy_cached.py
T-2/etc/plugin/caddy_frontend_ipv4_http.py
T-2/etc/plugin/caddy_frontend_ipv4_https.py
T-2/etc/plugin/caddy_frontend_ipv6_http.py
T-2/etc/plugin/caddy_frontend_ipv6_https.py
T-2/etc/plugin/caddy_ssl_cached.py
T-2/etc/plugin/caucase-updater.py
T-2/etc/plugin/check-free-disk-space.py
T-2/etc/plugin/expose-csr_id-ip-port-listening.py
T-2/etc/plugin/frontend-caddy-configuration-promise.py
T-2/etc/plugin/monitor-bootstrap-status.py
T-2/etc/plugin/monitor-http-frontend.py
T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
T-2/etc/plugin/re6st-connectivity.py
T-2/etc/plugin/trafficserver-cache-availability.py
T-2/etc/plugin/trafficserver-port-listening.py
T-0/var/run/monitor-httpd.pid
T-1/var/run/kedifa.pid
T-1/var/run/monitor-httpd.pid
T-2/var/run/graceful_configuration_state_signature
T-2/var/run/httpd.pid
T-2/var/run/monitor-httpd.pid
T-0:aikc-user-caucase-updater-on-watch RUNNING
T-0:bootstrap-monitor EXITED
T-0:certificate_authority-{hash-generic}-on-watch RUNNING
T-0:crond-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
T-0:monitor-httpd-graceful EXITED
T-0:rejected-slave-publish-{hash-rejected-slave-publish}-on-watch RUNNING
T-1:bootstrap-monitor EXITED
T-1:caucase-updater-on-watch RUNNING
T-1:caucased-{hash-generic}-on-watch RUNNING
T-1:certificate_authority-{hash-generic}-on-watch RUNNING
T-1:crond-{hash-generic}-on-watch RUNNING
T-1:expose-csr_id-{hash-generic}-on-watch RUNNING
T-1:kedifa-{hash-generic}-on-watch RUNNING
T-1:kedifa-reloader EXITED
T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
T-1:monitor-httpd-graceful EXITED
T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26011-{hash-generic}-on-watch RUNNING
T-2:6tunnel-26012-{hash-generic}-on-watch RUNNING
T-2:bootstrap-monitor EXITED
T-2:certificate_authority-{hash-generic}-on-watch RUNNING
T-2:crond-{hash-generic}-on-watch RUNNING
T-2:expose-csr_id-{hash-generic}-on-watch RUNNING
T-2:frontend-caddy-safe-graceful EXITED
T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
T-2:monitor-httpd-graceful EXITED
T-2:trafficserver-{hash-generic}-on-watch RUNNING
T-2:trafficserver-reload EXITED
...@@ -18,4 +18,4 @@ md5sum = 6e4431cf4b0a0d034402604b1e2844c0 ...@@ -18,4 +18,4 @@ md5sum = 6e4431cf4b0a0d034402604b1e2844c0
[template-cloudooo-instance] [template-cloudooo-instance]
filename = instance-cloudooo.cfg.in filename = instance-cloudooo.cfg.in
md5sum = e01ee969a45d44d386653a9eb699cc59 md5sum = e49ee3e309a19f9a3a9590789690c611
...@@ -18,27 +18,6 @@ ...@@ -18,27 +18,6 @@
"default": 1, "default": 1,
"type": "integer" "type": "integer"
}, },
"ssl": {
"description": "Custom ssl certificate, key and optionaly client ca-cert and crl",
"properties": {
"cert": {
"description": "The content of the certificate file",
"type": "string"
},
"key": {
"description": "The content of the ssl key file",
"type": "string"
},
"ca-cert": {
"description": "The content of the ca-certificate file",
"type": "string"
},
"crl": {
"description": "The content of the revocation file",
"type": "string"
}
}
},
"timeout": { "timeout": {
"description": "Configure apache with this timeout", "description": "Configure apache with this timeout",
"type": "integer" "type": "integer"
......
...@@ -24,11 +24,6 @@ ...@@ -24,11 +24,6 @@
{% endif -%} {% endif -%}
{% do assert(timeout > 0) -%} {% do assert(timeout > 0) -%}
{% set ssl_parameter_dict = instance_parameter_dict.get('ssl', {}) %}
{% if instance_parameter_dict.get('ssl-dict-parameter-name') -%}
{% set ssl_parameter_dict = slapparameter_dict.get(instance_parameter_dict['ssl-dict-parameter-name'], ssl_parameter_dict) -%}
{% endif -%}
{% set mimetype_entry_addition = instance_parameter_dict.get('mimetype-entry-addition', '') -%} {% set mimetype_entry_addition = instance_parameter_dict.get('mimetype-entry-addition', '') -%}
{% if instance_parameter_dict.get('mimetype-entry-addition-parameter-name') -%} {% if instance_parameter_dict.get('mimetype-entry-addition-parameter-name') -%}
{% set mimetype_entry_addition = mimetype_entry_addition ~ "\n" ~ slapparameter_dict.get(instance_parameter_dict['mimetype-entry-addition-parameter-name'], '') -%} {% set mimetype_entry_addition = mimetype_entry_addition ~ "\n" ~ slapparameter_dict.get(instance_parameter_dict['mimetype-entry-addition-parameter-name'], '') -%}
...@@ -110,9 +105,6 @@ cert = ${apache-ssl:cert} ...@@ -110,9 +105,6 @@ cert = ${apache-ssl:cert}
key = ${apache-ssl:key} key = ${apache-ssl:key}
cipher = cipher =
ssl-session-cache = ${directory:log}/apache-ssl-session-cache ssl-session-cache = ${directory:log}/apache-ssl-session-cache
# Client x509 auth
ca-cert = ${apache-ssl-client:cert}
crl = ${apache-ssl-client:crl}
[apache-promise] [apache-promise]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently # Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
...@@ -131,28 +123,10 @@ ca-cert = ${directory:apache-conf}/ca.crt ...@@ -131,28 +123,10 @@ ca-cert = ${directory:apache-conf}/ca.crt
crl = ${directory:apache-conf}/crl.pem crl = ${directory:apache-conf}/crl.pem
[apache-ssl] [apache-ssl]
{% if ssl_parameter_dict.get('key') -%}
key = ${apache-ssl-key:rendered}
cert = ${apache-ssl-cert:rendered}
{{ simplefile('apache-ssl-key', '${apache-conf-ssl:key}', ssl_parameter_dict['key']) }}
{{ simplefile('apache-ssl-cert', '${apache-conf-ssl:cert}', ssl_parameter_dict['cert']) }}
{% else %}
recipe = plone.recipe.command recipe = plone.recipe.command
command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}" command = "{{ parameter_dict['openssl'] }}/bin/openssl" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key}" -out "${:cert}"
key = ${apache-conf-ssl:key} key = ${apache-conf-ssl:key}
cert = ${apache-conf-ssl:cert} cert = ${apache-conf-ssl:cert}
{%- endif %}
[apache-ssl-client]
{% if ssl_parameter_dict.get('ca-cert') -%}
cert = ${apache-ssl-ca:rendered}
crl = ${apache-ssl-crl:rendered}
{{ simplefile('apache-ssl-ca', '${apache-conf-ssl:ca-cert}', ssl_parameter_dict['ca-cert']) }}
{{ simplefile('apache-ssl-crl', '${apache-conf-ssl:crl}', ssl_parameter_dict['crl']) }}
{% else %}
cert =
crl =
{%- endif %}
[apache-logrotate] [apache-logrotate]
< = logrotate-entry-base < = logrotate-entry-base
...@@ -189,9 +163,8 @@ includes = ...@@ -189,9 +163,8 @@ includes =
recipe = slapos.cookbook:generic.cloudooo recipe = slapos.cookbook:generic.cloudooo
ip = {{ ipv4 }} ip = {{ ipv4 }}
environment = environment =
LD_LIBRARY_PATH = {{ parameter_dict['cairo'] }}/lib:{{ parameter_dict['cups'] }}/lib:{{ parameter_dict['cups'] }}/lib64:{{ parameter_dict['dbus'] }}/lib:{{ parameter_dict['dbus-glib'] }}/lib:{{ parameter_dict['file'] }}/lib:{{ parameter_dict['fontconfig'] }}/lib:{{ parameter_dict['freetype'] }}/lib:{{ parameter_dict['glib'] }}/lib:{{ parameter_dict['glu'] }}/lib:{{ parameter_dict['libICE'] }}/lib:{{ parameter_dict['libSM'] }}/lib:{{ parameter_dict['libX11'] }}/lib:{{ parameter_dict['libXau'] }}/lib:{{ parameter_dict['libXdmcp'] }}/lib:{{ parameter_dict['libXext'] }}/lib:{{ parameter_dict['libXrender'] }}/lib:{{ parameter_dict['libexpat'] }}/lib:{{ parameter_dict['libffi'] }}/lib:{{ parameter_dict['libffi'] }}/lib64:{{ parameter_dict['libpng12'] }}/lib:{{ parameter_dict['libxcb'] }}/lib:{{ parameter_dict['mesa'] }}/lib:{{ parameter_dict['pixman'] }}/lib:{{ parameter_dict['xdamage'] }}/lib:{{ parameter_dict['xfixes'] }}/lib:{{ parameter_dict['zlib'] }}/lib LD_LIBRARY_PATH = {{ parameter_dict['cairo'] }}/lib:{{ parameter_dict['cups'] }}/lib:{{ parameter_dict['cups'] }}/lib64:{{ parameter_dict['dbus'] }}/lib:{{ parameter_dict['dbus-glib'] }}/lib:{{ parameter_dict['file'] }}/lib:{{ parameter_dict['fontconfig'] }}/lib:{{ parameter_dict['freetype'] }}/lib:{{ parameter_dict['gcc'] }}/lib:{{ parameter_dict['gcc'] }}/lib64:{{ parameter_dict['glib'] }}/lib:{{ parameter_dict['glu'] }}/lib:{{ parameter_dict['libICE'] }}/lib:{{ parameter_dict['libSM'] }}/lib:{{ parameter_dict['libX11'] }}/lib:{{ parameter_dict['libXau'] }}/lib:{{ parameter_dict['libXdmcp'] }}/lib:{{ parameter_dict['libXext'] }}/lib:{{ parameter_dict['libXrender'] }}/lib:{{ parameter_dict['libexpat'] }}/lib:{{ parameter_dict['libffi'] }}/lib:{{ parameter_dict['libffi'] }}/lib64:{{ parameter_dict['libpng12'] }}/lib:{{ parameter_dict['libxcb'] }}/lib:{{ parameter_dict['mesa'] }}/lib:{{ parameter_dict['pixman'] }}/lib:{{ parameter_dict['xdamage'] }}/lib:{{ parameter_dict['xfixes'] }}/lib:{{ parameter_dict['zlib'] }}/lib
FONTCONFIG_FILE = ${fontconfig-conf:rendered} FONTCONFIG_FILE = ${fontconfig-conf:rendered}
PATH = ${binary-link:target-directory} PATH = ${binary-link:target-directory}
mimetype_entry_addition = mimetype_entry_addition =
{% for entry in mimetype_entry_addition.splitlines() -%} {% for entry in mimetype_entry_addition.splitlines() -%}
......
...@@ -4,6 +4,7 @@ extends = ...@@ -4,6 +4,7 @@ extends =
../../stack/cloudooo.cfg ../../stack/cloudooo.cfg
../../stack/logrotate/buildout.cfg ../../stack/logrotate/buildout.cfg
../../stack/monitor/buildout.cfg ../../stack/monitor/buildout.cfg
../../component/defaults.cfg
parts = parts =
${cloudooo-buildout:parts} ${cloudooo-buildout:parts}
...@@ -62,6 +63,7 @@ fontconfig-includes = ...@@ -62,6 +63,7 @@ fontconfig-includes =
${fontconfig:location}/etc/fonts/conf.d ${fontconfig:location}/etc/fonts/conf.d
freetype = ${freetype:location} freetype = ${freetype:location}
gcc = ${gcc:prefix}
glib = ${glib:location} glib = ${glib:location}
glu = ${glu:location} glu = ${glu:location}
haproxy = ${haproxy:location} haproxy = ${haproxy:location}
......
...@@ -84,7 +84,8 @@ ...@@ -84,7 +84,8 @@
"software-url": { "software-url": {
"description": "Front-end's software type. If this parameter is empty, no front-end instance is requested. Else, sla-dict must specify 'frontend' which is a special value matching all frontends (e.g. {\"instance_guid=bar\": [\"frontend\"]}).", "description": "Front-end's software type. If this parameter is empty, no front-end instance is requested. Else, sla-dict must specify 'frontend' which is a special value matching all frontends (e.g. {\"instance_guid=bar\": [\"frontend\"]}).",
"default": "", "default": "",
"type": "string" "type": "string",
"format": "uri"
}, },
"domain": { "domain": {
"description": "The domain name to request front-end to respond as.", "description": "The domain name to request front-end to respond as.",
...@@ -225,7 +226,8 @@ ...@@ -225,7 +226,8 @@
"cloudooo-url": { "cloudooo-url": {
"description": "Format conversion service URL", "description": "Format conversion service URL",
"pattern": "^https?://", "pattern": "^https?://",
"type": "string" "type": "string",
"format": "uri"
}, },
"cloudooo-retry-count": { "cloudooo-retry-count": {
"description": "Define retry count for cloudooo in network error case in test", "description": "Define retry count for cloudooo in network error case in test",
...@@ -453,10 +455,21 @@ ...@@ -453,10 +455,21 @@
"ssl": { "ssl": {
"description": "HTTPS certificate generation parameters", "description": "HTTPS certificate generation parameters",
"properties": { "properties": {
"frontend-caucase-url-list": {
"title": "Frontend Caucase URL List",
"description": "List of URLs of caucase service of frontend groups to authenticate access from them.",
"type": "array",
"items": {
"type": "string",
"format": "uri"
},
"uniqueItems": true
},
"caucase-url": { "caucase-url": {
"title": "Caucase URL", "title": "Caucase URL",
"description": "URL of caucase service to use. If not set, global setting will be used.", "description": "URL of caucase service to use. If not set, global setting will be used.",
"type": "string" "type": "string",
"format": "uri"
}, },
"csr": { "csr": {
"title": "csr", "title": "csr",
......
from . import ERP5InstanceTestCase
from . import setUpModule
from slapos.testing.utils import findFreeTCPPort
from BaseHTTPServer import HTTPServer
from BaseHTTPServer import BaseHTTPRequestHandler
import OpenSSL.SSL
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography import x509
from cryptography.x509.oid import NameOID
import hashlib
import json
import multiprocessing
import os
import requests
import shutil
import subprocess
import tempfile
import time
setUpModule # pyflakes
class TestHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.send_header("Content-Type", "application/json")
response = {
'Path': self.path,
'Incoming Headers': self.headers.dict
}
response = json.dumps(response, indent=2)
self.end_headers()
self.wfile.write(response)
class TestFrontendXForwardedFor(ERP5InstanceTestCase):
__partition_reference__ = 'xff'
http_server_process = None
frontend_caucase_dir = None
frontend_caucased_process = None
backend_caucase_dir = None
backend_caucased_process = None
@classmethod
def getInstanceSoftwareType(cls):
return 'balancer'
@classmethod
def setUpClass(cls):
# start a dummy web server echoing headers.
http_server_port = findFreeTCPPort(cls._ipv4_address)
server = HTTPServer(
(cls._ipv4_address, http_server_port),
TestHandler)
cls.http_server_process = multiprocessing.Process(
target=server.serve_forever, name='HTTPServer')
cls.http_server_process.start()
cls.http_server_netloc = '%s:%s' % (cls._ipv4_address, http_server_port)
# start a caucased and generate a valid client certificate.
cls.computer_partition_root_path = os.path.abspath(os.curdir)
cls.frontend_caucase_dir = tempfile.mkdtemp()
frontend_caucased_dir = os.path.join(cls.frontend_caucase_dir, 'caucased')
os.mkdir(frontend_caucased_dir)
frontend_user_dir = os.path.join(cls.frontend_caucase_dir, 'user')
os.mkdir(frontend_user_dir)
frontend_service_dir = os.path.join(cls.frontend_caucase_dir, 'service')
os.mkdir(frontend_service_dir)
frontend_caucased_netloc = '%s:%s' % (cls._ipv4_address, findFreeTCPPort(cls._ipv4_address))
cls.frontend_caucased_url = 'http://' + frontend_caucased_netloc
cls.user_certificate = frontend_user_key = os.path.join(frontend_user_dir, 'client.key.pem')
frontend_user_csr = os.path.join(frontend_user_dir, 'client.csr.pem')
key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
with open(frontend_user_key, 'wb') as f:
f.write(key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
))
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u'user'),
])).sign(key, hashes.SHA256(), default_backend())
with open(frontend_user_csr, 'wb') as f:
f.write(csr.public_bytes(serialization.Encoding.PEM))
cls.software_release_root_path = os.path.join(
cls.slap._software_root,
hashlib.md5(cls.getSoftwareURL()).hexdigest(),
)
caucased_path = os.path.join(cls.software_release_root_path, 'bin', 'caucased')
caucase_path = os.path.join(cls.software_release_root_path, 'bin', 'caucase')
cls.frontend_caucased_process = subprocess.Popen(
[
caucased_path,
'--db', os.path.join(frontend_caucased_dir, 'caucase.sqlite'),
'--server-key', os.path.join(frontend_caucased_dir, 'server.key.pem'),
'--netloc', frontend_caucased_netloc,
'--service-auto-approve-count', '1',
],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
)
for _ in range(10):
try:
if requests.get(cls.frontend_caucased_url).status_code == 200:
break
except Exception:
pass
time.sleep(1)
else:
raise RuntimeError, 'caucased failed to start.'
cau_args = [
caucase_path,
'--ca-url', cls.frontend_caucased_url,
'--ca-crt', os.path.join(frontend_user_dir, 'service-ca-crt.pem'),
'--crl', os.path.join(frontend_user_dir, 'service.crl'),
'--user-ca-crt', os.path.join(frontend_user_dir, 'user-ca-crt.pem'),
'--user-crl', os.path.join(frontend_user_dir, 'user.crl'),
]
cas_args = [
caucase_path,
'--ca-url', cls.frontend_caucased_url,
'--ca-crt', os.path.join(frontend_service_dir, 'service-ca-crt.pem'),
'--crl', os.path.join(frontend_service_dir, 'service.crl'),
'--user-ca-crt', os.path.join(frontend_service_dir, 'user-ca-crt.pem'),
'--user-crl', os.path.join(frontend_service_dir, 'user.crl'),
]
caucase_process = subprocess.Popen(
cau_args + [
'--mode', 'user',
'--send-csr', frontend_user_csr,
],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
)
result = caucase_process.communicate()
print result
csr_id = result[0].split()[0]
subprocess.check_call(
cau_args + [
'--mode', 'user',
'--get-crt', csr_id, frontend_user_key,
],
)
cls.client_certificate = frontend_service_key = os.path.join(frontend_service_dir, 'crt.pem')
frontend_service_csr = os.path.join(frontend_service_dir, 'csr.pem')
key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
with open(frontend_service_key, 'wb') as f:
f.write(key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
))
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u'service'),
])).sign(key, hashes.SHA256(), default_backend())
with open(frontend_service_csr, 'wb') as f:
f.write(csr.public_bytes(serialization.Encoding.PEM))
caucase_process = subprocess.Popen(
cas_args + [
'--send-csr', frontend_service_csr,
],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
)
result = caucase_process.communicate()
csr_id = result[0].split()[0]
for _ in range(10):
if not subprocess.call(
cas_args + [
'--get-crt', csr_id, frontend_service_key,
],
) == 0:
break
else:
time.sleep(1)
else:
raise RuntimeError, 'getting service certificate failed.'
# start a caucased and server certificate.
cls.backend_caucase_dir = tempfile.mkdtemp()
backend_caucased_dir = os.path.join(cls.backend_caucase_dir, 'caucased')
os.mkdir(backend_caucased_dir)
backend_caucased_netloc = '%s:%s' % (cls._ipv4_address, findFreeTCPPort(cls._ipv4_address))
cls.backend_caucased_url = 'http://' + backend_caucased_netloc
cls.backend_caucased_process = subprocess.Popen(
[
caucased_path,
'--db', os.path.join(backend_caucased_dir, 'caucase.sqlite'),
'--server-key', os.path.join(backend_caucased_dir, 'server.key.pem'),
'--netloc', backend_caucased_netloc,
'--service-auto-approve-count', '1',
],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
)
for _ in range(10):
try:
if requests.get(cls.backend_caucased_url).status_code == 200:
break
except Exception:
pass
time.sleep(1)
else:
raise RuntimeError, 'caucased failed to start.'
super(TestFrontendXForwardedFor, cls).setUpClass()
@classmethod
def getInstanceParameterDict(cls):
return {
'_': json.dumps({
'tcpv4-port': 3306,
'computer-memory-percent-threshold': 100,
# XXX what is this ? should probably not be needed here
'name': cls.__name__,
'monitor-passwd': 'secret',
'apachedex-configuration': '',
'apachedex-promise-threshold': 100,
'haproxy-server-check-path': '/',
'zope-family-dict': {
'default': ['dummy_http_server'],
'default-auth': ['dummy_http_server'],
},
'dummy_http_server': [[cls.http_server_netloc, 1, False]],
'backend-path-dict': {
'default': '/',
'default-auth': '/',
},
'ssl-authentication-dict': {
'default': False,
'default-auth': True,
},
'ssl': {
'caucase-url': cls.backend_caucased_url,
'frontend-caucase-url-list': [cls.frontend_caucased_url],
},
})
}
@classmethod
def _cleanup(cls, snapshot_name):
if cls.http_server_process:
cls.http_server_process.terminate()
if cls.frontend_caucased_process:
cls.frontend_caucased_process.terminate()
if cls.frontend_caucase_dir:
shutil.rmtree(cls.frontend_caucase_dir)
if cls.backend_caucased_process:
cls.backend_caucased_process.terminate()
if cls.backend_caucase_dir:
shutil.rmtree(cls.backend_caucase_dir)
super(TestFrontendXForwardedFor, cls)._cleanup(snapshot_name)
def test_x_forwarded_for_added_when_verified_connection(self):
for backend in ('default', 'default-auth'):
balancer_url = json.loads(self.computer_partition.getConnectionParameterDict()['_'])[backend]
result = requests.get(
balancer_url,
headers={'X-Forwarded-For': '1.2.3.4'},
cert=self.client_certificate,
verify=False,
).json()
self.assertEqual(result['Incoming Headers'].get('x-forwarded-for').split(', ')[0], '1.2.3.4')
def test_x_forwarded_for_stripped_when_not_verified_connection(self):
balancer_url = json.loads(self.computer_partition.getConnectionParameterDict()['_'])['default']
result = requests.get(
balancer_url,
headers={'X-Forwarded-For': '1.2.3.4'},
verify=False,
).json()
self.assertNotEqual(result['Incoming Headers'].get('x-forwarded-for').split(', ')[0], '1.2.3.4')
balancer_url = json.loads(self.computer_partition.getConnectionParameterDict()['_'])['default-auth']
with self.assertRaises(OpenSSL.SSL.Error):
requests.get(
balancer_url,
headers={'X-Forwarded-For': '1.2.3.4'},
verify=False,
)
...@@ -62,7 +62,7 @@ md5sum = 2af7dcf63f74e5edc53a3ff11fa4989b ...@@ -62,7 +62,7 @@ md5sum = 2af7dcf63f74e5edc53a3ff11fa4989b
[instance-gitlab-test.cfg.in] [instance-gitlab-test.cfg.in]
_update_hash_filename_ = instance-gitlab-test.cfg.in _update_hash_filename_ = instance-gitlab-test.cfg.in
md5sum = a4ad76856db98e508af7e773d9ff78f9 md5sum = 60714fb4e6c869c41bd5e9fada1b6e40
[macrolib.cfg.in] [macrolib.cfg.in]
_update_hash_filename_ = macrolib.cfg.in _update_hash_filename_ = macrolib.cfg.in
......
[buildout] [buildout]
extends = extends =
{{ instance_gitlab_cfg }}
{{ instance_gitlab_export_cfg }} {{ instance_gitlab_export_cfg }}
parts += parts +=
......
...@@ -101,7 +101,7 @@ numpy = 1.13.1 ...@@ -101,7 +101,7 @@ numpy = 1.13.1
# Required by: # Required by:
# tornado==4.4.2 # tornado==4.4.2
certifi = 2017.1.23 certifi = 2020.6.20
# Required by: # Required by:
# notebook==4.3.2 # notebook==4.3.2
......
...@@ -40,6 +40,7 @@ from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass ...@@ -40,6 +40,7 @@ from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
has_kvm = os.access('/dev/kvm', os.R_OK|os.W_OK) has_kvm = os.access('/dev/kvm', os.R_OK|os.W_OK)
skipUnlessKvm = unittest.skipUnless(has_kvm, 'kvm not loaded or not allowed') skipUnlessKvm = unittest.skipUnless(has_kvm, 'kvm not loaded or not allowed')
skipIfPython3 = unittest.skipIf(six.PY3, 'rdiff-backup is not compatible with Python 3 yet')
if has_kvm: if has_kvm:
setUpModule, InstanceTestCase = makeModuleSetUpAndTestCaseClass( setUpModule, InstanceTestCase = makeModuleSetUpAndTestCaseClass(
...@@ -327,6 +328,7 @@ class TestAccessKvmClusterAdditional(MonitorAccessMixin, InstanceTestCase): ...@@ -327,6 +328,7 @@ class TestAccessKvmClusterAdditional(MonitorAccessMixin, InstanceTestCase):
) )
self.assertIn('<title>noVNC</title>', result.text) self.assertIn('<title>noVNC</title>', result.text)
@skipIfPython3
@skipUnlessKvm @skipUnlessKvm
class TestAccessKvmClusterBootstrap(MonitorAccessMixin, InstanceTestCase): class TestAccessKvmClusterBootstrap(MonitorAccessMixin, InstanceTestCase):
__partition_reference__ = 'akcb' __partition_reference__ = 'akcb'
...@@ -365,6 +367,7 @@ class TestAccessKvmClusterBootstrap(MonitorAccessMixin, InstanceTestCase): ...@@ -365,6 +367,7 @@ class TestAccessKvmClusterBootstrap(MonitorAccessMixin, InstanceTestCase):
) )
self.assertIn('<title>noVNC</title>', result.text) self.assertIn('<title>noVNC</title>', result.text)
@skipIfPython3
@skipUnlessKvm @skipUnlessKvm
class TestInstanceResilient(InstanceTestCase): class TestInstanceResilient(InstanceTestCase):
__partition_reference__ = 'ir' __partition_reference__ = 'ir'
...@@ -392,6 +395,7 @@ class TestInstanceResilient(InstanceTestCase): ...@@ -392,6 +395,7 @@ class TestInstanceResilient(InstanceTestCase):
'takeover-kvm-1-url', 'takeover-kvm-1-url',
'url'])) 'url']))
@skipIfPython3
@skipUnlessKvm @skipUnlessKvm
class TestAccessResilientAdditional(InstanceTestCase): class TestAccessResilientAdditional(InstanceTestCase):
__partition_reference__ = 'ara' __partition_reference__ = 'ara'
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[instance-common] [instance-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
md5sum = 80599fcc6e5d07270d7900aebfd62139 md5sum = 6da513940e5bf7d06b3fb0aeb39c8ad5
[root-common] [root-common]
filename = root-common.cfg.in filename = root-common.cfg.in
...@@ -30,7 +30,7 @@ md5sum = 9f27195d770b2f57461c60a82c851ab9 ...@@ -30,7 +30,7 @@ md5sum = 9f27195d770b2f57461c60a82c851ab9
[instance-neo] [instance-neo]
filename = instance-neo.cfg.in filename = instance-neo.cfg.in
md5sum = 7642c760a2c5af3e3e81c2c54486d1a8 md5sum = 74e0361f3ec3424c905acc4cd55fd8bf
[template-neo-my-cnf] [template-neo-my-cnf]
filename = my.cnf.in filename = my.cnf.in
...@@ -46,4 +46,4 @@ md5sum = 5afd326de385563b5aeac81039f23341 ...@@ -46,4 +46,4 @@ md5sum = 5afd326de385563b5aeac81039f23341
[runTestSuite.in] [runTestSuite.in]
_update_hash_filename_ = runTestSuite.in _update_hash_filename_ = runTestSuite.in
md5sum = 7a0d5d259eb7f90fc0421d1264fbe7b5 md5sum = 4e7f5b5230800a65c71310a518225119
...@@ -47,3 +47,6 @@ extra-context = ...@@ -47,3 +47,6 @@ extra-context =
raw template_mysqld_wrapper {{ template_mysqld_wrapper }} raw template_mysqld_wrapper {{ template_mysqld_wrapper }}
raw template_neo_my_cnf {{ template_neo_my_cnf }} raw template_neo_my_cnf {{ template_neo_my_cnf }}
{%- endif %} {%- endif %}
{%- if pypy_location is defined %}
raw pypy_location {{ pypy_location }}
{%- endif %}
...@@ -184,6 +184,9 @@ context = ...@@ -184,6 +184,9 @@ context =
section my_cnf_parameters my-cnf-parameters section my_cnf_parameters my-cnf-parameters
raw bin_directory {{ bin_directory }} raw bin_directory {{ bin_directory }}
raw prepend_path {{ mariadb_location }}/bin raw prepend_path {{ mariadb_location }}/bin
{%- if pypy_location is defined %}
raw pypy_location {{ pypy_location }}/bin/pypy
{%- endif %}
{%- if private_tmpfs %} {%- if private_tmpfs %}
key datadir my-cnf-parameters:data-directory key datadir my-cnf-parameters:data-directory
key results_directory directory:results key results_directory directory:results
......
...@@ -115,10 +115,19 @@ def main(): ...@@ -115,10 +115,19 @@ def main():
shutil.rmtree(temp) shutil.rmtree(temp)
os.mkdir(temp) os.mkdir(temp)
args = [RUN_NEO_TESTS_COMMAND, '-ufz'] args = [RUN_NEO_TESTS_COMMAND,
{%- if pypy_location is defined -%}
'-fz'
{%- else -%}
'-ufz'
{%- endif -%}
]
command = ' '.join(args) command = ' '.join(args)
env = {'PATH': PATH, env = {'PATH': PATH,
'TEMP': temp, 'TEMP': temp,
{%- if pypy_location is defined %}
'NEO_PYPY': {{ repr(pypy_location) }},
{%- endif %}
'NEO_TESTS_ADAPTER': adapter, 'NEO_TESTS_ADAPTER': adapter,
'NEO_TEST_ZODB_FUNCTIONAL': '1', 'NEO_TEST_ZODB_FUNCTIONAL': '1',
'NEO_DB_USER': 'root'} 'NEO_DB_USER': 'root'}
......
...@@ -144,8 +144,6 @@ ZODB = 4.4.5 ...@@ -144,8 +144,6 @@ ZODB = 4.4.5
coverage = 4.5.1 coverage = 4.5.1
mock = 3.0.5 mock = 3.0.5
ecdsa = 0.13 ecdsa = 0.13
msgpack = 0.5.6
msgpack-python = 0.5.6
mysqlclient = 1.3.12 mysqlclient = 1.3.12
persistent = 4.5.0 persistent = 4.5.0
pycrypto = 2.6.1 pycrypto = 2.6.1
......
[buildout]
extends =
../../component/pypy/buildout.cfg
software.cfg
[instance-common]
context +=
key pypy_location pypy2:location
...@@ -10,6 +10,9 @@ ZODB = 5.6.0 ...@@ -10,6 +10,9 @@ ZODB = 5.6.0
ZEO = 5.2.0 ZEO = 5.2.0
transaction = 2.4.0 transaction = 2.4.0
# BBB: ZEO
msgpack = 0.5.6
# Required by: # Required by:
# ZEO==5.2.0 # ZEO==5.2.0
# trollius==2.2.post1 # trollius==2.2.post1
......
...@@ -27,8 +27,9 @@ output = ${buildout:directory}/${:_buildout_section_name_} ...@@ -27,8 +27,9 @@ output = ${buildout:directory}/${:_buildout_section_name_}
[plantuml.war] [plantuml.war]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = https://downloads.sourceforge.net/project/plantuml/1.2018.13/plantuml.1.2018.13.war url = https://sourceforge.net/projects/plantuml/files/1.2020.15/plantuml.1.2020.15.war
md5sum = cda05c8163237de039d777c197b3d282 md5sum = ed203cb3b90df8f77492fa36ea6490a5
[versions] [versions]
slapos.recipe.template = 4.4 slapos.recipe.template = 4.4
...@@ -87,6 +87,27 @@ class TestSimpleDiagram(PlantUMLTestCase, ImageComparisonTestCase): ...@@ -87,6 +87,27 @@ class TestSimpleDiagram(PlantUMLTestCase, ImageComparisonTestCase):
reference = Image.open(os.path.join(os.path.dirname(__file__), "data", "test_class_diagram.png")) reference = Image.open(os.path.join(os.path.dirname(__file__), "data", "test_class_diagram.png"))
self.assertImagesSimilar(Image.open(BytesIO(png)), reference) self.assertImagesSimilar(Image.open(BytesIO(png)), reference)
def test_timing_diagram(self):
png = self.plantuml.processes(textwrap.dedent("""\
@startuml
robust "Web Browser" as WB
concise "Web User" as WU
@0
WU is Idle
WB is Idle
@100
WU is Waiting
WB is Processing
@300
WB is Waiting
@enduml
"""))
reference = Image.open(os.path.join(os.path.dirname(__file__), "data", "test_timing_diagram.png"))
self.assertImagesSimilar(Image.open(BytesIO(png)), reference)
def test_fonts(self): def test_fonts(self):
"""Test slapos provided fonts are used""" """Test slapos provided fonts are used"""
png = self.plantuml.processes(textwrap.dedent("""\ png = self.plantuml.processes(textwrap.dedent("""\
......
...@@ -14,24 +14,24 @@ ...@@ -14,24 +14,24 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg filename = instance.cfg
md5sum = da8be58db4255c07750f7a7583eab3ca md5sum = fddea033e1aa9d6147a1a47bd7cc4b62
[template-powerdns] [template-powerdns]
filename = instance-powerdns.cfg filename = instance-powerdns.cfg
md5sum = 681cd9564e491d1f7b7ccb810f8ca7df md5sum = 2adb91323d60fc350f52910a3257d4a7
[template-pdns-configuration] [template-pdns-configuration]
_update_hash_filename_ = template/pdns.conf.jinja2 _update_hash_filename_ = template/pdns.conf.jinja2
md5sum = 7934b7037344678eff3031e1e73e0bb2 md5sum = e45d72de87b4adb89c195ba463be4077
[template-dns-replicate] [template-dns-replicate]
_update_hash_filename_ = instance-powerdns-replicate.cfg.jinja2 _update_hash_filename_ = instance-powerdns-replicate.cfg.jinja2
md5sum = 46acd4ed071df8d7139dcd0434be42eb md5sum = a23e241a236f90ae1afbb5bd5ba0b32d
[iso-list] [iso-list]
_update_hash_filename_ = template/zz.countries.nexedi.dk.rbldnsd _update_hash_filename_ = template/zz.countries.nexedi.dk.rbldnsd
md5sum = c4dc8c141d81b92d92cdb82ca67a13ee md5sum = c4dc8c141d81b92d92cdb82ca67a13ee
[template-cdn-conf] [template-zones-file]
_update_hash_filename_ = template/cdn.conf.in _update_hash_filename_ = template/zones-file.yml.jinja2
md5sum = 29c29f93b3b0bd2f71f86f7b337e4543 md5sum = c820a4f53c3e7706f51a5e0be3a8cf74
...@@ -60,7 +60,7 @@ context = ...@@ -60,7 +60,7 @@ context =
<= replicate <= replicate
name = {{dns_name}} name = {{dns_name}}
{% set state_key = "-dns-%s-state" % i %} {% set state_key = "-dns-%s-state" % i %}
{% if slapparameter_dict.has_key(state_key) %} {% if state_key in slapparameter_dict %}
state = {{ slapparameter_dict.pop(state_key) }} state = {{ slapparameter_dict.pop(state_key) }}
{% endif%} {% endif%}
config-zone = {{ zone }} config-zone = {{ zone }}
...@@ -95,7 +95,7 @@ monitor-url-list += ...@@ -95,7 +95,7 @@ monitor-url-list +=
<= slap-connection <= slap-connection
recipe = slapos.cookbook:requestoptional recipe = slapos.cookbook:requestoptional
{% set dns_software_url_key = "-dns-software-release-url" %} {% set dns_software_url_key = "-dns-software-release-url" %}
{% if slapparameter_dict.has_key(dns_software_url_key) %} {% if dns_software_url_key in slapparameter_dict %}
software-url = {{ slapparameter_dict.pop(dns_software_url_key) }} software-url = {{ slapparameter_dict.pop(dns_software_url_key) }}
{% else %} {% else %}
software-url = ${slap-connection:software-release-url} software-url = ${slap-connection:software-release-url}
...@@ -104,7 +104,7 @@ software-type = {{dns_type}} ...@@ -104,7 +104,7 @@ software-type = {{dns_type}}
return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url
config-server-admin = {{ server_admin }} config-server-admin = {{ server_admin }}
config-ns-record = {{ ns_record }} config-ns-record = {{ ns_record }}
{% for parameter, value in slapparameter_dict.iteritems() -%} {% for parameter, value in slapparameter_dict.items() -%}
config-{{parameter}} = {{ value }} config-{{parameter}} = {{ value }}
{% endfor -%} {% endfor -%}
config-{{ slave_list_name }} = {{ json_module.dumps(slave_instance_list) }} config-{{ slave_list_name }} = {{ json_module.dumps(slave_instance_list) }}
...@@ -151,7 +151,7 @@ key_file = ${slap-connection:key-file} ...@@ -151,7 +151,7 @@ key_file = ${slap-connection:key-file}
cert_file = ${slap-connection:cert-file} cert_file = ${slap-connection:cert-file}
[slap-parameter] [slap-parameter]
slave_instance_list = {% for k, v in slapparameter_dict.items() -%}
-dns-quantity = 1 {{ k }} = {{ v }}
-dns-type = single-default {% endfor -%}
{%- endif %} {%- endif %}
{% if slap_software_type in software_type -%} {% if slap_software_type in software_type -%}
{% set part_list = [] %}
# Create all needed directories # Create all needed directories
[directory] [directory]
...@@ -63,13 +62,12 @@ socket-directory = $${pdns-directory:socket} ...@@ -63,13 +62,12 @@ socket-directory = $${pdns-directory:socket}
webserver-port = 8088 webserver-port = 8088
[geo] [geo]
ip-map-zonefile = ${iso-list:target} zones-file = $${zones-file-template:rendered}
geo-maps = $${pdns-directory:geo-maps} database = ${geolite2-country:location}/GeoLite2-Country.mmdb
[pdns-directory] [pdns-directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
configuration = $${directory:etc}/pdns configuration = $${directory:etc}/pdns
geo-maps = $${:configuration}/geo-maps
socket = $${directory:run}/pdns-socket socket = $${directory:run}/pdns-socket
[pdns-configuration-template] [pdns-configuration-template]
...@@ -80,6 +78,39 @@ extra-context = ...@@ -80,6 +78,39 @@ extra-context =
section pdns pdns section pdns pdns
section geo geo section geo geo
[asia]
japan = jp
hong-kong = hk
china-telecom = cn-t
china-unicom = cn-u
china-mobile = cn-m
west-asia = ae af am az bh cc cy ge il iq ir jo kg kw kz lb om pk qa ru sa sy tj tm tr uz ye
east-asia = bn bt cx id in io kh kp kr la lk mm mn mo mv my np ph sg th to tw vn
[china]
recipe = slapos.recipe.build
iso-list = ${iso-list:target}
init =
import re
ip_split = []
match = re.compile(r"(.*) :.*:(cn-\w)\n").fullmatch
with open(options["iso-list"]) as f:
for line in f:
m = match(line)
if m is None:
continue
ip_split.append(m.groups())
options["ip-split"] = ip_split
[zones-file-template]
< = jinja2-template-base
template = ${template-zones-file:target}
extensions = jinja2.ext.do
rendered = $${pdns-directory:configuration}/zones-file.yml
extra-context =
section asia asia
key china china:ip-split
# Executables # Executables
[pdns-server] [pdns-server]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
...@@ -117,29 +148,6 @@ monitor-url = $${monitor-publish-parameters:monitor-url} ...@@ -117,29 +148,6 @@ monitor-url = $${monitor-publish-parameters:monitor-url}
monitor-user = $${monitor-publish-parameters:monitor-user} monitor-user = $${monitor-publish-parameters:monitor-user}
monitor-password = $${monitor-publish-parameters:monitor-password} monitor-password = $${monitor-publish-parameters:monitor-password}
#####################
# Power DNS Slave configuration
#
{% set slave_instance_list = json_module.loads(slapparameter_dict.get('extra_slave_instance_list', '[]')) %}
# Iter through slave list to prepare configuration
{% for slave in slave_instance_list %}
{% if 'record' in slave and 'origin' in slave and 'default' in slave %}
{% set slave_reference = slave.get('slave_reference') %}
{% set slave_section_name = 'map-configuration-%s' % slave_reference %}
{% do part_list.append(slave_section_name) %}
[{{ slave_section_name }}]
< = jinja2-template-base
template = ${template-cdn-conf:target}
rendered = $${geo:geo-maps}/{{ slave_reference }}
configuration = {{ json_module.dumps(slave) }}
extra-context =
key json_cdn :configuration
{% endif %}
{% endfor %}
####################
[buildout] [buildout]
parts = parts =
pdns-configuration-template pdns-configuration-template
...@@ -149,9 +157,6 @@ parts = ...@@ -149,9 +157,6 @@ parts =
pdns-promise-listen-port pdns-promise-listen-port
monitor-base monitor-base
publish-connection-informations publish-connection-informations
{% for part in part_list %}
{{ ' %s' % part }}
{% endfor %}
extends = ${monitor-template:output} extends = ${monitor-template:output}
......
...@@ -8,10 +8,12 @@ offline = true ...@@ -8,10 +8,12 @@ offline = true
[switch-softwaretype] [switch-softwaretype]
recipe = slapos.cookbook:softwaretype recipe = slapos.cookbook:switch-softwaretype
default = $${dynamic-powerdns-replicate:rendered} default = dynamic-powerdns-replicate:rendered
single-default = $${dynamic-template-powerdns:rendered} single-default = dynamic-template-powerdns:rendered
# BBB
RootSoftwareInstance = $${:default}
[jinja2-template-base] [jinja2-template-base]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
...@@ -21,9 +23,9 @@ context = ...@@ -21,9 +23,9 @@ context =
import json_module json import json_module json
key eggs_directory buildout:eggs-directory key eggs_directory buildout:eggs-directory
key develop_eggs_directory buildout:develop-eggs-directory key develop_eggs_directory buildout:develop-eggs-directory
key slap_software_type slap-parameters:slap-software-type key slap_software_type slap-configuration:slap-software-type
key slapparameter_dict slap-parameters:configuration key slapparameter_dict slap-configuration:configuration
key slave_instance_list slap-parameters:slave-instance-list key slave_instance_list slap-configuration:slave-instance-list
$${:extra-context} $${:extra-context}
[dynamic-template-powerdns] [dynamic-template-powerdns]
...@@ -38,14 +40,14 @@ extra-context = ...@@ -38,14 +40,14 @@ extra-context =
[dynamic-powerdns-replicate] [dynamic-powerdns-replicate]
< = jinja2-template-base < = jinja2-template-base
template = ${template-dns-replicate:target} template = ${template-dns-replicate:target}
filename = instance-apache-replicate.cfg filename = instance-powerdns-replicate.cfg
extensions = jinja2.ext.do extensions = jinja2.ext.do
extra-context = extra-context =
# Must match the key id in [switch-softwaretype] which uses this section. # Must match the key id in [switch-softwaretype] which uses this section.
raw software_type RootSoftwareInstance-default raw software_type RootSoftwareInstance-default
raw template_monitor ${monitor2-template:rendered} raw template_monitor ${monitor2-template:rendered}
[slap-parameters] [slap-configuration]
recipe = slapos.cookbook:slapconfiguration recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id} computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id} partition = $${slap-connection:partition-id}
......
...@@ -10,12 +10,12 @@ ...@@ -10,12 +10,12 @@
}, },
"origin": { "origin": {
"title": "Origin", "title": "Origin",
"description": "Used to qualify RR in the configuration. i.e.: if your origin is a.example.com and the RR for Europe is 'eu' the european clients will use eu.a.exmple.com", "description": "Used to qualify RR in the configuration. i.e.: if your origin is a.example.com and the RR for Europe is 'eu' the european clients will use eu.a.example.com",
"type": "string" "type": "string"
}, },
"default": { "default": {
"title": "Default RR", "title": "Default RR",
"description": "Defautl record to use when the ip is not regognized", "description": "Default record to use when the ip is not recognized",
"type": "string" "type": "string"
}, },
"europe": { "europe": {
......
...@@ -10,10 +10,8 @@ parts = ...@@ -10,10 +10,8 @@ parts =
slapos-cookbook slapos-cookbook
eggs eggs
[gcc] [python]
# For old version of PowerDNS and Ragel. part = python3
part = gcc-5.5
max_version = 6
[eggs] [eggs]
recipe = zc.recipe.egg recipe = zc.recipe.egg
...@@ -47,7 +45,7 @@ recipe = slapos.recipe.build:download ...@@ -47,7 +45,7 @@ recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/${:_update_hash_filename_} url = ${:_profile_base_location_}/${:_update_hash_filename_}
mode = 0644 mode = 0644
[template-cdn-conf] [template-zones-file]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/${:_update_hash_filename_} url = ${:_profile_base_location_}/${:_update_hash_filename_}
mode = 0644 mode = 0644
......
{% set cdn = json_module.loads(json_cdn) %}
$RECORD {{ cdn.get('record') }}
$ORIGIN {{ cdn.get('origin') }}
0 {{ cdn.get('default')}}
# Andorra
20 {{ cdn.get('europe', 'eu') }}
# United Arab Emirates
784 {{ cdn.get('west-asia', 'as') }}
# Afghanistan
4 {{ cdn.get('west-asia', 'as') }}
# Antigua and Barbuda
28 {{ cdn.get('south-america', 'sa') }}
# Anguilla
660 {{ cdn.get('south-america', 'sa') }}
# Albania
8 {{ cdn.get('europe', 'eu') }}
# Armenia
51 {{ cdn.get('west-asia', 'as') }}
# Netherlands Antilles
530 {{ cdn.get('south-america', 'sa') }}
# Angola
24 {{ cdn.get('africa', 'af') }}
# Antarctica
10 {{ cdn.get('europe', 'eu') }}
# Argentina
32 {{ cdn.get('south-america', 'sa') }}
# American Samoa
16 {{ cdn.get('oceania', 'oc') }}
# Austria
40 {{ cdn.get('europe', 'eu') }}
# Australia
36 {{ cdn.get('oceania', 'oc') }}
# Aruba
533 {{ cdn.get('south-america', 'sa') }}
# Azerbaijan
31 {{ cdn.get('west-asia', 'as') }}
# Bosnia and Herzegovina
70 {{ cdn.get('europe', 'eu') }}
# Barbados
52 {{ cdn.get('south-america', 'sa') }}
# Bangladesh
50 {{ cdn.get('east-asia', 'as') }}
# Belgium
56 {{ cdn.get('europe', 'eu') }}
# Burkina Faso
854 {{ cdn.get('africa', 'af') }}
# Bulgaria
100 {{ cdn.get('europe', 'eu') }}
# Bahrain
48 {{ cdn.get('west-asia', 'as') }}
# Burundi
108 {{ cdn.get('africa', 'af') }}
# Benin
204 {{ cdn.get('africa', 'af') }}
# Bermuda
60 {{ cdn.get('south-america', 'sa') }}
# Brunei Darussalam
96 {{ cdn.get('east-asia', 'as') }}
# Bolivia
68 {{ cdn.get('south-america', 'sa') }}
# Brazil
76 {{ cdn.get('south-america', 'sa') }}
# Bahamas
44 {{ cdn.get('south-america', 'sa') }}
# Bhutan
64 {{ cdn.get('east-asia', 'as') }}
# Bouvet Island
74 {{ cdn.get('africa', 'af') }}
# Botswana
72 {{ cdn.get('africa', 'af') }}
# Belarus
112 {{ cdn.get('europe', 'eu') }}
# Belize
84 {{ cdn.get('south-america', 'sa') }}
# Canada
124 {{ cdn.get('north-america', 'na') }}
# Cocos (Keeling) Islands
166 {{ cdn.get('west-asia', 'as') }}
# Congo, The Democratic Republic of the
178 {{ cdn.get('africa', 'af') }}
# Central African Republic
140 {{ cdn.get('africa', 'af') }}
# Switzerland
756 {{ cdn.get('europe', 'eu') }}
# Cote D'Ivoire
384 {{ cdn.get('africa', 'af') }}
# Cook Islands
184 {{ cdn.get('oceania', 'oc') }}
# Chile
152 {{ cdn.get('south-america', 'sa') }}
# Cameroon
120 {{ cdn.get('africa', 'af') }}
# China telecom
155 {{ cdn.get('china-telecom', 'cn-t') }}
#china unicom
156 {{ cdn.get('china-unicom', 'cn-u') }}
#china mobile
157 {{ cdn.get('china-mobile', 'cn-m') }}
# Colombia
170 {{ cdn.get('south-america', 'sa') }}
# Costa Rica
188 {{ cdn.get('south-america', 'sa') }}
# Cuba
192 {{ cdn.get('south-america', 'sa') }}
# Cape Verde
132 {{ cdn.get('africa', 'af') }}
# Christmas Island
162 {{ cdn.get('east-asia', 'as') }}
# Cyprus
196 {{ cdn.get('west-asia', 'as') }}
# Czech Republic
203 {{ cdn.get('europe', 'eu') }}
# Germany
276 {{ cdn.get('europe', 'eu') }}
# Djibouti
262 {{ cdn.get('africa', 'af') }}
# Denmark
208 {{ cdn.get('europe', 'eu') }}
# Dominica
212 {{ cdn.get('south-america', 'sa') }}
# Dominican Republic
214 {{ cdn.get('south-america', 'sa') }}
# Algeria
12 {{ cdn.get('africa', 'af') }}
# Ecuador
218 {{ cdn.get('south-america', 'sa') }}
# Estonia
233 {{ cdn.get('europe', 'eu') }}
# Egypt
818 {{ cdn.get('africa', 'af') }}
# Western Sahara
732 {{ cdn.get('africa', 'af') }}
# Eritrea
232 {{ cdn.get('africa', 'af') }}
# Spain
724 {{ cdn.get('europe', 'eu') }}
# Ethiopia
210 {{ cdn.get('africa', 'af') }}
# Finland
246 {{ cdn.get('europe', 'eu') }}
# Fiji
242 {{ cdn.get('oceania', 'oc') }}
# Falkland Islands (Malvinas)
238 {{ cdn.get('south-america', 'sa') }}
# Micronesia, Federated States of
583 {{ cdn.get('oceania', 'oc') }}
# Faroe Islands
234 {{ cdn.get('europe', 'eu') }}
# France
250 {{ cdn.get('europe', 'eu') }}
# France, Metropolitan
249 {{ cdn.get('europe', 'eu') }}
# Gabon
266 {{ cdn.get('africa', 'af') }}
# United Kingdom
826 {{ cdn.get('europe', 'eu') }}
# Grenada
308 {{ cdn.get('south-america', 'sa') }}
# Georgia
268 {{ cdn.get('west-asia', 'as') }}
# French Guiana
254 {{ cdn.get('south-america', 'sa') }}
# Ghana
288 {{ cdn.get('africa', 'af') }}
# Gibraltar
292 {{ cdn.get('europe', 'eu') }}
# Greenland
304 {{ cdn.get('south-america', 'sa') }}
# Gambia
270 {{ cdn.get('africa', 'af') }}
# Guinea
324 {{ cdn.get('africa', 'af') }}
# Guadeloupe
312 {{ cdn.get('south-america', 'sa') }}
# Equatorial Guinea
226 {{ cdn.get('africa', 'af') }}
# Greece
300 {{ cdn.get('europe', 'eu') }}
# Guatemala
320 {{ cdn.get('south-america', 'sa') }}
# Guam
316 {{ cdn.get('oceania', 'oc') }}
# Guinea-Bissau
624 {{ cdn.get('africa', 'af') }}
# Guyana
328 {{ cdn.get('south-america', 'sa') }}
# Hong Kong
344 {{ cdn.get('hong-kong', 'hk') }}
# Heard Island and McDonald Islands
334 {{ cdn.get('africa', 'af') }}
# Honduras
340 {{ cdn.get('south-america', 'sa') }}
# Croatia
191 {{ cdn.get('europe', 'eu') }}
# Haiti
332 {{ cdn.get('south-america', 'sa') }}
# Hungary
348 {{ cdn.get('europe', 'eu') }}
# Indonesia
360 {{ cdn.get('east-asia', 'as') }}
# Ireland
372 {{ cdn.get('europe', 'eu') }}
# Israel
376 {{ cdn.get('west-asia', 'as') }}
# India
356 {{ cdn.get('east-asia', 'as') }}
# British Indian Ocean Territory
86 {{ cdn.get('east-asia', 'as') }}
# Iraq
368 {{ cdn.get('west-asia', 'as') }}
# Iran, Islamic Republic of
364 {{ cdn.get('west-asia', 'as') }}
# Iceland
352 {{ cdn.get('europe', 'eu') }}
# Italy
380 {{ cdn.get('europe', 'eu') }}
# Jamaica
388 {{ cdn.get('south-america', 'sa') }}
# Jordan
400 {{ cdn.get('west-asia', 'as') }}
# Japan
392 {{ cdn.get('japan', 'jp') }}
# Kenya
404 {{ cdn.get('africa', 'af') }}
# Kyrgyzstan
417 {{ cdn.get('west-asia', 'as') }}
# Cambodia
116 {{ cdn.get('east-asia', 'as') }}
# Kiribati
296 {{ cdn.get('oceania', 'oc') }}
# Comoros
174 {{ cdn.get('africa', 'af') }}
# Saint Kitts and Nevis
659 {{ cdn.get('south-america', 'sa') }}
# Korea, Democratic People's Republic of
408 {{ cdn.get('east-asia', 'as') }}
# Korea, Republic of
410 {{ cdn.get('east-asia', 'as') }}
# Kuwait
414 {{ cdn.get('west-asia', 'as') }}
# Cayman Islands
136 {{ cdn.get('south-america', 'sa') }}
# Kazakhstan
398 {{ cdn.get('west-asia', 'as') }}
# Lao People's Democratic Republic
418 {{ cdn.get('east-asia', 'as') }}
# Lebanon
422 {{ cdn.get('west-asia', 'as') }}
# Saint Lucia
662 {{ cdn.get('south-america', 'sa') }}
# Liechtenstein
438 {{ cdn.get('europe', 'eu') }}
# Sri Lanka
144 {{ cdn.get('east-asia', 'as') }}
# Liberia
430 {{ cdn.get('africa', 'af') }}
# Lesotho
426 {{ cdn.get('africa', 'af') }}
# Lithuania
440 {{ cdn.get('europe', 'eu') }}
# Luxembourg
442 {{ cdn.get('europe', 'eu') }}
# Latvia
428 {{ cdn.get('europe', 'eu') }}
# Libyan Arab Jamahiriya
434 {{ cdn.get('africa', 'af') }}
# Morocco
504 {{ cdn.get('africa', 'af') }}
# Monaco
492 {{ cdn.get('europe', 'eu') }}
# Moldova, Republic of
498 {{ cdn.get('europe', 'eu') }}
# Madagascar
450 {{ cdn.get('africa', 'af') }}
# Marshall Islands
584 {{ cdn.get('oceania', 'oc') }}
# Macedonia, the Former Yugoslav Republic of
807 {{ cdn.get('europe', 'eu') }}
# Mali
466 {{ cdn.get('africa', 'af') }}
# Myanmar
104 {{ cdn.get('east-asia', 'as') }}
# Mongolia
496 {{ cdn.get('east-asia', 'as') }}
# Macao
446 {{ cdn.get('east-asia', 'as') }}
# Northern Mariana Islands
580 {{ cdn.get('oceania', 'oc') }}
# Martinique
474 {{ cdn.get('south-america', 'sa') }}
# Mauritania
478 {{ cdn.get('africa', 'af') }}
# Montserrat
500 {{ cdn.get('south-america', 'sa') }}
# Malta
470 {{ cdn.get('europe', 'eu') }}
# Mauritius
480 {{ cdn.get('africa', 'af') }}
# Maldives
462 {{ cdn.get('east-asia', 'as') }}
# Malawi
454 {{ cdn.get('africa', 'af') }}
# Mexico
484 {{ cdn.get('north-america', 'na') }}
# Malaysia
458 {{ cdn.get('east-asia', 'as') }}
# Mozambique
508 {{ cdn.get('africa', 'af') }}
# Namibia
516 {{ cdn.get('africa', 'af') }}
# New Caledonia
540 {{ cdn.get('oceania', 'oc') }}
# Niger
562 {{ cdn.get('africa', 'af') }}
# Norfolk Island
574 {{ cdn.get('oceania', 'oc') }}
# Nigeria
566 {{ cdn.get('africa', 'af') }}
# Nicaragua
558 {{ cdn.get('south-america', 'sa') }}
# Netherlands
528 {{ cdn.get('europe', 'eu') }}
# Norway
578 {{ cdn.get('europe', 'eu') }}
# Nepal
524 {{ cdn.get('east-asia', 'as') }}
# Nauru
520 {{ cdn.get('oceania', 'oc') }}
# Niue
570 {{ cdn.get('oceania', 'oc') }}
# New Zealand
554 {{ cdn.get('oceania', 'oc') }}
# Oman
512 {{ cdn.get('west-asia', 'as') }}
# Panama
591 {{ cdn.get('south-america', 'sa') }}
# Peru
604 {{ cdn.get('south-america', 'sa') }}
# French Polynesia
258 {{ cdn.get('oceania', 'oc') }}
# Papua New Guinea
598 {{ cdn.get('oceania', 'oc') }}
# Philippines
608 {{ cdn.get('east-asia', 'as') }}
# Pakistan
586 {{ cdn.get('west-asia', 'as') }}
# Poland
616 {{ cdn.get('europe', 'eu') }}
# Saint Pierre and Miquelon
666 {{ cdn.get('south-america', 'sa') }}
# Pitcairn
612 {{ cdn.get('oceania', 'oc') }}
# Puerto Rico
630 {{ cdn.get('south-america', 'sa') }}
# Portugal
620 {{ cdn.get('europe', 'eu') }}
# Palau
585 {{ cdn.get('oceania', 'oc') }}
# Paraguay
600 {{ cdn.get('south-america', 'sa') }}
# Qatar
634 {{ cdn.get('west-asia', 'as') }}
# Reunion
638 {{ cdn.get('africa', 'af') }}
# Romania
642 {{ cdn.get('europe', 'eu') }}
# Russian Federation
643 {{ cdn.get('west-asia', 'as') }}
# Rwanda
646 {{ cdn.get('africa', 'af') }}
# Saudi Arabia
682 {{ cdn.get('west-asia', 'as') }}
# Solomon Islands
90 {{ cdn.get('oceania', 'oc') }}
# Seychelles
690 {{ cdn.get('africa', 'af') }}
# Sudan
736 {{ cdn.get('africa', 'af') }}
# Sweden
752 {{ cdn.get('europe', 'eu') }}
# Singapore
702 {{ cdn.get('east-asia', 'as') }}
# Saint Helena
654 {{ cdn.get('africa', 'af') }}
# Slovenia
705 {{ cdn.get('europe', 'eu') }}
# Svalbard and Jan Mayen
744 {{ cdn.get('europe', 'eu') }}
# Slovakia
703 {{ cdn.get('europe', 'eu') }}
# Sierra Leone
694 {{ cdn.get('africa', 'af') }}
# San Marino
674 {{ cdn.get('europe', 'eu') }}
# Senegal
686 {{ cdn.get('africa', 'af') }}
# Somalia
706 {{ cdn.get('africa', 'af') }}
# Suriname
740 {{ cdn.get('south-america', 'sa') }}
# Sao Tome and Principe
678 {{ cdn.get('africa', 'af') }}
# El Salvador
222 {{ cdn.get('south-america', 'sa') }}
# Syrian Arab Republic
760 {{ cdn.get('west-asia', 'as') }}
# Swaziland
748 {{ cdn.get('africa', 'af') }}
# Turks and Caicos Islands
796 {{ cdn.get('south-america', 'sa') }}
# Chad
148 {{ cdn.get('africa', 'af') }}
# French Southern Territories
260 {{ cdn.get('africa', 'af') }}
# Togo
768 {{ cdn.get('africa', 'af') }}
# Thailand
764 {{ cdn.get('east-asia', 'as') }}
# Tajikistan
762 {{ cdn.get('west-asia', 'as') }}
# Tokelau
772 {{ cdn.get('oceania', 'oc') }}
# Turkmenistan
795 {{ cdn.get('west-asia', 'as') }}
# Tonga
788 {{ cdn.get('oceania', 'oc') }}
# East Timor
776 {{ cdn.get('east-asia', 'as') }}
# Turkey
792 {{ cdn.get('west-asia', 'as') }}
# Trinidad and Tobago
780 {{ cdn.get('south-america', 'sa') }}
# Tuvalu
798 {{ cdn.get('oceania', 'oc') }}
# Taiwan
158 {{ cdn.get('east-asia', 'as') }}
# Tanzania, United Republic of
834 {{ cdn.get('africa', 'af') }}
# Ukraine
804 {{ cdn.get('europe', 'eu') }}
# Uganda
800 {{ cdn.get('africa', 'af') }}
# United States Minor Outlying Islands
581 {{ cdn.get('oceania', 'oc') }}
# United States
840 {{ cdn.get('north-america', 'na') }}
# Uruguay
858 {{ cdn.get('south-america', 'sa') }}
# Uzbekistan
860 {{ cdn.get('west-asia', 'as') }}
# Holy See (Vatican City State)
336 {{ cdn.get('europe', 'eu') }}
# Saint Vincent and the Grenadines
670 {{ cdn.get('south-america', 'sa') }}
# Venezuela
862 {{ cdn.get('south-america', 'sa') }}
# Virgin Islands, British
92 {{ cdn.get('south-america', 'sa') }}
# Virgin Islands, U.S.
850 {{ cdn.get('south-america', 'sa') }}
# Vietnam
704 {{ cdn.get('east-asia', 'as') }}
# Vanuatu
548 {{ cdn.get('oceania', 'oc') }}
# Wallis and Futuna
876 {{ cdn.get('oceania', 'oc') }}
# Samoa
882 {{ cdn.get('oceania', 'oc') }}
# Yemen
887 {{ cdn.get('west-asia', 'as') }}
# Mayotte
175 {{ cdn.get('africa', 'af') }}
# Yugoslavia
891 {{ cdn.get('europe', 'eu') }}
# South Africa
710 {{ cdn.get('africa', 'af') }}
# Zambia
894 {{ cdn.get('africa', 'af') }}
# Zaire
180 {{ cdn.get('africa', 'af') }}
# Zimbabwe
716 {{ cdn.get('africa', 'af') }}
...@@ -31,7 +31,8 @@ cache-ttl=0 ...@@ -31,7 +31,8 @@ cache-ttl=0
# things are working. :) # things are working. :)
log-dns-details=yes log-dns-details=yes
log-dns-queries=yes log-dns-queries=yes
log-failed-updates=yes # https://github.com/PowerDNS/pdns/commit/df9d980
# log-failed-updates=yes
loglevel=4 loglevel=4
# This disables wildcards which is more efficient. geobackend doesn't use # This disables wildcards which is more efficient. geobackend doesn't use
...@@ -40,52 +41,11 @@ loglevel=4 ...@@ -40,52 +41,11 @@ loglevel=4
# wildcards=no # wildcards=no
# The geobackend # The geobackend
launch=geo launch=geoip
# The zone that your geo-balanced RR is inside of. The whole zone has to be edns-subnet-processing=yes
# delegated to the PowerDNS backend, so you will generally want to make up some
# subzone of your main zone. We chose "geo.blitzed.org".
#
geo-zone={{ slapparameter_dict.get('zone', 'example.com') }}
# The only parts of the SOA for "geo.blitzed.org" that apply here are the
# master server name and the contact address.
geo-soa-values={{ slapparameter_dict.get('soa', 'ns0.example.com,admin@example.com') }}
# List of NS records of the PowerDNS servers that are authoritative for your
# GLB zone.
geo-ns-records={{ slapparameter_dict.get('ns-record', 'ns0.example.com,ns1.example.com') }}
# The TTL of the CNAME records that geobackend will return. Since the same
# resolver will always get the same CNAME (apart from if the director-map
# changes) it is safe to return a reasonable TTL, so if you leave this
# commented then a sane default will be chosen.
#geo-ttl=3600
# The TTL of the NS records that will be returned. Leave this commented if you
# don't understand.
#geo-ns-ttl=86400
# This is the real guts of the data that drives this backend. This is a DNS
# zone file for RBLDNSD, a nameserver specialised for running large DNS zones
# typical of DNSBLs and such. We choose it for our data because it is easier
# to parse than the BIND-format one.
#
# Anyway, it comes from http://countries.nerd.dk/more.html - there are details
# there for how to rsync your own copy. You'll want to do that regularly,
# every couple of days maybe. We believe the nerd.dk guys take the netblock
# info from Regional Internet Registries (RIRs) like RIPE, ARIN, APNIC. From
# that they build a big zonefile of IP/prefixlen -> ISO-country-code mappings.
geo-ip-map-zonefile={{ geo.get('ip-map-zonefile') }}
# And finally this last directive tells the geobackend where to find the map geoip-database-files={{ geo['database'] }}
# files that say a) which RR to answer for, and b) what actual resource record geoip-zones-file={{ geo['zones-file'] }}
# to return for each ISO country code. The setting here is a comma-separated
# list of paths, each of which may either be a single map file or a directory
# that will contain map files. If you are only ever going to serve one RR then
# a single file is probably better, but if you're going to serve many then a
# directory would probably be better. The rest of this documentation will
# assume you chose a directory.
geo-maps={{ geo.get('geo-maps') }}
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
\ No newline at end of file
# See https://doc.powerdns.com/authoritative/backends/geoip.html
{%- set slave_instance_list = json_module.loads(slapparameter_dict.get('extra_slave_instance_list', '[]')) %}
{%- set zone = slapparameter_dict.get('zone', 'example.com') %}
{%- macro disambiguate_domain_name(a, b) %}
{#- See http://www.dns-sd.org/trailingdotsindomainnames.html #}
{%- if a.endswith('.') %}
{{- a[:-1] }}
{%- else %}
{{- a }}.{{ b }}
{%- endif %}
{%- endmacro %}
domains:
- domain: {{ zone }}
# TODO: what value for ttl?
ttl: 300
# Note: For each domain, one record of the domain name MUST exist with a soa record.
records:
{{ zone }}:
- soa: {{ slapparameter_dict.get('soa', 'ns0.example.com,admin@example.com').replace(',', ' ') }}
{%- for ns in slapparameter_dict.get('ns-record', 'ns0.example.com,ns1.example.com').split(',') %}
- ns: {{ ns }}
{%- endfor %}
{#- Split the world the way we prefer. 'GeoLite2-Country.mmdb' divides the
world into 7 continents: Oceania, Asia, Europe, South America,
North America, Africa and Antarctica. However, we also want a more
fine-grained division for Asia, i.e. West/East, China, Hong-Kong and
Japan. #}
{%- set world_split = {
"continent": {
"eu": "europe",
"af": "africa",
"sa": "south-america",
"na": "north-america",
"oc": "oceania",
},
"country": {}} %}
{%- for region, codes in asia.items() %}
{%- for country_code in codes.split() %}
{%- do world_split["country"].__setitem__(country_code, region) %}
{%- endfor %}
{%- endfor %}
{%- for slave in slave_instance_list %}
{#- Set the RR to use for each region, as described in
'slave-instance-powerdns-input-schema.json' #}
{%- set rr_dict = {} %}
{%- for region, default_rr in {"europe": "eu",
"africa": "af",
"south-america": "sa",
"north-america": "na",
"china-telecom": "cn-t",
"china-unicom": "cn-u",
"china-mobile": "cn-m",
"japan": "jp",
"hong-kong": "hk",
"east-asia": "as",
"west-asia": "eu",
"oceania": "oc"}.items() %}
{%- do rr_dict.__setitem__(region, slave.get(region, default_rr)) %}
{%- endfor %}
{#- 'code2region' maps an ISO3166 country/continent code (i.e. the client
origin) to a geographical region. The latter is then used to find the
right RR (thanks to 'rr_dict') #}
{%- for placeholder, code2region in world_split.items() %}
{%- for code, region in code2region.items() %}
{%- set origin = slave['origin'] %}
{{ code }}.{{ placeholder }}.{{ origin }}:
- cname: {{ disambiguate_domain_name(rr_dict[region], origin) }}
{%- endfor %}
{%- endfor %}
{%- endfor %}
services:
{%- for slave in slave_instance_list %}
{%- set origin = slave['origin'] %}
{{ disambiguate_domain_name(slave['record'], zone) }}:
{#- Note: Placeholders (i.e. "country." and "continent.") are used to avoid
possible name collisions, e.g.:
- %cc for American Samoa is 'as'
- %cn for Asia is also 'as' #}
default: ['%cc.country.{{ origin }}', '%cn.continent.{{ origin }}', '{{ disambiguate_domain_name(slave['default'], origin) }}']
# Split China's ip addresses according to ISP
{%- for ip_range, country_code in china %}
{{ ip_range }}: {{ country_code }}.country.{{ origin }}
{%- endfor %}
{%- endfor %}
...@@ -18,15 +18,15 @@ md5sum = b41f521b5f7980c64260ed0e5c494450 ...@@ -18,15 +18,15 @@ md5sum = b41f521b5f7980c64260ed0e5c494450
[instance-repman.cfg] [instance-repman.cfg]
_update_hash_filename_ = instance-repman.cfg.jinja2.in _update_hash_filename_ = instance-repman.cfg.jinja2.in
md5sum = 7dbaace0d7db0e26d582ad17f36ac9cd md5sum = 657ecdb1dfbbcf53e4e7932b3b5708c4
[config-toml.in] [config-toml.in]
_update_hash_filename_ = templates/config.toml.in _update_hash_filename_ = templates/config.toml.in
md5sum = 5cfa75ca5a0048a050c0041dfe541f3d md5sum = 19fe38a342a5c9857e29f78eedb3c46e
[config-cluster-toml.in] [config-cluster-toml.in]
_update_hash_filename_ = templates/cluster-config.toml.in _update_hash_filename_ = templates/cluster-config.toml.in
md5sum = d2e79a9435082d9420281b4f59a5d464 md5sum = 079599a2841b5a0d5178bb12c4a30ae8
[nginx.conf.in] [nginx.conf.in]
_update_hash_filename_ = templates/nginx.conf.in _update_hash_filename_ = templates/nginx.conf.in
......
...@@ -37,7 +37,7 @@ ...@@ -37,7 +37,7 @@
"computer-memory-percent-threshold": { "computer-memory-percent-threshold": {
"title": "Computer memory percent threshold.", "title": "Computer memory percent threshold.",
"description": "Computer memory percent threshold.", "description": "Computer memory percent threshold.",
"type": "int", "type": "integer",
"default": 80 "default": 80
}, },
"monitor-interface-url": { "monitor-interface-url": {
...@@ -61,9 +61,15 @@ ...@@ -61,9 +61,15 @@
}, },
"mail-smtp-addr": { "mail-smtp-addr": {
"title": "Mail SMTP address", "title": "Mail SMTP address",
"description": "Mail SMTP address. Default: localhost:25", "description": "Mail SMTP address. Default: localhost",
"type": "string", "type": "string",
"default": "localhost:25" "default": "localhost"
},
"mail-smtp-port": {
"title": "Mail SMTP port",
"description": "Mail SMTP port. Default: 25",
"type": "integer",
"default": "25"
}, },
"mail-smtp-password": { "mail-smtp-password": {
"title": "Mail SMTP password", "title": "Mail SMTP password",
...@@ -84,10 +90,31 @@ ...@@ -84,10 +90,31 @@
"default": "" "default": ""
}, },
"tags": { "tags": {
"title": "Provisioning db tags", "title": "Provisioning db tag list",
"description": "Provisioning db tags", "description": "Provisioning db tags. Set one tag per line.",
"type": "string", "type": "array",
"default": "gtidstrict,bind,pkg,innodb,noquerycache,slow,pfs,linux,readonly,diskmonitor,sqlerror,compressbinlog,bm4ci,mroonga,utctime,readcommitted,nohandshake" "items": {
"type": "string"
},
"default": [
"gtidstrict",
"bind",
"pkg",
"innodb",
"noquerycache",
"slow",
"pfs",
"linux",
"readonly",
"diskmonitor",
"sqlerror",
"compressbinlog",
"bm4ci",
"mroonga",
"utctime",
"readcommitted",
"nohandshake"
]
}, },
"http-session-lifetime": { "http-session-lifetime": {
"title": "Web Session life time in s", "title": "Web Session life time in s",
...@@ -169,10 +196,18 @@ ...@@ -169,10 +196,18 @@
"default": "external" "default": "external"
}, },
"proxy-tags": { "proxy-tags": {
"title": "Proxy tags", "title": "Proxy tag list",
"description": "playbook configuration tags. Default: pkg,masterslave,linux,noreadwritesplit", "description": "playbook configuration tags. Default: [\"pkg\", \"masterslave\", \"linux\", \"noreadwritesplit\"]",
"type": "string", "type": "array",
"default": "pkg,masterslave,linux,noreadwritesplit" "items": {
"type": "string"
},
"default": [
"pkg",
"masterslave",
"linux",
"noreadwritesplit"
]
}, },
"logical-backup-cron": { "logical-backup-cron": {
"title": "Mysqldump backup cron definition.", "title": "Mysqldump backup cron definition.",
...@@ -222,16 +257,36 @@ ...@@ -222,16 +257,36 @@
"multipleOf": 256 "multipleOf": 256
}, },
"db-memory-shared-pct": { "db-memory-shared-pct": {
"title": "Percent memory shared per buffer", "title": "Percent memory list shared per buffer",
"description": "Percent memory shared per buffer (default \"threads:16,innodb:60,myisam:10,aria:10,rocksdb:1,tokudb:1,s3:1,archive:1,querycache:0\")", "description": "Percent memory shared per buffer. Default: [\"threads:16\", \"innodb:60\", \"myisam:10\", \"aria:10\", \"rocksdb:1\", \"tokudb:1\", \"s3:1\", \"archive:1\", \"querycache:0\"]",
"type": "string", "type": "array",
"default": "threads:16,innodb:60,myisam:10,aria:10,rocksdb:1,tokudb:1,s3:1,archive:1,querycache:0" "items": {
"type": "string"
},
"default": [
"threads:16",
"innodb:60",
"myisam:10",
"aria:10",
"rocksdb:1",
"tokudb:1",
"s3:1",
"archive:1",
"querycache:0"
]
}, },
"db-memory-threaded-pct": { "db-memory-threaded-pct": {
"title": "Percent memory allocted per threads", "title": "Percent memory allocted per threads",
"description": "Percent memory allocted per threads. (default \"tmp:70,join:20,sort:10\")", "description": "Percent memory allocted per threads. Default: [\"tmp:70\", \"join:20\", \"sort:10\"]",
"type": "string", "type": "array",
"default": "tmp:70,join:20,sort:10" "items": {
"type": "string"
},
"default": [
"tmp:70",
"join:20",
"sort:10"
]
}, },
"innodb-file-per-table": { "innodb-file-per-table": {
"title": "enable Innodb file per table", "title": "enable Innodb file per table",
...@@ -256,7 +311,6 @@ ...@@ -256,7 +311,6 @@
"manual", "manual",
"automatic" "automatic"
] ]
}, },
"failover-limit": { "failover-limit": {
"title": "Failover amount limit", "title": "Failover amount limit",
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
{% set ip = (ipv6_set | list)[0] -%} {% set ip = (ipv6_set | list)[0] -%}
{% set ipv4 = (ipv4_set | list)[0] -%} {% set ipv4 = (ipv4_set | list)[0] -%}
{% set cluster_list = [] -%} {% set cluster_list = [] -%}
{% set tags = "gtidstrict,bind,pkg,innodb,noquerycache,slow,pfs,linux,readonly,diskmonitor,sqlerror,compressbinlog,bm4ci,mroonga,utctime,readcommitted,nohandshake" -%} {% set tag_list = ["gtidstrict", "bind", "pkg", "innodb", "noquerycache", "slow", "pfs", "linux", "readonly", "diskmonitor", "sqlerror", "compressbinlog", "bm4ci", "mroonga", "utctime", "readcommitted", "nohandshake"] -%}
{% set frontend_parameter_dict = slapparameter_dict.get('slave-frontend', {}) -%} {% set frontend_parameter_dict = slapparameter_dict.get('slave-frontend', {}) -%}
[directory] [directory]
...@@ -60,7 +60,7 @@ mode = 755 ...@@ -60,7 +60,7 @@ mode = 755
{% do mariadb_dict.__setitem__('computer-memory-percent-threshold', 80) -%} {% do mariadb_dict.__setitem__('computer-memory-percent-threshold', 80) -%}
{% set default_parameter_dict = {"cluster1": {"name": "cluster1", "db-prefered-master": "", {% set default_parameter_dict = {"cluster1": {"name": "cluster1", "db-prefered-master": "",
"database-amount": 2, "proxysql-user": "external", "proxy-tags": "pkg,masterslave,linux,noreadwritesplit", "database-amount": 2, "proxysql-user": "external",
"logical-backup-cron": "0 21 * * *", "physical-backup-cron": "0 1 * * *"}} -%} "logical-backup-cron": "0 21 * * *", "physical-backup-cron": "0 1 * * *"}} -%}
{% for name, parameter_dict in slapparameter_dict.get('repman-cluster-dict', default_parameter_dict).items() -%} {% for name, parameter_dict in slapparameter_dict.get('repman-cluster-dict', default_parameter_dict).items() -%}
...@@ -150,7 +150,8 @@ proxysql-servers-ipv6 = [{{ ip }}] ...@@ -150,7 +150,8 @@ proxysql-servers-ipv6 = [{{ ip }}]
password = ${repman-parameter:password} password = ${repman-parameter:password}
proxysql-partition = ${buildout:directory} proxysql-partition = ${buildout:directory}
receiver-port-list = {{ receiver_port_list | join(',') }} receiver-port-list = {{ receiver_port_list | join(',') }}
proxy-tags = {{ parameter_dict.get("proxy-tags", "pkg,masterslave,linux,noreadwritesplit") }} enabled-tags = {{ slapparameter_dict.get("tag-list", tag_list) | join(',') }}
proxy-tags = {{ parameter_dict.get("proxy-tags", ["pkg", "masterslave", "linux", "noreadwritesplit"]) | join(',') }}
logical-backup-cron = {{ parameter_dict.get("logical-backup-cron", "0 22 * * *") }} logical-backup-cron = {{ parameter_dict.get("logical-backup-cron", "0 22 * * *") }}
physical-backup-cron = {{ parameter_dict.get("physical-backup-cron", "0 0 * * *") }} physical-backup-cron = {{ parameter_dict.get("physical-backup-cron", "0 0 * * *") }}
proxy-cpu-cores = {{ parameter_dict.get("proxy-cpu-cores", 2) }} proxy-cpu-cores = {{ parameter_dict.get("proxy-cpu-cores", 2) }}
...@@ -158,8 +159,8 @@ proxy-memory = {{ parameter_dict.get("proxy-memory", 1) }} ...@@ -158,8 +159,8 @@ proxy-memory = {{ parameter_dict.get("proxy-memory", 1) }}
db-cpu-cores = {{ parameter_dict.get("db-cpu-cores", 2) }} db-cpu-cores = {{ parameter_dict.get("db-cpu-cores", 2) }}
db-disk-iops = {{ parameter_dict.get("db-disk-iops", 300) }} db-disk-iops = {{ parameter_dict.get("db-disk-iops", 300) }}
db-memory = {{ parameter_dict.get("db-memory", 256) }} db-memory = {{ parameter_dict.get("db-memory", 256) }}
db-memory-shared-pct = {{ parameter_dict.get("db-memory-shared-pct", "threads:16,innodb:60,myisam:10,aria:10,rocksdb:1,tokudb:1,s3:1,archive:1,querycache:0") }} db-memory-shared-pct = {{ parameter_dict.get("db-memory-shared-pct", ["threads:16", "innodb:60", "myisam:10", "aria:10", "rocksdb:1", "tokudb:1", "s3:1", "archive:1", "querycache:0"]) | join(',') }}
db-memory-threaded-pct = {{ parameter_dict.get("db-memory-threaded-pct", "tmp:70,join:20,sort:10") }} db-memory-threaded-pct = {{ parameter_dict.get("db-memory-threaded-pct", ["tmp:70", "join:20", "sort:10"]) | join(',') }}
# failover # failover
failover-mode = {{ parameter_dict.get('failover-mode', 'manual') }} failover-mode = {{ parameter_dict.get('failover-mode', 'manual') }}
failover-limit = {{ parameter_dict.get('failover-limit', 5) }} failover-limit = {{ parameter_dict.get('failover-limit', 5) }}
...@@ -336,11 +337,11 @@ sysbench-bin = {{ sysbench_location }}/bin/sysbench ...@@ -336,11 +337,11 @@ sysbench-bin = {{ sysbench_location }}/bin/sysbench
restic-bin = {{ restic_bin_location }} restic-bin = {{ restic_bin_location }}
mail-from = {{ slapparameter_dict.get("mail-from", "mrm@localhost") }} mail-from = {{ slapparameter_dict.get("mail-from", "mrm@localhost") }}
mail-smtp-addr = {{ slapparameter_dict.get("mail-smtp-addr", "localhost:25") }} mail-smtp-addr = {{ slapparameter_dict.get("mail-smtp-addr", "localhost") }}
mail-smtp-port = {{ slapparameter_dict.get("mail-smtp-port", "25") }}
mail-smtp-password = {{ slapparameter_dict.get("mail-smtp-password", "") }} mail-smtp-password = {{ slapparameter_dict.get("mail-smtp-password", "") }}
mail-smtp-user = {{ slapparameter_dict.get("mail-smtp-user", "") }} mail-smtp-user = {{ slapparameter_dict.get("mail-smtp-user", "") }}
mail-to = {{ slapparameter_dict.get("mail-to", "") }} mail-to = {{ slapparameter_dict.get("mail-to", "") }}
enabled-tags = {{ slapparameter_dict.get("tags", tags) }}
http-session-lifetime = {{ slapparameter_dict.get("http-session-lifetime", 86400) }} http-session-lifetime = {{ slapparameter_dict.get("http-session-lifetime", 86400) }}
http-refresh-interval = {{ slapparameter_dict.get("http-refresh-interval", 4) }} http-refresh-interval = {{ slapparameter_dict.get("http-refresh-interval", 4) }}
......
...@@ -22,6 +22,7 @@ proxysql-bootstrap = true ...@@ -22,6 +22,7 @@ proxysql-bootstrap = true
proxysql-admin-port = {{ parameter_dict['proxy-admin-port'] }} proxysql-admin-port = {{ parameter_dict['proxy-admin-port'] }}
proxysql-password = "{{ parameter_dict['password'] }}" proxysql-password = "{{ parameter_dict['password'] }}"
prov-db-tags = "{{ parameter_dict['enabled-tags'] }}"
prov-proxy-tags = "{{ parameter_dict['proxy-tags'] }}" prov-proxy-tags = "{{ parameter_dict['proxy-tags'] }}"
monitoring-scheduler = true monitoring-scheduler = true
......
...@@ -53,14 +53,13 @@ backup-mysqldump-path = "{{ parameter_dict['mysqldump-path'] }}" ...@@ -53,14 +53,13 @@ backup-mysqldump-path = "{{ parameter_dict['mysqldump-path'] }}"
# Alert email sender (default "mrm@localhost") # Alert email sender (default "mrm@localhost")
mail-from = "{{ parameter_dict['mail-from'] }}" mail-from = "{{ parameter_dict['mail-from'] }}"
# Alert email SMTP server address, in host:[port] format (default "localhost:25") # Alert email SMTP server address, in host:[port] format (default "localhost:25")
mail-smtp-addr = "{{ parameter_dict['mail-smtp-addr'] }}" mail-smtp-addr = "{{ parameter_dict['mail-smtp-addr'] }}:{{ parameter_dict['mail-smtp-port'] }}"
mail-smtp-password = "{{ parameter_dict['mail-smtp-password'] }}" mail-smtp-password = "{{ parameter_dict['mail-smtp-password'] }}"
mail-smtp-user = "{{ parameter_dict['mail-smtp-user'] }}" mail-smtp-user = "{{ parameter_dict['mail-smtp-user'] }}"
# Alert email recipients, separated by commas # Alert email recipients, separated by commas
mail-to = "{{ parameter_dict['mail-to'] }}" mail-to = "{{ parameter_dict['mail-to'] }}"
prov-orchestrator = "slapos" prov-orchestrator = "slapos"
prov-db-tags = "{{ parameter_dict['enabled-tags'] }}"
sysbench-binary-path = "{{ parameter_dict['sysbench-bin'] }}" sysbench-binary-path = "{{ parameter_dict['sysbench-bin'] }}"
# Number of threads to run benchmark (default 4) # Number of threads to run benchmark (default 4)
......
...@@ -23,14 +23,14 @@ ...@@ -23,14 +23,14 @@
# # The path given to "SSLSessionCache shmcb:<folder_path>(512000)" # # The path given to "SSLSessionCache shmcb:<folder_path>(512000)"
# "ssl-session-cache": "<folder_path>", # "ssl-session-cache": "<folder_path>",
# #
# # The path given to "SSLCACertificateFile" (can be empty) # # The path given to "SSLCACertificatePath" (can be empty)
# # If this value is not empty, it enables client certificate check. # # If this value is not empty, it enables client certificate check.
# # (Enabling "SSLVerifyClient require") # # (Enabling "SSLVerifyClient require")
# "ca-cert": "<file_path>", # "ca-cert-dir": "<directory_path>",
# #
# # The path given to "SSLCARevocationFile" (used if ca-cert is not # # The path given to "SSLCARevocationPath" (used if ca-cert-dir is not
# # empty) # # empty)
# "crl": "<file_path>", # "crl-dir": "<directory_path>",
# #
# # The path given to "ErrorLog" # # The path given to "ErrorLog"
# "error-log": "<file_path>", # "error-log": "<file_path>",
...@@ -69,7 +69,7 @@ ...@@ -69,7 +69,7 @@
# From to `backend-list`: # From to `backend-list`:
# - 0.0.0.0:8000 redirecting internaly to http://10.0.0.10:8001 and # - 0.0.0.0:8000 redirecting internaly to http://10.0.0.10:8001 and
# - [::1]:8000 redirecting internaly to http://10.0.0.10:8001 # - [::1]:8000 redirecting internaly to http://10.0.0.10:8001
# only accepting requests from clients who provide a valid SSL certificate trusted in `ca-cert`. # only accepting requests from clients who provide a valid SSL certificate trusted in `ca-cert-dir`.
# - 0.0.0.0:8002 redirecting internaly to http://10.0.0.10:8003 # - 0.0.0.0:8002 redirecting internaly to http://10.0.0.10:8003
# - [::1]:8002 redirecting internaly to http://10.0.0.10:8003 # - [::1]:8002 redirecting internaly to http://10.0.0.10:8003
# accepting requests from any client. # accepting requests from any client.
...@@ -83,6 +83,8 @@ ...@@ -83,6 +83,8 @@
# For more details, refer to # For more details, refer to
# https://docs.zope.org/zope2/zope2book/VirtualHosting.html#using-virtualhostroot-and-virtualhostbase-together # https://docs.zope.org/zope2/zope2book/VirtualHosting.html#using-virtualhostroot-and-virtualhostbase-together
-#} -#}
{% set ca_cert_dir = parameter_dict.get('ca-cert-dir') -%}
{% set crl_dir = parameter_dict.get('crl-dir') -%}
LoadModule unixd_module modules/mod_unixd.so LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_core_module modules/mod_authz_core.so
...@@ -103,7 +105,7 @@ LoadModule headers_module modules/mod_headers.so ...@@ -103,7 +105,7 @@ LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so LoadModule deflate_module modules/mod_deflate.so
LoadModule filter_module modules/mod_filter.so LoadModule filter_module modules/mod_filter.so
AddOutputFilterByType DEFLATE text/cache-manifest text/html text/plain text/css application/hal+json application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/x-font-ttf application/font-woff application/font-woff2 application/x-font-opentype application/wasm AddOutputFilterByType DEFLATE text/cache-manifest text/html text/plain text/css application/hal+json application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript application/javascript image/svg+xml application/x-font-ttf application/font-woff application/font-woff2 application/x-font-opentype application/wasm
PidFile "{{ parameter_dict['pid-file'] }}" PidFile "{{ parameter_dict['pid-file'] }}"
ServerAdmin admin@ ServerAdmin admin@
...@@ -133,17 +135,16 @@ SSLProxyEngine On ...@@ -133,17 +135,16 @@ SSLProxyEngine On
# As backend is trusting Remote-User header unset it always # As backend is trusting Remote-User header unset it always
RequestHeader unset Remote-User RequestHeader unset Remote-User
{% if parameter_dict['ca-cert'] -%} {% if ca_cert_dir -%}
SSLVerifyClient optional SSLVerifyClient optional
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
SSLCACertificateFile {{ parameter_dict['ca-cert'] }} RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
{% if not parameter_dict['shared-ca-cert'] %} SSLCACertificatePath {{ ca_cert_dir }}
{% if parameter_dict['crl'] -%} {% if crl_dir -%}
SSLCARevocationCheck chain SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }} SSLCARevocationPath {{ crl_dir }}
{%- endif %} {% endif -%}
{%- endif %} {% endif -%}
{%- endif %}
ErrorLog "{{ parameter_dict['error-log'] }}" ErrorLog "{{ parameter_dict['error-log'] }}"
# Default apache log format with request time in microsecond at the end # Default apache log format with request time in microsecond at the end
...@@ -163,12 +164,8 @@ Listen {{ ip }}:{{ port }} ...@@ -163,12 +164,8 @@ Listen {{ ip }}:{{ port }}
{% endfor -%} {% endfor -%}
<VirtualHost *:{{ port }}> <VirtualHost *:{{ port }}>
SSLEngine on SSLEngine on
{% if enable_authentication and parameter_dict['shared-ca-cert'] and parameter_dict['shared-crl'] -%} {% if enable_authentication and ca_cert_dir -%}
SSLVerifyClient require SSLVerifyClient require
# Custom block we use for now different parameters.
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
...@@ -186,11 +183,8 @@ Listen {{ ip }}:{{ port }} ...@@ -186,11 +183,8 @@ Listen {{ ip }}:{{ port }}
<VirtualHost {{ ip }}:{{ port }}> <VirtualHost {{ ip }}:{{ port }}>
SSLEngine on SSLEngine on
Timeout 3600 Timeout 3600
{% if enable_authentication and parameter_dict['ca-cert'] and parameter_dict['crl'] -%} {% if enable_authentication and ca_cert_dir -%}
SSLVerifyClient require SSLVerifyClient require
SSLCACertificateFile {{ parameter_dict['ca-cert'] }}
SSLCARevocationCheck chain
SSLCARevocationFile {{ parameter_dict['crl'] }}
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
......
...@@ -18,8 +18,8 @@ md5sum = 2ef0ddc206c6b0982a37cfc21f23e423 ...@@ -18,8 +18,8 @@ md5sum = 2ef0ddc206c6b0982a37cfc21f23e423
[template-balancer] [template-balancer]
filename = instance-balancer.cfg.in filename = instance-balancer.cfg.in
md5sum = ef86e09e44ac67a9b15939df0ab4a466 md5sum = d10a5ddfffa67b8ca01b3e38315bae2f
[template-apache-backend-conf] [template-apache-backend-conf]
filename = apache-backend.conf.in filename = apache-backend.conf.in
md5sum = 48f086ce1acffca7bab942b43d856fb7 md5sum = a169c1d6b0f2636f21f180e8a0b52137
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
{% set part_list = [] -%} {% set part_list = [] -%}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%} {% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
{% set ssl_parameter_dict = slapparameter_dict['ssl'] -%} {% set ssl_parameter_dict = slapparameter_dict['ssl'] -%}
{% set frontend_caucase_url_list = ssl_parameter_dict.get('frontend_caucase_url_list', []) -%}
{% set shared_ca_path = slapparameter_dict.get('shared-certificate-authority-path') -%} {% set shared_ca_path = slapparameter_dict.get('shared-certificate-authority-path') -%}
{# {#
XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6 XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
...@@ -28,8 +29,8 @@ mode = 644 ...@@ -28,8 +29,8 @@ mode = 644
url=ssl_parameter_dict['caucase-url'], url=ssl_parameter_dict['caucase-url'],
data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
crt_path='${apache-conf-ssl:caucase-cert}', crt_path='${apache-conf-ssl:caucase-cert}',
ca_path='${apache-conf-ssl:ca-cert}', ca_path='${directory:srv}/caucase-updater/ca.crt',
crl_path='${apache-conf-ssl:crl}', crl_path='${directory:srv}/caucase-updater/crl.pem',
key_path='${apache-conf-ssl:caucase-key}', key_path='${apache-conf-ssl:caucase-key}',
on_renew='${apache-graceful:output}', on_renew='${apache-graceful:output}',
max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0), max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
...@@ -37,6 +38,69 @@ mode = 644 ...@@ -37,6 +38,69 @@ mode = 644
openssl=parameter_dict['openssl'] ~ '/bin/openssl', openssl=parameter_dict['openssl'] ~ '/bin/openssl',
)}} )}}
{% do section('caucase-updater') -%} {% do section('caucase-updater') -%}
{% do section('caucase-updater-promise') -%}
{% set frontend_caucase_url_hash_list = [] -%}
{% for frontend_caucase_url in frontend_caucase_url_list -%}
{% set hash = hashlib.md5(frontend_caucase_url).hexdigest() -%}
{% do frontend_caucase_url_hash_list.append(hash) -%}
{% set data_dir = '${directory:srv}/client-cert-ca/%s' % hash -%}
{{ caucase.updater(
prefix='caucase-updater-%s' % hash,
buildout_bin_directory=parameter_dict['bin-directory'],
updater_path='${directory:services-on-watch}/caucase-updater-%s' % hash,
url=frontend_caucase_url,
data_dir=data_dir,
ca_path='%s/ca.crt' % data_dir,
crl_path='%s/crl.pem' % data_dir,
on_renew='${caucase-updater-housekeeper:output}; ${apache-graceful:output}',
max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
openssl=parameter_dict['openssl'] ~ '/bin/openssl',
)}}
{% do section('caucase-updater-%s' % hash) -%}
{% endfor -%}
{% if frontend_caucase_url_hash_list -%}
[caucase-updater-housekeeper]
recipe = collective.recipe.template
output = ${directory:bin}/caucase-updater-housekeeper
mode = 700
input =
inline:
#!${buildout:executable}
import glob
import os
import subprocess
hash_list = {{ repr(frontend_caucase_url_hash_list) }}
crt_list = ['%s.crt' % e for e in hash_list]
crl_list = ['%s.crl' % e for e in hash_list]
{% if shared_ca_path -%}
crt_list.append('{{ shared_ca_path }}/cacert.pem')
crl_list.append('{{ shared_ca_path }}/crl')
{% endif -%}
for path in glob.glob('${apache-conf-ssl:ca-cert-dir}/*.crt'):
if os.path.basename(path) not in crt_list:
os.unlink(path)
for path in glob.glob('${apache-conf-ssl:crl-dir}/*.crl'):
if os.path.basename(path) not in crl_list:
os.unlink(path)
for hash in hash_list:
crt = '${directory:srv}/client-cert-ca/%s/ca.crt' % hash
crt_link = '${apache-conf-ssl:ca-cert-dir}/%s.crt' % hash
crl = '${directory:srv}/client-cert-ca/%s/crl.pem' % hash
crl_link = '${apache-conf-ssl:crl-dir}/%s.crl' % hash
if os.path.isfile(crt) and not os.path.islink(crt_link):
os.symlink(crt, crt_link)
if os.path.isfile(crl) and not os.path.islink(crl_link):
os.symlink(crl, crl_link)
subprocess.check_call(['{{ parameter_dict["openssl"] }}/bin/c_rehash', '${apache-conf-ssl:ca-cert-dir}'])
subprocess.check_call(['{{ parameter_dict["openssl"] }}/bin/c_rehash', '${apache-conf-ssl:crl-dir}'])
[caucase-updater-housekeeper-run]
recipe = plone.recipe.command
command = ${caucase-updater-housekeeper:output}
update-command = ${:command}
{% endif -%}
{% set haproxy_dict = {} -%} {% set haproxy_dict = {} -%}
{% set apache_dict = {} -%} {% set apache_dict = {} -%}
...@@ -123,8 +187,27 @@ key = ${directory:apache-conf}/apache.pem ...@@ -123,8 +187,27 @@ key = ${directory:apache-conf}/apache.pem
# XXX caucase certificate is not supported by caddy for now # XXX caucase certificate is not supported by caddy for now
caucase-cert = ${directory:apache-conf}/apache-caucase.crt caucase-cert = ${directory:apache-conf}/apache-caucase.crt
caucase-key = ${directory:apache-conf}/apache-caucase.pem caucase-key = ${directory:apache-conf}/apache-caucase.pem
ca-cert = ${directory:apache-conf}/ca.crt {% if frontend_caucase_url_list -%}
crl = ${directory:apache-conf}/crl.pem depends = ${caucase-updater-housekeeper-run:recipe}
ca-cert-dir = ${directory:apache-ca-cert-dir}
crl-dir = ${directory:apache-crl-dir}
{%- endif %}
[simplefile]
< = jinja2-template-base
template = inline:{{ '{{ content }}' }}
{% macro simplefile(section_name, file_path, content, mode='') -%}
{% set content_section_name = section_name ~ '-content' -%}
[{{ content_section_name }}]
content = {{ dumps(content) }}
[{{ section(section_name) }}]
< = simplefile
rendered = {{ file_path }}
context = key content {{content_section_name}}:content
mode = {{ mode }}
{%- endmacro %}
[apache-ssl] [apache-ssl]
{% if ssl_parameter_dict.get('key') -%} {% if ssl_parameter_dict.get('key') -%}
...@@ -154,13 +237,10 @@ cert = ${apache-ssl:cert} ...@@ -154,13 +237,10 @@ cert = ${apache-ssl:cert}
key = ${apache-ssl:key} key = ${apache-ssl:key}
cipher = cipher =
ssl-session-cache = ${directory:log}/apache-ssl-session-cache ssl-session-cache = ${directory:log}/apache-ssl-session-cache
{% if frontend_caucase_url_list -%}
# Client x509 auth # Client x509 auth
ca-cert = ${apache-conf-ssl:ca-cert} ca-cert-dir = ${apache-conf-ssl:ca-cert-dir}
crl = ${apache-conf-ssl:crl} crl-dir = ${apache-conf-ssl:crl-dir}
{% if shared_ca_path -%}
shared-ca-cert = {{ shared_ca_path }}/cacert.pem
shared-crl = {{ shared_ca_path }}/crl
{%- endif %} {%- endif %}
[apache-conf] [apache-conf]
...@@ -186,8 +266,8 @@ input = inline: ...@@ -186,8 +266,8 @@ input = inline:
kill -USR1 "$(cat '${apache-conf-parameter-dict:pid-file}')" kill -USR1 "$(cat '${apache-conf-parameter-dict:pid-file}')"
[{{ section('apache-promise') }}] [{{ section('apache-promise') }}]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
<= monitor-promise-base <= monitor-promise-base
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
module = check_port_listening module = check_port_listening
name = apache.py name = apache.py
config-hostname = {{ ipv4 }} config-hostname = {{ ipv4 }}
...@@ -228,6 +308,10 @@ post = test ! -s ${apache-conf-parameter-dict:pid-file} || {{ parameter_dict['bi ...@@ -228,6 +308,10 @@ post = test ! -s ${apache-conf-parameter-dict:pid-file} || {{ parameter_dict['bi
[directory] [directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
apache-conf = ${:etc}/apache apache-conf = ${:etc}/apache
{% if frontend_caucase_url_list -%}
apache-ca-cert-dir = ${:apache-conf}/ssl.crt
apache-crl-dir = ${:apache-conf}/ssl.crl
{% endif -%}
bin = ${buildout:directory}/bin bin = ${buildout:directory}/bin
etc = ${buildout:directory}/etc etc = ${buildout:directory}/etc
services = ${:etc}/run services = ${:etc}/run
......
...@@ -15,4 +15,4 @@ ...@@ -15,4 +15,4 @@
[template] [template]
filename = instance.cfg filename = instance.cfg
md5sum = b21b2a9ac7f027a044a897c6eacbba56 md5sum = 298bac4a631de3b30593b9a1dcf63e1c
...@@ -36,7 +36,7 @@ command-line = ...@@ -36,7 +36,7 @@ command-line =
--source_code_path_list={{ ','.join(tests.splitlines()) }} --source_code_path_list={{ ','.join(tests.splitlines()) }}
environment = environment =
PATH={{ buildout['bin-directory'] }}:{{ quic_client_location }}:{{ curl_location }}/bin/:/usr/bin/:/bin PATH={{ buildout['bin-directory'] }}:{{ curl_location }}/bin/:/usr/bin/:/bin
SLAPOS_TEST_IPV4=${slap-configuration:ipv4-random} SLAPOS_TEST_IPV4=${slap-configuration:ipv4-random}
SLAPOS_TEST_IPV6=${slap-configuration:ipv6-random} SLAPOS_TEST_IPV6=${slap-configuration:ipv6-random}
SLAPOS_TEST_WORKING_DIR=${directory:working-dir} SLAPOS_TEST_WORKING_DIR=${directory:working-dir}
...@@ -13,3 +13,4 @@ eggs -= ...@@ -13,3 +13,4 @@ eggs -=
[template] [template]
extra = extra =
${slapos.test.monitor-setup:setup} ${slapos.test.monitor-setup:setup}
${slapos.test.powerdns-setup:setup}
...@@ -8,7 +8,6 @@ extends = ...@@ -8,7 +8,6 @@ extends =
../../component/python-cryptography/buildout.cfg ../../component/python-cryptography/buildout.cfg
../../component/python-mysqlclient/buildout.cfg ../../component/python-mysqlclient/buildout.cfg
../../component/python-pynacl/buildout.cfg ../../component/python-pynacl/buildout.cfg
../../component/quic_client-bin/buildout.cfg
../../component/python-backports-lzma/buildout.cfg ../../component/python-backports-lzma/buildout.cfg
../../stack/slapos.cfg ../../stack/slapos.cfg
...@@ -235,7 +234,6 @@ context = ...@@ -235,7 +234,6 @@ context =
key git_location git:location key git_location git:location
key slapos_location slapos-repository:location key slapos_location slapos-repository:location
key interpreter eggs:interpreter key interpreter eggs:interpreter
key quic_client_location quic_client-bin:location
key curl_location curl:location key curl_location curl:location
key tests :tests key tests :tests
tests = tests =
...@@ -251,7 +249,6 @@ extra = ...@@ -251,7 +249,6 @@ extra =
${slapos.test.htmlvalidatorserver-setup:setup} ${slapos.test.htmlvalidatorserver-setup:setup}
${slapos.test.slapos-master-setup:setup} ${slapos.test.slapos-master-setup:setup}
${slapos.test.plantuml-setup:setup} ${slapos.test.plantuml-setup:setup}
${slapos.test.powerdns-setup:setup}
${slapos.test.proftpd-setup:setup} ${slapos.test.proftpd-setup:setup}
${slapos.test.re6stnet-setup:setup} ${slapos.test.re6stnet-setup:setup}
${slapos.test.seleniumserver-setup:setup} ${slapos.test.seleniumserver-setup:setup}
......
...@@ -18,7 +18,7 @@ md5sum = 8d6878ff1d2e75010c50a1a2b0c13b24 ...@@ -18,7 +18,7 @@ md5sum = 8d6878ff1d2e75010c50a1a2b0c13b24
[template-runner] [template-runner]
filename = instance-runner.cfg filename = instance-runner.cfg
md5sum = b03f39d483cb7f3554fb40092b5b89fa md5sum = 376ae851bb13bd88b02ecd72249a64bd
[template-runner-import-script] [template-runner-import-script]
filename = template/runner-import.sh.jinja2 filename = template/runner-import.sh.jinja2
......
...@@ -37,9 +37,12 @@ common-runner-parts = ...@@ -37,9 +37,12 @@ common-runner-parts =
slaprunner-frontend-promise slaprunner-frontend-promise
httpd-frontend-promise httpd-frontend-promise
{% endif %} {% endif %}
{% if slapparameter_dict.get('custom-frontend-backend-url') and slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %} {% if slapparameter_dict.get('custom-frontend-backend-url') %}
custom-frontend-url-ready-promise
{% if slapparameter_dict.get('check-custom-frontend-promise', 'false') == 'true' %}
custom-frontend-promise custom-frontend-promise
{% endif %} {% endif %}
{% endif %}
## Monitoring part ## Monitoring part
monitor-base monitor-base
monitor-check-webrunner-internal-instance monitor-check-webrunner-internal-instance
......
...@@ -46,6 +46,8 @@ from slapos.recipe.librecipe import generateHashFromFiles ...@@ -46,6 +46,8 @@ from slapos.recipe.librecipe import generateHashFromFiles
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
from slapos.util import bytes2str from slapos.util import bytes2str
skipIfPython3 = unittest.skipIf(six.PY3, 'rdiff-backup is not compatible with Python 3 yet')
setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass( setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass(
os.path.abspath( os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', os.path.join(os.path.dirname(__file__), '..',
...@@ -476,6 +478,7 @@ class TestCustomFrontend(SlaprunnerTestCase): ...@@ -476,6 +478,7 @@ class TestCustomFrontend(SlaprunnerTestCase):
parameter_dict['custom-frontend-url'], parameter_dict['custom-frontend-url'],
'https://www.erp5.com') 'https://www.erp5.com')
@skipIfPython3
class TestResilientInstance(SlaprunnerTestCase): class TestResilientInstance(SlaprunnerTestCase):
instance_max_retry = 20 instance_max_retry = 20
...@@ -502,12 +505,14 @@ class TestResilientInstance(SlaprunnerTestCase): ...@@ -502,12 +505,14 @@ class TestResilientInstance(SlaprunnerTestCase):
'url', 'url',
'webdav-url'])) 'webdav-url']))
@skipIfPython3
class TestResilientCustomFrontend(TestCustomFrontend): class TestResilientCustomFrontend(TestCustomFrontend):
instance_max_retry = 20 instance_max_retry = 20
@classmethod @classmethod
def getInstanceSoftwareType(cls): def getInstanceSoftwareType(cls):
return 'resilient' return 'resilient'
@skipIfPython3
class TestResilientWebInstance(TestWeb): class TestResilientWebInstance(TestWeb):
instance_max_retry = 20 instance_max_retry = 20
@classmethod @classmethod
...@@ -518,6 +523,7 @@ class TestResilientWebInstance(TestWeb): ...@@ -518,6 +523,7 @@ class TestResilientWebInstance(TestWeb):
pass # Disable until we can write on runner0 rather them pass # Disable until we can write on runner0 rather them
# on root partition # on root partition
@skipIfPython3
class TestResilientWebrunnerBasicUsage(TestWebRunnerBasicUsage): class TestResilientWebrunnerBasicUsage(TestWebRunnerBasicUsage):
instance_max_retry = 20 instance_max_retry = 20
@classmethod @classmethod
...@@ -525,12 +531,14 @@ class TestResilientWebrunnerBasicUsage(TestWebRunnerBasicUsage): ...@@ -525,12 +531,14 @@ class TestResilientWebrunnerBasicUsage(TestWebRunnerBasicUsage):
return 'resilient' return 'resilient'
@skipIfPython3
class TestResilientWebrunnerAutorun(TestWebRunnerAutorun): class TestResilientWebrunnerAutorun(TestWebRunnerAutorun):
instance_max_retry = 20 instance_max_retry = 20
@classmethod @classmethod
def getInstanceSoftwareType(cls): def getInstanceSoftwareType(cls):
return 'resilient' return 'resilient'
@skipIfPython3
class TestResilientDummyInstance(SlaprunnerTestCase): class TestResilientDummyInstance(SlaprunnerTestCase):
instance_max_retry = 20 instance_max_retry = 20
@classmethod @classmethod
......
...@@ -76,7 +76,6 @@ repository = https://lab.nexedi.com/nexedi/wendelin.git ...@@ -76,7 +76,6 @@ repository = https://lab.nexedi.com/nexedi/wendelin.git
branch = master branch = master
[versions] [versions]
msgpack = 0.6.1
msgpack-numpy = 0.4.4.3 msgpack-numpy = 0.4.4.3
wendelin.core = 0.13 wendelin.core = 0.13
......
...@@ -72,7 +72,7 @@ Client ...@@ -72,7 +72,7 @@ Client
This script allows you to re-issue a CSR using a locally-generated private key. This script allows you to re-issue a CSR using a locally-generated private key.
.. topic:: ``updater(prefix, buildout_bin_directory, updater_path, url, data_dir, crt_path, ca_path, crl_path, key_path=None, on_renew=None, max_sleep=None, mode='service', template_csr_pem=None, openssl=None)`` .. topic:: ``updater(prefix, buildout_bin_directory, updater_path, url, data_dir, ca_path, crl_path, crt_path=None, key_path=None, on_renew=None, max_sleep=None, mode='service', template_csr_pem=None, openssl=None)``
- ``<prefix>``: Creates ``<updater>`` executable file to start ``caucase-updater``, and ``<data_dir>`` directory for its data storage needs. - ``<prefix>``: Creates ``<updater>`` executable file to start ``caucase-updater``, and ``<data_dir>`` directory for its data storage needs.
......
...@@ -35,6 +35,6 @@ mode = 0644 ...@@ -35,6 +35,6 @@ mode = 0644
depends = ${caucase-jinja2-library-eggs:eggs} depends = ${caucase-jinja2-library-eggs:eggs}
[versions] [versions]
caucase = 0.9.7 caucase = 0.9.8
pem = 17.1.0 pem = 20.1.0
PyJWT = 1.7.1 PyJWT = 1.7.1
...@@ -15,4 +15,4 @@ ...@@ -15,4 +15,4 @@
[caucase-jinja2-library] [caucase-jinja2-library]
filename = caucase.jinja2.library filename = caucase.jinja2.library
md5sum = 9a7247cdb2ee1d66c074b0660c54713f md5sum = 2e7e61bb0cf41c28d6d811a0283cf03e
...@@ -43,9 +43,9 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc ...@@ -43,9 +43,9 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
updater_path, updater_path,
url, url,
data_dir, data_dir,
crt_path,
ca_path, ca_path,
crl_path, crl_path,
crt_path=None,
key_path=None, key_path=None,
on_renew=None, on_renew=None,
max_sleep=None, max_sleep=None,
...@@ -59,6 +59,7 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc ...@@ -59,6 +59,7 @@ config-command = '{{ buildout_bin_directory }}/caucase-probe' 'http://{{ netloc
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
data-dir = {{ data_dir }} data-dir = {{ data_dir }}
{% if crt_path %}
{% if template_csr_pem or template_csr -%} {% if template_csr_pem or template_csr -%}
[{{ prefix }}-provided-csr-content] [{{ prefix }}-provided-csr-content]
{% if template_csr_pem %} {% if template_csr_pem %}
...@@ -90,6 +91,7 @@ recipe = plone.recipe.command ...@@ -90,6 +91,7 @@ recipe = plone.recipe.command
command = '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}' command = '{{ openssl }}' req -newkey rsa:2048 -batch -new -nodes -subj /CN=example.com -keyout '{{ key_path or crt_path }}' -out '${:csr}'
{%- endif %} {%- endif %}
csr = ${ {{- prefix }}-directory:data-dir}/good.csr.pem csr = ${ {{- prefix }}-directory:data-dir}/good.csr.pem
{%- endif %}
[{{ prefix }}] [{{ prefix }}]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
...@@ -98,8 +100,8 @@ command-line = '{{ buildout_bin_directory }}/caucase-updater' ...@@ -98,8 +100,8 @@ command-line = '{{ buildout_bin_directory }}/caucase-updater'
--ca-url '{{ url }}' --ca-url '{{ url }}'
--cas-ca '${ {{- prefix }}-directory:data-dir}/cas.crt.pem' --cas-ca '${ {{- prefix }}-directory:data-dir}/cas.crt.pem'
--mode '{{ mode }}' --mode '{{ mode }}'
--csr '${ {{- prefix }}-csr:csr}' {% if crt_path %}--csr '${ {{- prefix }}-csr:csr}'
--crt '{{ crt_path }}' --crt '{{ crt_path }}' {%- endif %}
--ca '{{ ca_path }}' --ca '{{ ca_path }}'
--crl '{{ crl_path }}' --crl '{{ crl_path }}'
{% if key_path %}--key '{{ key_path }}' {%- endif %} {% if key_path %}--key '{{ key_path }}' {%- endif %}
......
...@@ -630,7 +630,6 @@ WSGIUtils = 0.7 ...@@ -630,7 +630,6 @@ WSGIUtils = 0.7
ZODB3 = 3.11.0 ZODB3 = 3.11.0
# astroid 1.4.1 breaks testDynamicClassGeneration # astroid 1.4.1 breaks testDynamicClassGeneration
astroid = 1.3.8 astroid = 1.3.8
chardet = 2.3.0
csp-eventlet = 0.7.0 csp-eventlet = 0.7.0
erp5diff = 0.8.1.7 erp5diff = 0.8.1.7
eventlet = 0.20.1 eventlet = 0.20.1
......
...@@ -34,7 +34,7 @@ md5sum = e91c0fbd0df441884f7422fa7976053c ...@@ -34,7 +34,7 @@ md5sum = e91c0fbd0df441884f7422fa7976053c
[template-zope-conf] [template-zope-conf]
filename = zope.conf.in filename = zope.conf.in
md5sum = 762897486b1e7e28b614224a9a577125 md5sum = c43da8f7b4db22e40a4864e6cfcaef44
[site-zcml] [site-zcml]
filename = site.zcml filename = site.zcml
...@@ -70,7 +70,7 @@ md5sum = cc19560b9400cecbd23064d55c501eec ...@@ -70,7 +70,7 @@ md5sum = cc19560b9400cecbd23064d55c501eec
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = f0f3b18f9963b137e366752886591fc3 md5sum = 328ea2bb5f2bff18f8be8c541c01f260
[monitor-template-dummy] [monitor-template-dummy]
filename = dummy.cfg filename = dummy.cfg
...@@ -90,8 +90,8 @@ md5sum = 2f3ddd328ac1c375e483ecb2ef5ffb57 ...@@ -90,8 +90,8 @@ md5sum = 2f3ddd328ac1c375e483ecb2ef5ffb57
[template-balancer] [template-balancer]
filename = instance-balancer.cfg.in filename = instance-balancer.cfg.in
md5sum = 6851e0c28a025bd26a4d3450204ae335 md5sum = 0097e49b5bd7ad4978c722c1cdd27d6c
[template-haproxy-cfg] [template-haproxy-cfg]
filename = haproxy.cfg.in filename = haproxy.cfg.in
md5sum = 13f1f731ec941f4ba941d6fa8834a5cc md5sum = fec6a312e4ef84b02837742992aaf495
...@@ -4,10 +4,7 @@ global ...@@ -4,10 +4,7 @@ global
stats socket {{ parameter_dict['socket-path'] }} level admin stats socket {{ parameter_dict['socket-path'] }} level admin
defaults defaults
log global
mode http mode http
option httplog
option dontlognull
retries 1 retries 1
option redispatch option redispatch
maxconn 2000 maxconn 2000
...@@ -28,12 +25,12 @@ defaults ...@@ -28,12 +25,12 @@ defaults
timeout connect 5s timeout connect 5s
# As requested in haproxy doc, make this "at least equal to timeout server". # As requested in haproxy doc, make this "at least equal to timeout server".
timeout client 305s timeout client 305s
# Use "option forceclose" to not preserve client & server persistent connections # Use "option httpclose" to not preserve client & server persistent connections
# while handling every incoming request individually, dispatching them one after # while handling every incoming request individually, dispatching them one after
# another to servers, in HTTP close mode. This is really needed when haproxy # another to servers, in HTTP close mode. This is really needed when haproxy
# is configured with maxconn to 1, without this option browsers are unable # is configured with maxconn to 1, without this option browsers are unable
# to render a page # to render a page
option forceclose option httpclose
{% for name, (port, backend_list) in sorted(parameter_dict['backend-dict'].iteritems()) -%} {% for name, (port, backend_list) in sorted(parameter_dict['backend-dict'].iteritems()) -%}
listen {{ name }} listen {{ name }}
......
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
{% set part_list = [] -%} {% set part_list = [] -%}
{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%} {% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
{% set ssl_parameter_dict = slapparameter_dict['ssl'] -%} {% set ssl_parameter_dict = slapparameter_dict['ssl'] -%}
{% set frontend_caucase_url_list = ssl_parameter_dict.get('frontend-caucase-url-list', []) -%}
{# {#
XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6 XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
per partition. No more (undefined result), no less (IndexError). per partition. No more (undefined result), no less (IndexError).
...@@ -27,8 +28,8 @@ mode = 644 ...@@ -27,8 +28,8 @@ mode = 644
url=ssl_parameter_dict['caucase-url'], url=ssl_parameter_dict['caucase-url'],
data_dir='${directory:srv}/caucase-updater', data_dir='${directory:srv}/caucase-updater',
crt_path='${apache-conf-ssl:caucase-cert}', crt_path='${apache-conf-ssl:caucase-cert}',
ca_path='${apache-conf-ssl:ca-cert}', ca_path='${directory:srv}/caucase-updater/ca.crt',
crl_path='${apache-conf-ssl:crl}', crl_path='${directory:srv}/caucase-updater/crl.pem',
key_path='${apache-conf-ssl:caucase-key}', key_path='${apache-conf-ssl:caucase-key}',
on_renew='${apache-graceful:output}', on_renew='${apache-graceful:output}',
max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0), max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
...@@ -38,6 +39,64 @@ mode = 644 ...@@ -38,6 +39,64 @@ mode = 644
{% do section('caucase-updater') -%} {% do section('caucase-updater') -%}
{% do section('caucase-updater-promise') -%} {% do section('caucase-updater-promise') -%}
{% set frontend_caucase_url_hash_list = [] -%}
{% for frontend_caucase_url in frontend_caucase_url_list -%}
{% set hash = hashlib.md5(frontend_caucase_url).hexdigest() -%}
{% do frontend_caucase_url_hash_list.append(hash) -%}
{% set data_dir = '${directory:srv}/client-cert-ca/%s' % hash -%}
{{ caucase.updater(
prefix='caucase-updater-%s' % hash,
buildout_bin_directory=parameter_dict['bin-directory'],
updater_path='${directory:services-on-watch}/caucase-updater-%s' % hash,
url=frontend_caucase_url,
data_dir=data_dir,
ca_path='%s/ca.crt' % data_dir,
crl_path='%s/crl.pem' % data_dir,
on_renew='${caucase-updater-housekeeper:output}; ${apache-graceful:output}',
max_sleep=ssl_parameter_dict.get('max-crl-update-delay', 1.0),
openssl=parameter_dict['openssl'] ~ '/bin/openssl',
)}}
{% do section('caucase-updater-%s' % hash) -%}
{% endfor -%}
{% if frontend_caucase_url_hash_list -%}
[caucase-updater-housekeeper]
recipe = collective.recipe.template
output = ${directory:bin}/caucase-updater-housekeeper
mode = 700
input =
inline:
#!${buildout:executable}
import glob
import os
import subprocess
hash_list = {{ repr(frontend_caucase_url_hash_list) }}
crt_list = ['%s.crt' % e for e in hash_list]
crl_list = ['%s.crl' % e for e in hash_list]
for path in glob.glob('${apache-conf-ssl:ca-cert-dir}/*.crt'):
if os.path.basename(path) not in crt_list:
os.unlink(path)
for path in glob.glob('${apache-conf-ssl:crl-dir}/*.crl'):
if os.path.basename(path) not in crl_list:
os.unlink(path)
for hash in hash_list:
crt = '${directory:srv}/client-cert-ca/%s/ca.crt' % hash
crt_link = '${apache-conf-ssl:ca-cert-dir}/%s.crt' % hash
crl = '${directory:srv}/client-cert-ca/%s/crl.pem' % hash
crl_link = '${apache-conf-ssl:crl-dir}/%s.crl' % hash
if os.path.isfile(crt) and not os.path.islink(crt_link):
os.symlink(crt, crt_link)
if os.path.isfile(crl) and not os.path.islink(crl_link):
os.symlink(crl, crl_link)
subprocess.check_call(['{{ parameter_dict["openssl"] }}/bin/c_rehash', '${apache-conf-ssl:ca-cert-dir}'])
subprocess.check_call(['{{ parameter_dict["openssl"] }}/bin/c_rehash', '${apache-conf-ssl:crl-dir}'])
[caucase-updater-housekeeper-run]
recipe = plone.recipe.command
command = ${caucase-updater-housekeeper:output}
update-command = ${:command}
{% endif -%}
{% set haproxy_dict = {} -%} {% set haproxy_dict = {} -%}
{% set apache_dict = {} -%} {% set apache_dict = {} -%}
{% set zope_virtualhost_monster_backend_dict = {} %} {% set zope_virtualhost_monster_backend_dict = {} %}
...@@ -123,8 +182,27 @@ key = ${directory:apache-conf}/apache.pem ...@@ -123,8 +182,27 @@ key = ${directory:apache-conf}/apache.pem
# XXX caucase certificate is not supported by caddy for now # XXX caucase certificate is not supported by caddy for now
caucase-cert = ${directory:apache-conf}/apache-caucase.crt caucase-cert = ${directory:apache-conf}/apache-caucase.crt
caucase-key = ${directory:apache-conf}/apache-caucase.pem caucase-key = ${directory:apache-conf}/apache-caucase.pem
ca-cert = ${directory:apache-conf}/ca.crt {% if frontend_caucase_url_list -%}
crl = ${directory:apache-conf}/crl.pem depends = ${caucase-updater-housekeeper-run:recipe}
ca-cert-dir = ${directory:apache-ca-cert-dir}
crl-dir = ${directory:apache-crl-dir}
{%- endif %}
[simplefile]
< = jinja2-template-base
template = inline:{{ '{{ content }}' }}
{% macro simplefile(section_name, file_path, content, mode='') -%}
{% set content_section_name = section_name ~ '-content' -%}
[{{ content_section_name }}]
content = {{ dumps(content) }}
[{{ section(section_name) }}]
< = simplefile
rendered = {{ file_path }}
context = key content {{content_section_name}}:content
mode = {{ mode }}
{%- endmacro %}
[apache-ssl] [apache-ssl]
{% if ssl_parameter_dict.get('key') -%} {% if ssl_parameter_dict.get('key') -%}
...@@ -154,9 +232,11 @@ cert = ${apache-ssl:cert} ...@@ -154,9 +232,11 @@ cert = ${apache-ssl:cert}
key = ${apache-ssl:key} key = ${apache-ssl:key}
cipher = cipher =
ssl-session-cache = ${directory:log}/apache-ssl-session-cache ssl-session-cache = ${directory:log}/apache-ssl-session-cache
{% if frontend_caucase_url_list -%}
# Client x509 auth # Client x509 auth
ca-cert = ${apache-conf-ssl:ca-cert} ca-cert-dir = ${apache-conf-ssl:ca-cert-dir}
crl = ${apache-conf-ssl:crl} crl-dir = ${apache-conf-ssl:crl-dir}
{%- endif %}
[apache-conf] [apache-conf]
< = jinja2-template-base < = jinja2-template-base
...@@ -209,6 +289,10 @@ post = test ! -s ${apache-conf-parameter-dict:pid-file} || {{ parameter_dict['bi ...@@ -209,6 +289,10 @@ post = test ! -s ${apache-conf-parameter-dict:pid-file} || {{ parameter_dict['bi
[directory] [directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
apache-conf = ${:etc}/apache apache-conf = ${:etc}/apache
{% if frontend_caucase_url_list -%}
apache-ca-cert-dir = ${:apache-conf}/ssl.crt
apache-crl-dir = ${:apache-conf}/ssl.crl
{% endif -%}
bin = ${buildout:directory}/bin bin = ${buildout:directory}/bin
etc = ${buildout:directory}/etc etc = ${buildout:directory}/etc
services = ${:etc}/run services = ${:etc}/run
......
...@@ -72,6 +72,7 @@ filename = instance-balancer.cfg ...@@ -72,6 +72,7 @@ filename = instance-balancer.cfg
extra-context = extra-context =
section parameter_dict dynamic-template-balancer-parameters section parameter_dict dynamic-template-balancer-parameters
import itertools itertools import itertools itertools
import hashlib hashlib
import-list = import-list =
file caucase context:caucase-jinja2-library file caucase context:caucase-jinja2-library
......
...@@ -25,6 +25,13 @@ rest-output-encoding utf-8 ...@@ -25,6 +25,13 @@ rest-output-encoding utf-8
# XXX: isn't this entry implicit ? # XXX: isn't this entry implicit ?
products {{ parameter_dict['instance-products'] }} products {{ parameter_dict['instance-products'] }}
# Magic parameter to use the first entry of X-Forwarded-For as the source IP address.
# (see monkey patches in ERP5Type/patches/HTTPRequest.py and ERP5Type/patches/http_server.py)
# * Frontend HTTP server should drop incoming X-Forwarded-For.
# * Communication between frontend and backend should use SSL Client Authentication.
# * Backend proxy drops incoming X-Forwarded-For without valid SSL Client Authentification.
trusted-proxy 0.0.0.0
{% if not parameter_dict['wsgi'] -%} {% if not parameter_dict['wsgi'] -%}
{% if parameter_dict['webdav'] -%} {% if parameter_dict['webdav'] -%}
<webdav-source-server> <webdav-source-server>
......
...@@ -134,16 +134,16 @@ Jinja2 = 2.9.5 ...@@ -134,16 +134,16 @@ Jinja2 = 2.9.5
MarkupSafe = 1.0 MarkupSafe = 1.0
PyYAML = 3.13 PyYAML = 3.13
Werkzeug = 0.12 Werkzeug = 0.12
asn1crypto = 0.21.1 asn1crypto = 1.3.0
cffi = 1.9.1 cffi = 1.14.0
click = 6.7 click = 6.7
cliff = 2.4.0 cliff = 2.4.0
cmd2 = 0.7.0 cmd2 = 0.7.0
collective.recipe.shelloutput = 0.1 collective.recipe.shelloutput = 0.1
collective.recipe.template = 2.0 collective.recipe.template = 2.0
cryptography = 2.3.1 cryptography = 2.9.2
decorator = 4.3.0 decorator = 4.3.0
idna = 2.2 idna = 2.9
inotify-simple = 1.1.1 inotify-simple = 1.1.1
itsdangerous = 0.24 itsdangerous = 0.24
lock-file = 2.0 lock-file = 2.0
...@@ -154,10 +154,10 @@ pbr = 2.0.0 ...@@ -154,10 +154,10 @@ pbr = 2.0.0
plone.recipe.command = 1.1 plone.recipe.command = 1.1
prettytable = 0.7.2 prettytable = 0.7.2
psutil = 5.6.3 psutil = 5.6.3
pyOpenSSL = 18.0.0 pyOpenSSL = 19.1.0
pyparsing = 2.2.0 pyparsing = 2.2.0
pytz = 2016.10 pytz = 2016.10
requests = 2.13.0 requests = 2.24.0
six = 1.12.0 six = 1.12.0
slapos.cookbook = 1.0.152 slapos.cookbook = 1.0.152
slapos.core = 1.5.12 slapos.core = 1.5.12
...@@ -174,7 +174,7 @@ unicodecsv = 0.14.1 ...@@ -174,7 +174,7 @@ unicodecsv = 0.14.1
xml-marshaller = 1.0.2 xml-marshaller = 1.0.2
paramiko = 2.1.3 paramiko = 2.1.3
CacheControl = 0.12.5 CacheControl = 0.12.5
msgpack = 0.6.1 msgpack = 0.6.2
# Required by: # Required by:
# slapos.core==1.5.0 # slapos.core==1.5.0
...@@ -214,7 +214,7 @@ dnspython = 1.15.0 ...@@ -214,7 +214,7 @@ dnspython = 1.15.0
# Required by: # Required by:
# cryptography==1.8.1 # cryptography==1.8.1
enum34 = 1.1.6 enum34 = 1.1.10
# Required by: # Required by:
# slapos.toolbox==0.94 # slapos.toolbox==0.94
...@@ -242,7 +242,7 @@ setuptools-scm = 3.5.0 ...@@ -242,7 +242,7 @@ setuptools-scm = 3.5.0
# Required by: # Required by:
# cryptography==1.8.1 # cryptography==1.8.1
ipaddress = 1.0.18 ipaddress = 1.0.23
# Required by: # Required by:
# slapos.cookbook==1.0.143 # slapos.cookbook==1.0.143
...@@ -271,7 +271,7 @@ pyasn1 = 0.4.5 ...@@ -271,7 +271,7 @@ pyasn1 = 0.4.5
# Required by: # Required by:
# cffi==1.9.1 # cffi==1.9.1
pycparser = 2.17 pycparser = 2.20
# Required by: # Required by:
# slapos.toolbox==0.94 # slapos.toolbox==0.94
...@@ -301,6 +301,18 @@ uritemplate = 3.0.0 ...@@ -301,6 +301,18 @@ uritemplate = 3.0.0
# slapos.core==1.5.0 # slapos.core==1.5.0
zope.interface = 4.3.3 zope.interface = 4.3.3
# Required by:
# requests==2.24.0
certifi = 2020.6.20
# Required by:
# requests==2.24.0
chardet = 3.0.4
# Required by:
# requests==2.24.0
urllib3 = 1.25.9
[networkcache] [networkcache]
download-cache-url = http://shacache.nxdcdn.com download-cache-url = http://shacache.nxdcdn.com
download-dir-url = http://shadir.nxdcdn.com download-dir-url = http://shadir.nxdcdn.com
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment