caddy-frontend: Use jinja2 to generate caddy-wrapper

As infromation passed to caddy-wrapper comes also from the network it has to be templated using jinja2 in order to dump variables correctly.

caddy-frontend: Use jinja2 to generate caddy-wrapper
As infromation passed to caddy-wrapper comes also from the network it has to be templated using jinja2 in order to dump variables correctly.
8182a586 · Łukasz Nowak · 678a7e47 · 8182a586 · 8182a586 · 8182a586
Commit 8182a586 authored May 30, 2018 by Łukasz Nowak
6 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e

 [template-apache-frontend]
 filename = instance-apache-frontend.cfg
-md5sum = 0f9d764e1c4c5e345cdb90390c9d90b6
+md5sum = e9e6417eda276a48badfdddc9f01f522

 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -27,7 +27,7 @@ md5sum = 9e76028df7e93d3e32982884d5dc0913

 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 3e7350f9f27cddc63ee9711b548790fa
+md5sum = 1867c268830af61bcc245d0c88b634fb

 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -43,7 +43,7 @@ md5sum = edfdd21d712f4ba4c2e1fcb9ea096554

 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 3e7350f9f27cddc63ee9711b548790fa
+md5sum = 1867c268830af61bcc245d0c88b634fb

 [template-not-found-html]
 filename = templates/notfound.html
@@ -55,7 +55,7 @@ md5sum = 88a31d5a26c26408443fa5c2550ff8ac

 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 831d2eb5a0489b340dcf244025e579b0
+md5sum = bb80ef5a195b841a071c7104544ae776

 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
@@ -73,6 +73,10 @@ md5sum = c2314c3a9c3412a38d14b312d3df83c1
 filename = templates/wrapper.in
 md5sum = 8cde04bfd0c0e9bd56744b988275cfd8

+[template-caddy-wrapper]
+filename = templates/caddy-wrapper.in
+md5sum = c5816275757124613920078b6bec1caf
+
 [template-trafficserver-records-config]
 filename = templates/trafficserver/records.config.jinja2
 md5sum = 84baef0a49c9a65e8f2d2ffdb8c1d39c

--- a/software/caddy-frontend/common.cfg
+++ b/software/caddy-frontend/common.cfg
@@ -100,6 +100,12 @@ filename = template-log-access.conf.in
 <=download-template
 filename = empty.in

+[template-caddy-wrapper]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/templates/caddy-wrapper.in
+output = ${buildout:directory}/template-caddy-wrapper.cfg
+mode = 0644
+
 [template-wrapper]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/templates/wrapper.in

--- a/software/caddy-frontend/instance-apache-frontend.cfg
+++ b/software/caddy-frontend/instance-apache-frontend.cfg
@@ -212,6 +212,8 @@ extra-context =
    key login_ca_crt ca-custom-frontend:rendered
    raw sixtunnel_executable ${6tunnel:location}/bin/6tunnel
    raw service_directory $${directory:service}
+    key enable_http2_by_default instance-parameter:configuration.enable-http2-by-default
+
 [dynamic-virtualhost-template-slave]
 <= jinja2-template-base
 template = ${template-slave-configuration:target}
@@ -250,24 +252,19 @@ extra-context =
    section frontend_configuration frontend-configuration

 [caddy-wrapper]
-recipe = slapos.cookbook:wrapper
-command-line = ${caddy:output}
-  -conf $${dynamic-apache-frontend-template:rendered}
-  -root $${caddy-directory:document-root}
-  -host $${instance-parameter:configuration.domain}
-  -http-port $${instance-parameter:configuration.plain_http_port}
-  -https-port $${instance-parameter:configuration.port}
-  -log $${apache-configuration:error-log}
-  -http2=$${instance-parameter:configuration.enable-http2-by-default}
-  -grace $${instance-parameter:configuration.mpm-graceful-shutdown-timeout}s
-  -pidfile $${apache-configuration:pid-file}
-  -disable-http-challenge
-  -disable-tls-sni-challenge
-wrapper-path = $${directory:bin}/caddy-wrapper
+< = jinja2-template-base
+template = ${template-caddy-wrapper:output}
+rendered = $${directory:bin}/caddy-wrapper
+mode = 0700
+extra-context =
+    raw caddy ${caddy:output}
+    key conf dynamic-apache-frontend-template:rendered
+    key log apache-configuration:error-log
+    key grace instance-parameter:configuration.mpm-graceful-shutdown-timeout

 [apache-frontend]
 recipe = slapos.cookbook:wrapper
-command-line = $${caddy-wrapper:wrapper-path}
+command-line = $${caddy-wrapper:rendered} -pidfile $${caddy-configuration:pid-file}
 wrapper-path = $${directory:service}/frontend_caddy
 wait-for-files =
 	       $${ca-frontend:cert-file}
@@ -297,7 +294,7 @@ error-log = $${directory:log}/frontend-apache-error.log
 pid-file = $${directory:run}/httpd.pid
 protected-path = /
 access-control-string = none
-frontend-configuration-verification = $${caddy-wrapper:wrapper-path} -validate > /dev/null
+frontend-configuration-verification = $${caddy-wrapper:rendered} -validate > /dev/null
 frontend-graceful-command = $${:frontend-configuration-verification}; if [ $? -eq 0 ]; then kill -USR1 $(cat $${:pid-file}); fi

 # Comunication with ats
@@ -308,7 +305,7 @@ ssl-cache-through-port = 26012
 # Create wrapper for "apachectl conftest" in bin
 [configtest]
 recipe = slapos.cookbook:wrapper
-command-line = $${caddy-wrapper:wrapper-path} -validate
+command-line = $${caddy-wrapper:rendered} -validate
 wrapper-path = $${directory:bin}/caddy-configtest

 [certificate-authority]
@@ -696,19 +693,20 @@ curl_path = ${curl:location}/bin/curl
 #######################
 # Nginx
 #
+[nginx-wrapper]
+< = jinja2-template-base
+template = ${template-caddy-wrapper:output}
+rendered = $${directory:bin}/nginx-wrapper
+mode = 0700
+extra-context =
+    raw caddy ${caddy:output}
+    key conf nginx-configuration:output
+    key log nginx-configuration:error_log
+    key grace instance-parameter:configuration.mpm-graceful-shutdown-timeout
+
 [nginx-frontend]
 recipe = slapos.cookbook:wrapper
-command-line = ${caddy:output}
-  -conf $${nginx-configuration:output}
-  -host $${instance-parameter:configuration.domain}
-  -root $${caddy-directory:document-root}
-  -http-port $${nginx-configuration:plain_port}
-  -https-port $${nginx-configuration:port}
-  -log $${nginx-configuration:error_log}
-  -http2=$${instance-parameter:configuration.enable-http2-by-default}
-  -pidfile $${nginx-configuration:pid-file}
-  -disable-http-challenge
-  -disable-tls-sni-challenge
+command-line = $${nginx-wrapper:rendered} -pidfile $${nginx-configuration:pid-file}
 wrapper-path = $${directory:service}/frontend_nginx

 [nginx-configuration]
@@ -727,7 +725,7 @@ worker_connections = 1024
 slave-configuration-directory = $${caddy-directory:nginx-slave-configuration}
 pid-file = $${directory:run}/nginx.pid 
 nginx-graceful-command = $${:nginx-configuration-verification}; if [ $? -eq 0 ]; then kill -HUP $(cat $${:pid-file}); fi
-nginx-configuration-verification = $${nginx-frontend:wrapper-path} -validate
+nginx-configuration-verification = $${nginx-wrapper:rendered} -validate
 ssl_certificate = $${ca-frontend:cert-file}
 ssl_key = $${ca-frontend:key-file}


--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -161,6 +161,7 @@ value = {{ dumps(slave_instance.get(cert_name)) }}
 {%-   do slave_instance.__setitem__('login_certificate', login_certificate) %}
 {%-   do slave_instance.__setitem__('login_key', login_key) %}
 {%-   do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %}
+{%-   do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
 {%-   do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %}
 {%-   do slave_parameter_dict.__setitem__('ssl_key', login_key) %}
 {%   if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%}

--- a/software/caddy-frontend/templates/caddy-wrapper.in
+++ b/software/caddy-frontend/templates/caddy-wrapper.in
+#!${dash-output:dash}
+
+exec {{ caddy }} \
+  -conf {{ conf }} \
+  -log {{ log }} \
+  -http2=true \
+  -grace {{ grace }}s \
+  -disable-http-challenge \
+  -disable-tls-sni-challenge \
+  "$@"
--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
@@ -3,7 +3,7 @@
 {%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
 {%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
 {%- set server_alias_list =  slave_parameter.get('server-alias', '').split() -%}
-{%- set enable_h2 = ('' ~ slave_parameter.get('enable-http2', 'true')).lower() in TRUE_VALUES -%}
+{%- set enable_h2 = ('' ~ slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default'])).lower() in TRUE_VALUES -%}
 {%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
 {%- set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() -%}
 {%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}